The Cookie Consent Manager
WordPress actually deserved.
Truss Consent Manager is a full consent management platform for WordPress and WooCommerce — cookie banner, script blocking, cookie scanner, and Google Consent Mode v2, all in one plugin.
Every WordPress site has cookies.
Most sites have zero control over them.
Cookie banners without a real consent manager behind them are cosmetic. Cookies set before consent is given, scripts firing regardless of cookie preferences, no audit trail — these are active compliance failures, not minor oversights.
Most “cookie banner” plugins show a banner but do nothing to stop cookies from being set immediately on page load. Analytics cookies, marketing cookies, tracking cookies — all fired before the visitor has clicked anything. That’s not a consent manager. That’s a warning sticker.
Every plugin you install can add cookies to your site. Google Analytics cookies, Meta Pixel cookies, Hotjar cookies, WooCommerce session cookies — you probably have more than you think. GDPR requires you to disclose every single one. A consent manager that can’t scan for cookies is half-built.
Google requires consent signals before its scripts process personal data. Without Google Consent Mode v2, your Google Analytics 4 and Google Ads data is incomplete, unreliable, and potentially non-compliant. Most basic cookie plugins don’t implement this at all.
GDPR requires you to prove that a specific visitor gave consent at a specific time. A cookie banner that just shows a popup and stores nothing is not a compliant consent management solution. Real consent management means logging decisions with timestamps and consent IDs.
WooCommerce relies on session cookies and functional cookies that must never be blocked. Aggressive cookie blocking plugins that don’t understand the difference between a tracking cookie and a WooCommerce cart cookie will break your checkout. You need a consent manager that knows the difference.
CookieYes Pro, CookieFirst, Cookiebot — all of these are SaaS platforms that charge monthly subscription fees for features a WordPress plugin can deliver natively. Cookie scanning, cookie categorisation, consent logging, Google Consent Mode — all of this is available free in Truss Consent Manager.
Not just a cookie banner.
A full consent management platform.
type="text/plain" before cookies are set. Reactivates after consent.
Every piece of the consent management puzzle.
The cookie banner that
actually blocks cookies.
Three cookie banner layouts to match your site design — a full-width Cookie Bar pinned to the bottom, a compact Card in the corner, or a centred Floating Box. Each layout supports both a simple accept/decline cookie consent flow and a granular per-category cookie preference interface.
- Cookie Bar, Card, and Floating Box layouts with full colour customisation
- Simple mode: one-click Accept All or Decline All cookie consent
- Granular mode: per-category cookie consent toggles for Analytics, Marketing, and Functional cookies
- Smart toggle visibility — only shows cookie categories where trackers were actually detected
- Cookie consent stored in a first-party browser cookie — no external data transfer
- Cookie expiry fully configurable (default 365 days)
wpcm_consent cookie stores visitor preferences as a JSON object. No cookie consent data is ever sent to an external server by this plugin.
wpcm_consent = {
“necessary”: true,
“analytics”: true,
“marketing”: false,
“functional”: true
}
// Event fired on cookie consent change
window.dispatchEvent(
new CustomEvent(
‘wptrussConsentUpdated’,
{ detail: consent }
)
);
✓ No cookies set before consent
✓ First-party cookie storage only
Find every cookie your
site actually sets.
The scanner uses a two-phase output buffering approach to capture real frontend HTML — the same output your visitors see — and matches it against 15 tracker and cookie signatures. It detects cookies set by analytics tools, marketing pixels, session management systems, and functional services.
- Captures real frontend output via
wp_headandwp_footerhooks — not an HTTP fetch that misses inline cookies - Detects analytics cookies: GA4 cookies, Google Site Kit, Hotjar, Matomo, Mixpanel, Microsoft Clarity
- Detects marketing cookies: Meta Pixel cookies, TikTok Pixel, LinkedIn Insight, Pinterest Tag, Snap Pixel
- Detects functional cookies: WooCommerce session cookies, cart cookies, checkout cookies
- Approve, ignore, or reset each detected cookie or script from the admin UI
- Results cached in database — cookie inventory persists between admin sessions
| Cookie / Script | Category | Status |
|---|---|---|
| Google Analytics (GA4) | Analytics | Detected |
| Google Tag Manager | Analytics | Approved |
| Meta Pixel | Marketing | Detected |
| TikTok Pixel | Marketing | Detected |
| Microsoft Clarity | Analytics | Approved |
| WooCommerce | Functional | Approved |
| Hotjar | Analytics | Detected |
No cookies loaded
before consent. Full stop.
The Script Blocking Engine intercepts WordPress’s script_loader_tag filter and rewrites tracked script tags to type="text/plain" before they reach the browser. Browsers ignore these tags completely — no cookies, no network requests, no tracking fires until the visitor gives cookie consent.
- Rewrites analytics and marketing script tags server-side — zero client-side flicker
- After cookie consent is given, blocked scripts are reactivated automatically via JS
- Return visitors: checks the
wpcm_consentcookie server-side and skips blocking for already-consented categories - WooCommerce functional cookies are never blocked — cart and checkout always work
- Developer API:
wpcm_register_script($handle, $category)for custom integrations - Auto-detection matches scanner results — no manual script registration required
<script
type=“text/plain”
data-wpcm-blocked=“1”
data-wpcm-category=“analytics”
src=“gtag.js”
></script>
// After cookie consent → reactivated
<script
type=“text/javascript”
src=“gtag.js”
></script>
✓ Zero cookies before consent
✓ WooCommerce cookies unaffected
Google compliance,
automatic.
Google Consent Mode v2 is required for any site using Google Analytics 4, Google Ads, or Google Tag Manager. The plugin injects a fully denied default consent state before any Google scripts load, then updates all six consent signals the moment a visitor interacts with the cookie consent banner.
- Default denied state injected at
wp_headpriority 1 — before any Google cookie fires - Consent update listener fires on the
wptrussConsentUpdatedevent - Works with GA4, Google Ads, and Google Tag Manager automatically — no GTM config needed
- Return visitor handling: reads the
wpcm_consentcookie on DOMContentLoaded and reapplies signals - Also sets
ads_data_redactionandurl_passthroughfor full compliance - Disabled by default for non-Google sites — enable with one checkbox in Settings → Advanced
Cookie laws by region.
One consent manager covers them all.
Cookie consent requirements vary by jurisdiction. Truss Consent Manager gives you the tools to handle cookie compliance across the major cookie laws — GDPR, ePrivacy, UK GDPR, and CCPA cookie opt-out requirements.
The EU General Data Protection Regulation requires opt-in cookie consent before any non-essential cookies are set. Script blocking enforces this at the server level.
The EU ePrivacy Directive specifically governs cookies and electronic tracking. Cookie categorisation and granular consent toggles meet ePrivacy requirements directly.
Post-Brexit UK GDPR mirrors EU cookie consent requirements. The consent manager handles both jurisdictions identically — UK visitors get full cookie consent management.
California’s CCPA requires disclosure of data collected via cookies and tracking technologies. The cookie scanner generates the inventory you need for compliant cookie disclosure.
Google’s own consent policy requires Consent Mode v2 signals for sites using Google products in the EU. Enabled by default, configured in one checkbox, works automatically.
Cookie consent defaults to denied. No cookies are set, no scripts fire, no tracking begins until the visitor actively grants cookie consent. This is GDPR’s privacy-by-default principle in practice.
How does Truss Consent Manager
compare to the alternatives?
15 cookies and trackers
detected automatically.
The scanner knows every major analytics cookie, every marketing cookie, and every functional cookie that a WordPress or WooCommerce site typically encounters.
What’s live. What’s coming.
Truss Consent Manager is being built into a full consent management platform. Each version adds consent management depth — from cookie logging to cookie policy generation to geo-targeted cookie rules.
Cookie banner, script scanner, script blocking engine, Google Consent Mode v2, granular cookie consent toggles, smart category visibility.
Server-side audit trail of every cookie consent decision. UUID consent IDs, hashed IP storage, policy versioning, and CSV export for GDPR accountability.
Full admin interface for managing detected cookies and scripts — change cookie categories, set manual blocking rules, and override scanner results per cookie.
Client-side cookie detection via document.cookie reporting. Matches against a known cookie dictionary of 50+ cookies from major analytics and marketing platforms.
Different cookie consent behaviour by region — full GDPR cookie consent for EU visitors, CCPA notice for US visitors, configurable behaviour for all other regions.
Auto-generate a cookie policy table from cookie scanner results. Drop a shortcode on your privacy page and get a formatted, categorised cookie inventory automatically.
Questions about cookie consent,
answered.
A cookie banner shows a popup. A consent manager controls what actually happens based on visitor choices. Truss Consent Manager blocks cookies and tracking scripts before consent is given, updates Google Consent Mode v2 signals automatically, and will log cookie consent decisions to a database for audit purposes. The cookie banner is the visible part. The consent management layer is everything happening underneath it.
Yes — if you enable Script Blocking in Settings → Advanced. The Script Blocking Engine rewrites tracked script tags server-side to type="text/plain". Browsers skip these tags entirely. No JavaScript runs, which means no cookies are set by those scripts until the visitor gives cookie consent and the scripts are reactivated.
Without script blocking enabled, the cookie banner is purely informational — cookies can still be set. We recommend enabling script blocking on all sites that need real GDPR cookie consent compliance.
WooCommerce scripts and cookies are categorised as Functional in the scanner. Functional cookies are never blocked by the Script Blocking Engine — they are always treated as necessary for site operation. Cart cookies, session cookies, checkout cookies, and payment processing scripts will always load regardless of the visitor’s cookie consent choices.
We do recommend testing on a staging site first, because third-party plugins sometimes use scripts categorised incorrectly. The admin UI makes it easy to reclassify any cookie or script before enabling blocking on production.
CookieYes and Cookiebot are SaaS consent managers that store cookie consent records on their own servers and charge monthly subscription fees. Truss Consent Manager is a self-hosted WordPress plugin — cookie consent decisions, scanner results, and all plugin data stay in your own database.
CookieYes Pro starts at €11/month per site. CookieFirst starts at €19/month. Truss Consent Manager is free. The cookie scanning, script blocking, Google Consent Mode v2, and cookie categorisation features are all available without paying a recurring SaaS fee.
The current scanner (v1.1) detects 15 known tracker signatures by scanning the real frontend HTML output of your site. It captures Google Analytics cookies, Meta Pixel cookies, TikTok cookies, Hotjar cookies, Microsoft Clarity cookies, Matomo cookies, WooCommerce cookies, and more.
The upcoming Cookie Scanner (v1.9) will add client-side cookie detection — reading document.cookie directly from the visitor’s browser and matching against a dictionary of 50+ known cookies. This will catch cookies set by scripts the server-side scanner might miss.
The plugin provides the technical infrastructure for cookie consent management — a consent banner, script and cookie blocking, Google Consent Mode v2, and (in v1.6) a consent audit trail. These are the technical tools GDPR requires you to have in place.
Legal compliance also depends on your privacy policy, how you’ve categorised your cookies, whether your cookie disclosure is accurate, and your specific business situation. We recommend consulting a legal professional for advice specific to your organisation — the plugin handles the technical side, not the legal interpretation.
On every page load, the Script Blocking Engine checks the wpcm_consent cookie server-side. If a visitor already gave cookie consent for analytics cookies in a previous session, analytics scripts are allowed to load immediately without going through the blocking filter. The banner does not reappear until the cookie expires (default 365 days).
Google Consent Mode v2 also reads the stored cookie consent on DOMContentLoaded and reapplies the correct consent signals to Google’s dataLayer — so GA4 and Google Ads get accurate consent state on every page load, not just when the banner is shown.