Docsβ€ΊGetting Started
Introduction

Welcome to CookiEzu

The lightweight, GDPR-compliant cookie consent plugin for WordPress. Open source, free forever, and beautiful by default. Now at v1.3.0 with consent analytics, live design preview, and full WCAG 2.1 AA accessibility.

CookiEzu gives your WordPress site a fully compliant cookie consent experience. When a visitor lands on your site, a customisable banner appears asking for their consent before any non-essential cookies are loaded. Their choice is remembered, logged, and respected on every future visit.

βœ…
GDPR, CCPA & PDPA ReadyCookiEzu is built to satisfy the consent requirements of major privacy laws including EU GDPR, California CCPA, and Southeast Asian PDPA frameworks.

What CookiEzu Does

🎨
Beautiful Banners
3 layouts (Bar, Box, Modal) Γ— 4 positions Γ— 3 themes. Looks great on any site. Live preview in the admin.
βœ…
Granular Consent
Visitors choose exactly which cookie categories they accept β€” Necessary, Analytics, Marketing, Functional.
πŸ“Š
Consent Analytics
Donut charts, category acceptance bars, 30-day trend, and country breakdown β€” all inside WordPress admin.
β™Ώ
WCAG 2.1 AA
Focus trap, Escape key dismiss, proper ARIA, keyboard rings, focus return β€” fully accessible out of the box.
⚑
Zero Dependencies
No jQuery, no frameworks. Pure vanilla JS under 4KB. Won't slow your site down.
πŸ”“
GPL v2 Open Source
Fork it, modify it, ship it. No subscriptions, no premium tiers, free forever.

Requirements

RequirementMinimumRecommended
WordPress5.56.4+
PHP7.48.2+
MySQL5.68.0+
BrowserAny modern browserChrome, Firefox, Safari, Edge
πŸ†•
New in v1.3.0: PHP 7.4+ now required for mb_chr() used in flag emoji rendering for the country analytics. PHP 8.x strongly recommended.
Docsβ€ΊInstallation
Installation

Installing CookiEzu

Get the plugin installed on your WordPress site in under 2 minutes.

πŸ†•
Latest: v1.3.0 β€” Includes consent analytics dashboard, live design preview, dark mode fix, country tracking, and WCAG 2.1 accessibility. If you're on an older version, follow the upgrade steps below.

Method 1 β€” Upload via WordPress Admin

Download the plugin ZIP
Go to github.com/flyzal/CookiEzu, click Releases, and download cookiezu-v1.3.0.zip.
Go to Plugins β†’ Add New
In your WordPress admin, navigate to Plugins β†’ Add New Plugin.
Upload and install
Click Upload Plugin, choose your ZIP, click Install Now.
Activate
Click Activate Plugin. CookiEzu creates its database table (including the new country_code column) automatically.
Done!
A CookiEzu menu item will appear in your sidebar. Click it to configure your banner β€” the Design tab shows a live preview instantly.

Upgrading from any older version

⚠️
Always deactivate and delete before re-uploading. Caching plugins and some hosting environments will keep old JS/CSS files on disk. Delete first to guarantee a clean slate β€” your settings and consent log are stored in the database and are never deleted when you remove the plugin files.
Deactivate the old version
Plugins β†’ Installed Plugins β†’ CookiEzu β†’ Deactivate.
Delete the old version
Click Delete on the CookiEzu row. Settings, consent log, and all database records are preserved.
Upload and activate v1.3.0
Follow Method 1 above. On first load, the DB migration runs automatically β€” the country_code column is added to your existing consent table if it doesn't exist.
Clear all caches
Clear your WordPress caching plugin, CDN, and hosting cache. Then verify in incognito.

Method 2 β€” FTP / Manual

Extract the ZIP
Unzip cookiezu-v1.3.0.zip β€” you'll get a cookiezu_v121/ folder.
Upload via FTP
Upload the folder to /wp-content/plugins/ as cookiezu/.
Activate in WordPress
Plugins β†’ Installed Plugins β†’ CookiEzu β†’ Activate.
Docsβ€ΊQuick Setup
Quick Setup

Configure your banner

A 5-minute walkthrough of the most important settings to get your banner live and compliant.

Step 1 β€” Set your banner text

Go to CookiEzu β†’ Settings β†’ Content tab. Update the Banner Title and Banner Message to reflect your site's brand and what you actually do with cookies.

πŸ’‘
Good message example: "We use cookies to improve your experience, analyse traffic, and serve personalised content. You can choose which categories to accept."

Step 2 β€” Add your Privacy Policy link

Still on the Content tab, paste your Privacy Policy page URL into the Privacy Policy URL field. This is required under GDPR β€” visitors must be able to read your full policy from the banner.

Step 3 β€” Choose your layout with live preview

Go to the Design tab. On the right side of the screen you'll see a sticky Live Preview panel β€” a scaled browser mockup that updates in real time as you change any setting. Pick your Layout (Bar, Box, or Modal), Position, and Theme. The preview reflects your changes instantly without saving.

πŸ‘οΈ
New in v1.3.0: The live preview panel also pulls your banner title and button text from the Content tab, so what you see in the preview is exactly what visitors will see.

Step 4 β€” Enable the categories you use

Go to the Categories tab. Only enable the categories that match cookies your site actually loads. If you don't use Facebook Pixel, don't show a Marketing toggle.

Step 5 β€” Enable consent recording

Go to the Advanced tab and tick Record Consent. This builds your GDPR audit trail in CookiEzu β†’ Consent Log β€” and now automatically captures visitor country (2-letter code only) for the analytics dashboard.

Step 6 β€” Save and test

Click Save Settings. Then open your website in a private/incognito window to see the banner as a first-time visitor would. Try accepting all, then clearing the cookiezu_consent cookie and trying the Customize flow too.

πŸ”§
Test Mode (new in v1.2.0): Go to Advanced β†’ Test Mode and enable it. The banner will always show for logged-in admins even after consenting β€” no cookie clearing needed. A πŸ”§ badge appears to remind you it's a preview.
Docsβ€ΊWhat's New
Changelog

v1.3.0 β€” GCC & Brunei Compliance Pack

Released March 2026. Arabic + RTL layout, Bahasa Melayu, Policy Version re-consent trigger, Extended Disclosure, Data Processing Location, compliance tier badges, and smart admin notices for Brunei PDPO 2025 and GCC PDPL.

Changes in v1.3.0

Arabic language + full RTL layout New Feature
Selecting Arabic in Content β†’ Banner Language applies right-to-left layout automatically β€” flipped flex directions, text alignment, category header, pref actions, and cookie table. A .cookiezu-rtl class is added to the banner root via PHP; CSS handles everything else. No JS logic change required. Covers Saudi Arabia, UAE, Qatar, Bahrain, Oman, and Kuwait.
Bahasa Melayu (Malay) language New Feature
Full Malay translation added as languages/ms.php. Covers Brunei Darussalam and Malaysia. Latin script, LTR, no layout changes. The plugin was built in Brunei β€” Malay support is a natural first-party addition.
Policy Version re-consent trigger New Feature
A Policy Version field in Advanced settings (default: 1). The value is stored in the consent cookie as policyVersion and recorded in the consent log. On page load, if the saved cookie's policyVersion doesn't match the current setting, the old cookie is cleared and the banner is shown again β€” forcing re-consent. Directly satisfies GDPR Article 7, Saudi PDPL, and Brunei PDPO 2025 requirements when data processing purpose or policy changes.
Extended Disclosure field New Feature
An optional textarea in Content β†’ Language & Localisation. If filled, a styled block appears below the main banner message β€” visually distinct with an amber left border. Intended for legal-grade disclosure statements required by PDPL (Saudi) and PDPO (Brunei): explicit statement of data collection purpose, categories, and third-party sharing.
Data Processing Location field New Feature
A text field in Advanced. If set, the banner appends: "Your data is processed and stored on servers located in [value]." Addresses data localisation disclosure expectations in Saudi PDPL, Brunei PDPO, and Oman's law. Leave blank to hide.
Compliance tier badges in country analytics Improvement
The country breakdown table in the Consent Log now shows a small colour-coded badge next to each country: GDPR (blue), PDPL/GCC (purple), PDPA (green), PDPO/BN (amber), Regulated (sky), or β€” for unclassified. Powered by a hardcoded lookup table of 50+ country codes in CookiEzu::$compliance_tiers.
Smart admin compliance notices Improvement
Automatic yellow notices appear in the WordPress admin (on CookiEzu pages only) when BN or GCC country codes appear in the consent log and Data Processing Location is not yet configured. Two notices: one for Brunei PDPO, one for GCC PDPL. Each links directly to the relevant settings tab. Dismissed per session like standard WP notices.
DB migration: policy_version column Migration
The consent log table gains a policy_version VARCHAR(20) NOT NULL DEFAULT '1' column on first load after upgrade, via ALTER TABLE in the installer. Existing records default to 1. No manual SQL required.

Changes in v1.2.1 β€” Metrics & UX Polish

Dark mode: checked categories now readable Bug Fix
When a visitor toggled a category on in dark mode, the card background snapped to --cz-cookie-pale (#FDF3E3 β€” warm cream) but the text remained near-white (#FEFCF8). The fix adds --cz-cookie-pale: rgba(193,123,47,0.18) to the dark theme token override so checked categories use a dark amber tint instead of the light cream.
Consent analytics dashboard New Feature
The Consent Log page now shows a full metrics dashboard: four stat cards (Total, Accept All %, Necessary Only %, Custom %) each with SVG donut charts; horizontal acceptance bars per category; a 30-day consent trend bar chart; and a top-countries table with flag emojis, bars, and counts.
Visitor country tracking New Feature
A country_code VARCHAR(2) column is added to the consent log. Detection: Cloudflare CF-IPCountry header β†’ geoplugin.net API (24h cache) β†’ empty string fallback. Only the 2-letter ISO code is stored β€” GDPR minimal data principle.
Live banner preview in Design tab New Feature
The Design tab is now a two-column layout. The right column shows a sticky preview panel with a scaled browser mockup that re-renders in real time as you change layout, theme, colours, and text. No saving required.

Changes in v1.2.0 β€” Polish & Accessibility

Modal focus trap Accessibility
Keyboard Tab/Shift+Tab now wraps within the visible banner elements only. Previously, Tab would move focus behind the modal overlay onto page content β€” a failure of WCAG 2.1 Β§2.1.1.
Escape key closes banner Accessibility
Pressing Esc accepts Necessary Only and dismisses the banner. Configurable via Advanced β†’ Keyboard Settings. Enabled by default.
Test Mode & configurable re-open position New Feature
Test Mode forces the banner to always show for logged-in admins (with a πŸ”§ badge). Re-open button position now configurable: bottom-left or bottom-right.

Previous Releases

VersionDateSummary
1.3.0Mar 2026Arabic RTL, Malay, Policy Version, Extended Disclosure, Data Location, compliance badges, admin notices
1.2.1Feb 2026Consent analytics dashboard, country tracking, live preview, dark mode fix
1.2.0Feb 2026WCAG 2.1 AA accessibility, focus trap, Escape key, test mode, no-flicker init
1.1.0Feb 2026Modal dismiss fix, JS engine rewrite
1.0.0Jan 2026Initial release β€” Bar/Box/Modal, GA4, GTM, consent log, 3 themes
Docsβ€ΊFeaturesβ€ΊCookie Categories
Feature

Cookie Categories

Let visitors choose exactly which cookies they consent to. Granular control is a core GDPR requirement.

CategoryAlways On?ExamplesUse When
Necessaryβœ“ YesLogin session, shopping cart, CSRF tokenAlways β€” cannot be disabled
AnalyticsNoGoogle Analytics, Matomo, PlausibleYou track page views or user behaviour
MarketingNoFacebook Pixel, Google Ads, TikTok PixelYou run paid ads or remarketing
FunctionalNoIntercom, Google Maps, YouTube embedsYou use live chat, maps, or embedded media
⚠️
Only enable categories you actually use. Showing a Marketing toggle when you don't use any marketing cookies is misleading and damages visitor trust.

Cookie Details Table

Enable Show Cookie Table in Categories settings to display the specific cookies, their provider, and expiry inside each category. This provides the detailed disclosure required by stricter GDPR interpretations.

Docsβ€ΊFeaturesβ€ΊThemes & Colours
Feature

Themes & Colours

Make your banner match your brand β€” from built-in presets to full custom colour control. Dark mode fully fixed in v1.3.0.

ThemeBackgroundBest For
LightWarm white / cream (#FEFCF8)Light-coloured websites, blogs, editorial sites
DarkDeep ink (#1A1208)Dark-mode websites, tech sites, portfolios
CustomYou chooseAny site where you want exact brand colour matching
πŸ›
Dark mode fix in v1.3.0: Previously, toggling a cookie category on in dark mode made that card's background switch to a pale cream colour (#FDF3E3), making the near-white text unreadable. Fixed by overriding --cz-cookie-pale to rgba(193,123,47,0.18) within the dark theme token set, and adding a specific dark-mode override rule for checked category cards.

Custom Colour Settings

When you select the Custom theme, three colour pickers appear:

SettingAffects
Primary ColorAccept All button, toggle switch active state, links
Text ColorAll text inside the banner and preference panel
Background ColorBanner background, category cards

Border Radius

The Border Radius setting (0–50px) applies to buttons and the Box/Modal layout container. Set to 0 for sharp corners, or 50 for fully rounded pill-shaped buttons. The Live Preview updates this in real time.

Docsβ€ΊFeaturesβ€ΊLive Preview
New in v1.3.0

Live Design Preview

See exactly how your banner will look β€” before saving β€” with a real-time preview that updates as you change settings.

✨
New in v1.3.0 β€” The Design tab now shows a sticky preview panel on the right side of the page that re-renders instantly as you change any design setting.

How It Works

The Design tab is now a two-column layout. On the left: your settings (Layout, Position, Theme, colours, border radius). On the right: a sticky preview panel showing a scaled browser window mockup containing a fake page and your live banner. No page reload, no saving β€” every change is reflected immediately.

What the Preview Shows

SettingReflected in Preview
Layout (Bar / Box / Modal)Full layout change with correct positioning
PositionBox snaps to bottom-left/right; Bar snaps to top/bottom
Theme (Light / Dark / Custom)Background, text, and button colours
Custom coloursUpdates as you pick colours (50ms delay for smooth UX)
Border radiusButtons and container shape update live
Banner titlePulled from Content tab β†’ Banner Title field
Button labelsPulled from Content tab β†’ Accept All / Necessary / Customize fields
ℹ️
The preview is an approximation. It uses a scaled-down proportional rendering β€” spacing and font sizes appear smaller than on the real site. The layout, colour, and shape are accurate; exact pixel-perfect spacing is not guaranteed in the preview.

Responsive Behaviour

On screens narrower than 1100px, the two-column design collapses to a single column with the settings on top and the preview below. The preview panel is still sticky on wider viewports to keep it visible as you scroll through the settings.

Docsβ€ΊFeaturesβ€ΊAccessibility
New in v1.2.0

WCAG 2.1 Accessibility

CookiEzu v1.2.0 reached full WCAG 2.1 AA compliance. Here's what was implemented and why it matters.

FeatureWCAG CriterionHow it Works
Focus trap2.1.1 KeyboardTab/Shift+Tab wraps within visible banner elements only. Page content behind the modal is unreachable by keyboard while the banner is open.
Escape key dismiss2.1 Keyboard accessiblePressing Esc accepts Necessary Only and closes the banner β€” the standard keyboard dialog dismissal pattern. Configurable in Advanced.
Focus return2.4.3 Focus OrderAfter accepting/declining, keyboard focus moves to the πŸͺ re-open button via requestAnimationFrame(). Focus is never lost or sent to the top of the page.
Proper ARIA1.3.1 Info and RelationshipsBanner uses role="dialog" with aria-labelledby and aria-describedby pointing at the actual title and message text. Screen readers announce meaningful content.
Keyboard focus rings2.4.7 Focus Visible3px amber outline on buttons (:focus-visible) and 3px outline on toggle switches (:focus-within) make keyboard navigation clearly visible.
Screen reader announcement4.1.3 Status MessagesWhen "Customize" is clicked, the preferences panel gets aria-live="polite" and focus moves to the section heading so screen reader users know new content appeared.

Configuring Accessibility Features

All accessibility features are on by default. Some can be toggled in CookiEzu β†’ Settings β†’ Advanced β†’ Keyboard Settings:

SettingDefaultRecommendation
Allow Esc key to dismiss the bannerβœ“ OnKeep enabled β€” required for WCAG 2.1 keyboard compliance
Re-open Button PositionBottom LeftChoose Bottom Right if you have a chat widget on the left
⚠️
Don't disable the Escape key setting unless you have a specific reason. Some accessibility regulations (notably WCAG 2.1 Β§2.1) require that dialogs be dismissible via keyboard. Disabling this may cause a compliance failure for keyboard-only users.
Docsβ€ΊFeaturesβ€ΊTest Mode
New in v1.2.0

Test Mode

Preview your banner design and functionality without clearing your consent cookie every time.

What It Does

When Test Mode is enabled in Advanced settings, the banner always shows for logged-in WordPress administrators β€” even if they already have a valid consent cookie. This lets you preview design changes, test category toggles, and verify the Customize flow without clearing browser cookies each time.

πŸ”§
A floating "πŸ”§ TEST MODE β€” Admins only" badge appears in the bottom-right corner of the screen when Test Mode is active so you always know you're in preview mode. Normal visitors see neither the test badge nor any difference in banner behaviour.

Important Notes

BehaviourIn Test Mode
Banner shows toLogged-in admins only (always)
Consent recordedNo β€” test mode clicks are not recorded to the consent log
Visitors seeNormal behaviour β€” unaffected by test mode
Badge visible to visitorsNo β€” badge is CSS-hidden for non-admins via PHP
⚠️
Remember to turn Test Mode off before going live or presenting the site to a client. The banner always showing for you can mask whether the real banner trigger is working correctly for actual visitors.
Docsβ€ΊFeaturesβ€ΊArabic & Malay
New in v1.3.0

Arabic & Malay Languages

Native language support for GCC countries (Arabic, RTL) and Brunei Darussalam / Malaysia (Bahasa Melayu, LTR). Select your language in Content settings β€” everything else applies automatically.

How to Set the Banner Language

Go to CookiEzu β†’ Settings β†’ Content β†’ Language & Localisation. Select from the dropdown:

OptionScriptDirectionCovers
πŸ‡¬πŸ‡§ English (default)LatinLTRGlobal default
πŸ‡ΈπŸ‡¦ Arabic β€” Ψ§Ω„ΨΉΨ±Ψ¨ΩŠΨ©ArabicRTL (auto)Saudi Arabia, UAE, Qatar, Bahrain, Oman, Kuwait
πŸ‡§πŸ‡³ Malay β€” Bahasa MelayuLatinLTRBrunei Darussalam, Malaysia

Arabic RTL β€” What Happens Automatically

When Arabic is selected, a cookiezu-rtl class and dir="rtl" attribute are added to the banner root element by PHP β€” before the browser renders it. The following are applied by CSS with no JavaScript logic required:

ElementRTL Change
Banner textdirection: rtl; text-align: right
Bar layoutFlex row reversed so buttons appear on the left
Category headersFlex row reversed β€” toggle appears on the left
Preference action buttonsFlex row reversed
Extended Disclosure borderMoved from left to right
Cookie table cellstext-align: right
Re-open buttonMoved to bottom-right (JS override)
Font fallbackSegoe UI, Tahoma, Arial β€” better Arabic rendering
πŸ’‘
Admin text fields still accept Arabic input. You can type Arabic directly into the Banner Title, Banner Message, and button text fields to override the default translated strings with your own wording.

Language Files

Translations live in the languages/ folder as simple PHP arrays:

FileLanguageNotes
languages/en.phpEnglishBaseline β€” all keys defined here
languages/ar.phpArabicRTL, GCC coverage
languages/ms.phpBahasa MelayuBrunei PDPO 2025 & Malaysia PDPA

Missing keys fall back to English automatically. To contribute a new language, copy en.php, translate the values, and submit a pull request on GitHub.

Docsβ€ΊFeaturesβ€ΊPolicy Version
New in v1.3.0

Policy Version Re-consent Trigger

Force all existing visitors to re-consent when your Privacy Policy or data processing changes β€” a legal requirement under GDPR, Saudi PDPL, and Brunei PDPO 2025.

How It Works

The Policy Version field (in Advanced settings, default: 1) is stored in each visitor's consent cookie as policyVersion and recorded in the consent log. On every page load, CookiEzu compares the cookie's stored version with the current setting. If they don't match, the old cookie is cleared and the banner is shown again.

πŸ”
To trigger re-consent for all visitors: change the Policy Version value (e.g. from 1 to 2) and save settings. Every visitor β€” including those who already consented β€” will see the banner again on their next page load. Consent is not recorded until they make a new choice.

When to Bump the Version

ScenarioActionRequired by
Added a new cookie category (e.g. marketing was off, now on)Bump versionGDPR, PDPL, PDPO
Changed your Privacy Policy's data processing purposeBump versionGDPR Art. 7, PDPO Β§12
Added a new third-party data processorBump versionGDPR, PDPL
Changed your data retention periodBump versionGDPR
Minor wording change with no impact on processingNo change neededβ€”

Consent Log

Each consent record stores the policy_version value at the time of consent. This gives you a full audit trail β€” you can see exactly which version of the policy each visitor consented to. The column was added in v1.3.0 via automatic DB migration; records from before the upgrade default to 1.

⚠️
Do not reuse old version numbers. If you bump from 1 to 2 and later revert to 1, visitors who previously consented to version 1 will not see the banner again. Always increment forward.
Docsβ€ΊFeaturesβ€ΊGCC & BN Compliance
New in v1.3.0

GCC & Brunei Compliance

CookiEzu v1.3.0 adds native support for Saudi PDPL, Brunei PDPO 2025, and related GCC data protection laws β€” the first free WordPress consent plugin to do so.

Applicable Laws

CountryLawIn ForceCookiEzu Coverage
πŸ‡§πŸ‡³ BruneiPDPO 2025Jan 2026 (enforcement)Malay language, Policy Version, Extended Disclosure, Data Location, admin notice
πŸ‡ΈπŸ‡¦ Saudi ArabiaPDPLSept 2024Arabic + RTL, Extended Disclosure, Data Location, compliance badge, admin notice
πŸ‡¦πŸ‡ͺ UAEFederal DPL No.45/2021Jan 2022Arabic + RTL, compliance badge
πŸ‡ΆπŸ‡¦ QatarPersonal Data Privacy Law2016Arabic + RTL, compliance badge
πŸ‡§πŸ‡­ BahrainPDPL No.30/2018Aug 2019Arabic + RTL, compliance badge
πŸ‡΄πŸ‡² OmanPersonal Data Protection LawFeb 2026Arabic + RTL, Data Location, compliance badge
πŸ‡°πŸ‡Ό KuwaitData Privacy Regulation No.26/20242024Arabic + RTL, compliance badge

What CookiEzu Handles vs. What It Cannot

RequirementCookiEzu handles?Notes
Informed consent before processingβœ… YesBanner shown before any cookie set
Granular category consentβœ… YesNecessary / Analytics / Marketing / Functional
Right to withdraw consentβœ… YesπŸͺ re-open button always accessible
Re-consent on policy changeβœ… YesPolicy Version field (v1.3.0)
Audit trail of consentβœ… YesConsent Log with policy_version column
Language in user's languageβœ… YesArabic + Malay (v1.3.0)
Data processing purpose disclosureβœ… PartialExtended Disclosure field β€” you fill the text
Data localisation disclosureβœ… PartialData Processing Location field β€” you fill the text
Data localisation (storing data locally)❌ Out of scopeDepends on your server/hosting location
Cross-border transfer approvals❌ Out of scopeRequires legal counsel
Data breach notification (PDPO Part 7)❌ Out of scopeRequires process/tooling outside WordPress
DPO appointment❌ Out of scopeOrganisational, not technical

Smart Admin Compliance Notices

CookiEzu checks your consent log for BN and GCC country codes. If visitors from those regions are detected and the Data Processing Location field is empty, yellow admin notices appear automatically on CookiEzu pages in the WordPress admin β€” linking directly to the settings tab that needs attention.

βš–οΈ
CookiEzu is a technical compliance tool, not legal advice. The PDPO 2025, PDPL, and related laws are complex. Consult a qualified lawyer familiar with data protection in your jurisdiction for advice specific to your business.
Docsβ€ΊIntegrationsβ€ΊGoogle Analytics 4
Integration

Google Analytics 4

Auto-load GA4 with full Consent Mode v2 support β€” no additional plugins or code needed.

How It Works

When you enter a GA4 Measurement ID, CookiEzu injects the gtag.js script and sets up Consent Mode v2. By default all consent signals are denied. When a visitor accepts analytics cookies, CookiEzu updates the signals to granted and GA4 begins full tracking.

βœ…
This keeps you compliant β€” GA4 won't set any cookies or track behaviour until the visitor explicitly consents to Analytics cookies.

Setup

Create a GA4 property
Go to analytics.google.com β†’ Admin β†’ Create Property. Choose Google Analytics 4.
Copy your Measurement ID
Admin β†’ Data Streams β†’ your stream. Copy the ID (format: G-XXXXXXXXXX).
Paste into CookiEzu
CookiEzu β†’ Settings β†’ Integrations β†’ Google Analytics 4 ID. Save.
Verify
Visit your site, accept analytics, then check Realtime in GA4. You should see yourself as an active user.
⚠️
Don't use another GA4 plugin at the same time. MonsterInsights, Site Kit, or any other GA4 plugin will conflict β€” remove them first or GA4 data will be doubled.
Docsβ€ΊIntegrationsβ€ΊGoogle Tag Manager
Integration

Google Tag Manager

CookiEzu pushes consent events to GTM's dataLayer, letting you control any tag based on visitor consent β€” without touching code.

Setup

Get your GTM Container ID
Go to tagmanager.google.com. Your container ID is top-right (format: GTM-XXXXXXX).
Enter it in CookiEzu
CookiEzu β†’ Settings β†’ Integrations β†’ Google Tag Manager ID. Save.
Create triggers in GTM
In GTM, create a Custom Event trigger that fires on cookiezu_consent_updated. Use it to fire Facebook Pixel, Hotjar, or any other tag only when the relevant consent is granted.

dataLayer Event Structure

JavaScript
{
  event: "cookiezu_consent_updated",
  cookiezu: {
    necessary:  true,
    analytics:  true,   // or false
    marketing:  false,
    functional: true,
    version:    "1.2.1",
    date:       "2026-02-28T10:22:00.000Z"
  }
}

Access these in GTM as {{dlv - cookiezu.analytics}} etc. to conditionally fire tags.

Docsβ€ΊIntegrationsβ€ΊJavaScript API
Integration

JavaScript API

Load any third-party script conditionally based on what the visitor consented to β€” no GTM required.

The Consent Event

Every time a visitor saves their preferences, CookiEzu fires a custom DOM event called cookiezuConsentUpdated.

JavaScript
document.addEventListener('cookiezuConsentUpdated', function(e) {
  const consent = e.detail;

  // consent.necessary  β†’ always true
  // consent.analytics  β†’ true or false
  // consent.marketing  β†’ true or false
  // consent.functional β†’ true or false

  if (consent.analytics) {
    loadHotjar(); // load any analytics tool
  }
  if (consent.marketing) {
    loadFBPixel(); // load Facebook Pixel
  }
  if (consent.functional) {
    loadIntercom(); // load chat widget
  }
});

Reading Consent Without the Event

JavaScript
function getCookieZuConsent() {
  const match = document.cookie.match(/cookiezu_consent=([^;]*)/);
  if (!match) return null;
  try { return JSON.parse(decodeURIComponent(match[1])); }
  catch(e) { return null; }
}

const consent = getCookieZuConsent();
if (consent?.analytics) {
  // already consented β€” load scripts immediately
}
Docsβ€ΊComplianceβ€ΊGDPR
Compliance

GDPR Guide

Everything you need to configure CookiEzu to meet EU General Data Protection Regulation requirements.

⚠️
This is not legal advice. CookiEzu helps you implement consent technically, but you should consult a qualified legal professional for advice specific to your business and jurisdiction.

GDPR Checklist

RequirementCookiEzu SettingStatus
Consent before non-essential cookiesEnabled by defaultβœ“ Built-in
Granular category choicesEnable categories in Categories tabβœ“ Built-in
Easy to withdraw consentRe-open πŸͺ button always visibleβœ“ Built-in
Keyboard accessible dialogFocus trap + Escape key β€” on by defaultβœ“ v1.2.0
Link to Privacy PolicyContent tab β†’ Privacy Policy URLβš™ Configure
Audit trail / record of consentEnable Record Consent in Advanced tabβš™ Configure
Re-obtain consent periodicallySet Consent Expiry to 365 days maxβš™ Configure
No pre-ticked marketing boxesMarketing toggle is off by defaultβœ“ Built-in
Data minimisation (country tracking)Country code only β€” no city/region storedβœ“ v1.3.0
Docsβ€ΊComplianceβ€ΊPDPA
Compliance

PDPA Guide

Personal Data Protection Act requirements for Malaysia, Thailand, Singapore, and Brunei.

Southeast Asian PDPA laws share the same core principle as GDPR β€” you must obtain informed consent before collecting and processing personal data, including via cookies and tracking scripts.

Country Coverage

CountryLawKey Notes
πŸ‡²πŸ‡Ύ MalaysiaPDPA 2010Consent must be informed and voluntary. Data subjects can withdraw consent at any time.
πŸ‡ΉπŸ‡­ ThailandPDPA 2019Similar to GDPR. Requires explicit consent for sensitive data. Effective since 2022.
πŸ‡ΈπŸ‡¬ SingaporePDPA 2012 (amended 2021)Deemed consent rules apply. Must provide opt-out mechanisms.
πŸ‡§πŸ‡³ BruneiNo dedicated PDPA yetBest practice: follow GDPR/Malaysian PDPA standards. Legislation likely incoming.
πŸ’‘
Recommended setup for SEA sites: Enable all relevant categories, turn on Record Consent, set expiry to 365 days, and link to a Privacy Policy that covers your data practices in the local language.
Docsβ€ΊAdvancedβ€ΊCustom CSS
Advanced

Custom CSS

Override any part of the banner using CookiEzu's CSS variable system or direct selectors.

Paste your CSS into CookiEzu β†’ Settings β†’ Advanced β†’ Custom CSS. It is output in a <style> tag in your page footer, after the plugin's main stylesheet, so it takes full precedence.

⚠️
Do not use display: none !important on the banner itself. Visibility is controlled by inline JavaScript styles. CSS display: none !important can permanently hide the banner for all visitors.

CSS Variables Reference

CSS Variables
:root {
  /* Colours (all overrideable) */
  --cz-cookie:         #C17B2F;   /* buttons, toggles, links */
  --cz-cookie-pale:    #FDF3E3;   /* light checked bg β€” auto-overridden in dark mode */
  --cz-text:           #1A1208;   /* all text */
  --cz-text-muted:     rgba(26,18,8,0.55);
  --cz-bg:             #FEFCF8;   /* banner background */
  --cz-surface:        #FBF7F0;   /* unchecked category card */
  --cz-border:         rgba(26,18,8,0.10);

  /* Shape */
  --cz-radius:         10px;
  --cz-radius-lg:      16px;
}

Example β€” Dark Mode Override

CSS
/* Deepen the dark background further */
.cookiezu-theme-dark {
  --cz-bg:      #0D0904;
  --cz-surface: #150F08;
}

Example β€” Custom Font

CSS
.cookiezu-banner {
  font-family: 'Georgia', serif;
}
Docsβ€ΊAdvancedβ€ΊWP Hooks & Filters
Advanced

WordPress Hooks

Extend and customise CookiEzu behaviour using WordPress actions and filters.

HookTypeDescription
cookiezu_optionsFilterModify the options array before it's used. Useful for dynamic overrides based on user role or page.
cookiezu_banner_htmlFilterOverride the entire banner HTML output.
cookiezu_before_bannerActionOutput content before the banner renders in the footer.
cookiezu_after_bannerActionOutput content after the banner renders in the footer.

Example β€” Override layout per page

PHP
add_filter( 'cookiezu_options', function( $options ) {
  // Use modal on checkout, bar everywhere else
  if ( is_checkout() ) {
    $options['layout']   = 'modal';
    $options['position'] = 'bottom';
  }
  return $options;
} );
Docsβ€ΊAdvancedβ€ΊTroubleshooting
Advanced

Troubleshooting

Diagnosing and fixing the most common issues with CookiEzu.

Dark mode text unreadable on category cards

πŸ›
Fixed in v1.3.0. Upgrade from any older version. If you're already on v1.3.0 and still see this, check that your caching plugin hasn't cached the old CSS. Clear all caches after upgrading.

Banner doesn't appear at all

Most common cause: you already have a consent cookie. Open DevTools β†’ Application β†’ Cookies, find cookiezu_consent, delete it, and refresh. Always test in an incognito window. Alternatively, turn on Test Mode in Advanced to force the banner to show for admins without clearing cookies.

Country shows "β€”" in the log

The country_code column was added in v1.3.0. If records show "β€”" for country, these were created before the upgrade. All new consents after upgrading will have the country code populated. You can also check if your server is behind Cloudflare (fastest method) or confirm that outbound HTTP requests to geoplugin.net are not blocked by your firewall.

Live preview doesn't update

The live preview relies on jQuery being loaded on the admin page (it always is in WordPress admin). If the preview doesn't update, open DevTools Console and look for JavaScript errors. A common cause is a third-party admin plugin that breaks the global jQuery object. Try disabling other plugins temporarily.

After upgrading, old behaviour persists

A caching plugin is serving the old JS/CSS. Clear WP Super Cache, W3 Total Cache, LiteSpeed Cache, Cloudflare cache, and any server-level cache your host provides (Kinsta, WP Engine, Flywheel all have these). Then hard-refresh with Ctrl+Shift+R.

πŸ’‘
Quick diagnostic: In DevTools Console, run fetch('/wp-content/plugins/cookiezu/public/js/cookiezu-public.js').then(r=>r.text()).then(t=>console.log(t.slice(0,300))). If the output contains trapFocus and testMode you have v1.2.x. If it only contains style.display without those, you have v1.1.0.

Consent log is empty

Make sure Record Consent is enabled in Advanced. Also run console.log(cookiezuSettings.ajaxUrl) in the browser console to verify the AJAX URL is correct.

Docsβ€ΊFAQ
FAQ

Frequently Asked Questions

Quick answers to the most common questions about CookiEzu.

Will CookiEzu slow my site down?

No. The front-end JavaScript is under 4KB with zero dependencies. The CSS is ~6KB. Both load in the footer and have no impact on Core Web Vitals or page speed.

Does country tracking slow consent recording?

For Cloudflare users: no β€” the country comes from a header with zero latency. For everyone else, the geoplugin.net lookup has a 3-second timeout and results are cached per IP for 24 hours (WordPress transients), so repeat visitors from the same IP have instant resolution. If the lookup fails or times out, an empty string is stored gracefully β€” consent recording never fails because of country detection.

Is the live preview exactly what visitors see?

The preview is a proportional approximation. Layout, theme, colours, and shapes are accurate. Exact pixel-level spacing and font rendering will differ slightly because the preview is scaled down inside an admin panel. Always verify in incognito on your real site before going live.

Can I use CookiEzu with WooCommerce?

Yes. WooCommerce's session and cart cookies are Necessary and don't require consent. Show Marketing only if you run WooCommerce Ads or remarketing. The plugin is fully compatible with WooCommerce.

Is this plugin free forever?

Yes. CookiEzu is GPL v2 licensed. Use it on unlimited sites, modify it, redistribute it. No paid tiers, no usage limits, no subscriptions.

Does CookiEzu block scripts automatically?

Not yet. v1.3.0 fires the cookiezuConsentUpdated JS event which you use to load scripts conditionally. Automatic script blocking (rewriting type="text/javascript" β†’ type="text/plain") is planned for v2.

How do I report a bug?

Open an issue at github.com/flyzal/CookiEzu/issues. Include your WP version, PHP version, active theme, layout, and exact reproduction steps.

Docsβ€ΊRoadmap
Roadmap

What's coming next

Planned features for CookiEzu v2 and beyond. All community suggestions welcome on GitHub.

βœ… Completed β€” v1.0 through v1.3.0

βœ“ Done
🎨 Bar, Box & Modal Layouts
Three distinct banner designs Γ— 4 positions. All working and dismissible.
🎨
βœ“ Done
πŸ“Š GA4 Consent Mode v2
Auto-load Google Analytics with full Consent Mode v2 β€” analytics_storage and ad_storage signals.
πŸ“Š
βœ“ Done
πŸ”’ Consent Audit Log
Every consent event recorded with date, IP, country code, and per-category values.
πŸ”’
βœ“ Done
β™Ώ WCAG 2.1 AA Accessibility
Focus trap, Escape key, focus return, aria-labelledby, keyboard rings. Fully compliant since v1.2.0.
β™Ώ
βœ“ v1.2.1
πŸ“Š Consent Analytics Dashboard
Donut charts, category bars, 30-day trend, and country breakdown β€” all inside WordPress admin.
πŸ“ˆ
βœ“ v1.2.1
πŸ‘οΈ Live Design Preview
Instant banner preview in the Design tab β€” updates as you change layout, theme, colours, and text without saving.
πŸ‘οΈ
βœ“ v1.2.1
🌍 Visitor Country Tracking
2-letter ISO country code stored per consent. Cloudflare header β†’ geoplugin.net API β†’ empty fallback. GDPR minimal data.
🌍
βœ“ v1.3.0
🌐 Arabic & Malay Languages
Full RTL layout for GCC/Arabic. Native Bahasa Melayu for Brunei and Malaysia. Auto-applied from language setting.
🌐
βœ“ v1.3.0
πŸ” Policy Version Re-consent
Bump a version number to force re-consent for all visitors. Required by GDPR, PDPL, and Brunei PDPO 2025.
πŸ”
βœ“ v1.3.0
πŸŒ™ GCC & Brunei PDPO Compliance
Extended Disclosure, Data Location, compliance tier badges, and smart admin notices for Brunei PDPO 2025 and Saudi PDPL.
πŸŒ™

Version 2.0 β€” Smarter Consent

v2.0
🚫 Automatic Script Blocking
Block third-party scripts until consent by rewriting script tags. No manual code needed from site owners.
🚫
v2.0
πŸ” Auto Cookie Scanner
Scan your site for cookies and pre-fill the cookie details table with real provider and expiry data.
πŸ”
βœ“ v1.3.0
🌐 Multi-language Support
Arabic (RTL, GCC) and Bahasa Melayu (Brunei/Malaysia) shipped in v1.3.0. Browser-language auto-detection and WPML/Polylang integration still planned.
🌐
v2.0
πŸ“ Geo-targeting Rules
Stricter GDPR mode for EU visitors, lighter touch for others β€” based on the country data now being collected.
πŸ“
v2.0
πŸ“€ Consent Log CSV Export
Export your full consent log as CSV directly from the admin panel β€” for compliance audits and legal requests.
πŸ“€
v2.0
🎨 More Banner Templates
Pre-designed templates (Minimal, Bold, Soft, Corporate) that you can apply in one click.
🎨

Version 3.0 β€” Power Features

v3.0
πŸ€– AI-Powered Cookie Detection
Use AI to classify unknown cookies on your site and suggest their category automatically.
πŸ€–
v3.0
πŸ”Œ Deep Plugin Integrations
Direct integrations with WooCommerce, Contact Form 7, Gravity Forms, Elementor, and popular analytics plugins.
πŸ”Œ
v3.0
πŸ”” Consent Webhooks
Send consent events to external systems (CRMs, data warehouses, Zapier) via webhook.
πŸ””
Future
πŸ“± Mobile SDK
A companion SDK for iOS and Android apps to manage consent across web and mobile from one place.
πŸ“±
πŸ’‘
Have a feature idea? Open a GitHub Discussion at github.com/flyzal/CookiEzu/discussions. Community votes influence what gets built first.

Current v1.3.0 Integrations

πŸ“ˆ
Google Analytics 4
Auto-load with Consent Mode v2
βœ“ Available
🏷️
Google Tag Manager
dataLayer consent events
βœ“ Available
πŸ”—
JavaScript API
Custom event for any script
βœ“ Available
πŸͺ
WP Hooks & Filters
PHP-level customisation
βœ“ Available
☁️
Cloudflare
CF-IPCountry for instant geo
βœ“ Auto-detected
πŸ“˜
Facebook Pixel
Via GTM or JS API
Via GTM
Docsβ€ΊCommunityβ€ΊLegal Disclaimer
Legal

Legal Disclaimer

Important information about the limits of CookiEzu and your responsibilities as a website owner under applicable privacy law.

⚠️
Please read before deploying CookiEzu on a live website. Installing this plugin does not automatically make your website legally compliant. Compliance depends on how you configure it, which cookies your site loads, the accuracy of your Privacy Policy, and the laws that apply to your business and visitors.

1. Not Legal Advice

Nothing in this documentation, on the CookiEzu website, or within the plugin's code constitutes legal advice, legal opinion, or a legal recommendation. The information provided is for general technical guidance only. For advice specific to your business, jurisdiction, and data practices, consult a qualified legal professional or a certified Data Protection Officer (DPO).

2. Software Provided "As Is" β€” GPL v2 Warranty Disclaimer

CookiEzu is distributed under the GNU General Public License v2 (GPL v2). As stated in Sections 11 and 12 of that license:

GPL v2 β€” Sections 11 & 12
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED
BY APPLICABLE LAW. THE PROGRAM IS PROVIDED "AS IS" WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO
THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW WILL ANY
COPYRIGHT HOLDER BE LIABLE FOR DAMAGES, INCLUDING ANY GENERAL,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF
THE USE OR INABILITY TO USE THE PROGRAM.

3. No Liability for Fines or Legal Actions

The author of CookiEzu shall not be held liable for any fines, penalties, legal proceedings, regulatory enforcement actions, or damages of any kind β€” including but not limited to GDPR fines (up to €20M or 4% of global turnover), CCPA penalties, PDPA enforcement, or civil claims β€” arising from the use or misconfiguration of this plugin.

4. Compliance Is Your Responsibility

Your ResponsibilityWhy CookiEzu Can't Do It for You
Accurate Privacy PolicyYou must disclose which cookies you use, their purpose, provider, and expiry β€” specific to your site.
Correct Cookie CategorisationWrong categories or missing cookies can constitute a violation even with a banner present.
Keeping the Plugin UpdatedOutdated versions may have bugs affecting consent capture.
Verifying the Banner AppearsCaching plugins can silently prevent the banner from loading. Always test in incognito.
Knowing Your Applicable LawGDPR, CCPA/CPRA, PDPA, PIPEDA, LGPD have materially different requirements.
πŸ’‘
The bottom line: CookiEzu is a free, well-built technical tool that meaningfully helps you implement cookie consent. But full compliance requires an accurate Privacy Policy, a complete cookie audit, correct configuration, and periodic legal review.
Docsβ€ΊCommunityβ€ΊContributing
Open Source

Contributing

CookiEzu is built by the community, for the community. Every bug report, pull request, translation, and star makes it better for everyone.

How Contributions Work

CookiEzu uses the standard open source fork-and-pull model. Anyone can fork, improve, and submit a pull request β€” no invitation needed.

The Fork-and-Pull Workflow

Fork the repository
Go to github.com/flyzal/CookiEzu and click Fork.
Create a descriptive branch
Clone your fork. Create a branch: git checkout -b fix/dark-mode or git checkout -b feature/csv-export. Never commit to main directly.
Make your change
Write clean, commented code following WordPress PHP coding standards. Test on a real WordPress install across multiple themes.
Open a Pull Request
Push your branch, then open a PR against flyzal/CookiEzu:main. Write a clear title and description. Link related Issues.

What We Welcome

πŸ›
Bug Reports
Found something broken? Open a GitHub Issue with WP version, PHP version, theme, layout, and exact reproduction steps.
✨
Feature Requests
Open an Issue with the "enhancement" label. Check the Roadmap first. Community πŸ‘ reactions influence what gets prioritised.
🌍
Translations
Add a .po file for your language to /languages/. Non-English support is a v2 priority.
πŸ“
Documentation
Spotted an error or missing step? Docs PRs are the easiest to get merged and just as valuable as code.
πŸ§ͺ
Compatibility Testing
Test with Elementor, Divi, caching plugins. Real-world testing catches what dev environments miss.
⭐
Spread the Word
Star the repo. Share with other developers. A larger community means a better, faster-improving plugin.

Support the Project

β˜•
Buy Me a Coffee
One-time support β€” whatever feels right.
β˜• Buy me a coffee
β™₯
GitHub Sponsors
Monthly or one-time. Zero fees.
β™₯ Sponsor on GitHub
⭐
Star the Repo
Free. 2 seconds. Helps discoverability enormously.
⭐ Star on GitHub