CookieBoxs - GDPR/CCPA Cookie Consent & Google Consent Mode v2
| 开发者 | visionsolutions |
|---|---|
| 更新时间 | 2026年5月20日 15:54 |
| 捐献地址: | 去捐款 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.9 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
CookieBoxs is a cookie consent plugin for WordPress that helps site owners manage visitor consent preferences and configure consent-aware integrations.
Free features include:
- Google Consent Mode v2 support
- Automatic script blocker and cookie cleaner
- 25+ built-in integrations
- Content blockers for embedded media and maps
- 11 interface languages
- Region presets
- Consent logging in WordPress
- Floating settings badge
- Self-hosted plugin files
安装:
- Upload the
cookieboxsfolder to the/wp-content/plugins/directory. - Activate the plugin in WordPress.
- Go to Settings -> CookieBoxs.
- Choose your language and region preset.
- Configure the integrations you want to use.
- Save your settings.
屏幕截图:
常见问题:
Does it include Google Consent Mode v2?
Yes.
Does the plugin guarantee legal compliance?
No. CookieBoxs is a technical tool that can help with consent management and privacy-related configuration. Site owners remain responsible for reviewing their legal obligations, policies, and third-party services.
Does it block scripts before consent?
The plugin includes an automatic script blocker and cookie cleaner. Built-in integrations are designed to load according to their assigned consent category. Google Tag Manager may load earlier and rely on Consent Mode signals, depending on configuration.
Can I customize the banner text?
Yes. Banner text, category labels, and descriptions can be customized in the plugin settings.
How do I add custom scripts?
Go to Settings -> CookieBoxs -> Custom Scripts and assign the script to a consent category.
Is it compatible with caching plugins and page builders?
CookieBoxs is designed to work with common caching plugins and standard WordPress themes and builders.
Does it support multisite?
Yes.
How do I show a link to reopen cookie settings?
Use the shortcode [cookieboxs_settings] or enable the floating badge.
更新日志:
3.0.14
- Removed: noisy "we disabled features for you" admin notice that 3.0.9 shipped after the auto-migration of
script_blocker/block_youtube/block_vimeo/block_maps. The notice was sticky on every admin screen until dismissed, which became annoying. Settings → Blockers now carries a red warning card (added in 3.0.13) that explains the same information in-context, so the global banner is no longer needed. - Cleanup: the
cookieboxs_show_3_0_9_migration_noticeoption is now deleted on upgrade so leftover flags from previous installs don't accumulate. Removedshow_3_0_9_migration_notice()andmaybe_dismiss_migration_notice()methods together with their hooks (admin_notices,admin_initfor dismiss).
- UX: redesigned the Automatic Script Blocker card in Settings → Blockers and in the setup wizard. The card now has a red warning frame instead of the previous indigo "recommended" frame, the toggle label reads "NOT recommended" in red, and a prominent multi-line warning explains that the feature can prevent parts of the page from rendering (especially with page builders like Elementor or caching plugins like LiteSpeed/WP Rocket) and that it must be tested on staging before enabling in production.
- Defaults: the wizard checkbox is now unchecked by default, the wizard form handler stores
script_blocker = falsefor fresh installs, and the wizard summary screen no longer mis-reports the off state as a problem (it now shows "✗ Off (recommended)" in neutral grey). - Translated: 2 new translation keys (
sb_warning,sb_not_recommended) added to all 11 language files. The warning is fully localised in English, Polish, German, French, Spanish, Italian, Dutch, Czech, Portuguese, Swedish and Ukrainian.
- Fixed: Plugin Check warning
upgrade_notice_limit— the Upgrade Notice entries for 3.0.8, 3.0.9 and 3.0.10 exceeded the 300-character limit set by WordPress.org. The text has been trimmed without losing the essential information.
- Hardening: wrapped 7 ternary-string
echoexpressions intemplates/admin.phpwithesc_attr()oresc_html()even though they return hardcoded literal CSS classes / glyphs. Defends against future code changes that might accidentally let user data flow into those expressions, and satisfies the strict "escape every echo" rule enforced by WordPress.org Plugin Check. - Hardening: when the cookie scanner extracts a
cookieboxsIntegrations = {...}JSON fragment from the homepage HTML (the homepage is fetched server-side viawp_remote_get()), the fragment is now passed throughsanitize_text_field()beforejson_decode(). The output is still gated by anis_array()check and only scalar keys are read, but the extra sanitization makes the defensive intent explicit.
- Fixed: per-category custom code textareas (Necessary / Functional / Analytics / Marketing) silently dropped any snippet that included the surrounding
<script>tags. Site owners who copied the full official snippet from the provider's documentation (e.g. Microsoft Clarity, Google Analytics, Hotjar, Tawk.to) would see no error but the tracker would never run, because the JavaScript body was passed tonew Function()together with literal<script>text which causes a SyntaxError. The plugin now strips the wrappers (and legacy HTML comment / CDATA markers) before evaluation, so BOTH formats — pure JS body OR full<script>…</script>snippet — work. - Added: Google Ads "Conversion label" input field under the Google Ads ID input on the Integrations tab. The
int_gads_labeloption had been stored and passed to the frontend conversion event since earlier releases but there was no UI to set it. Translated label placeholder added to all 11 language files. - Improved: custom-code textarea placeholders now show concrete copy-paste examples (Microsoft Clarity snippet on the Analytics card) and the category headings on the custom-scripts tab are properly translated instead of being hardcoded in Polish.
- Fixed: Auto Script Blocker and the YouTube/Vimeo/Google Maps embed blockers were reported to break page rendering on sites that combine Elementor (4.x) with LiteSpeed Web Server / WP Rocket / other complex caching setups. The visible symptom was an empty hero / content area while the header and footer rendered normally.
- Migration: when a site updates from 3.0.7 or 3.0.8 to 3.0.9, the four problem options (
script_blocker,block_youtube,block_vimeo,block_maps) are force-disabled. The cookie banner, Google Consent Mode v2, integrations and consent logging keep working as before. A one-time dismissible admin notice (translated to all 11 languages) explains the change and links to Settings where the options can be re-enabled after testing on staging. - Added:
cookieboxs_db_versionoption to track the last-migrated plugin version so future migrations run exactly once per upgrade, even when WordPress updates the plugin in place without firingregister_activation_hook. - Translated: 3 new translation keys (
migration_3_0_9_notice,migration_3_0_9_button_settings,migration_3_0_9_button_dismiss) added to all 11 language files (389 keys total per file).
- Fixed: site rendering as "footer only" or blank after activation when a page builder or full-page cache plugin was active. The automatic script blocker now records its output buffer level and verifies stack alignment on shutdown, so it never closes a buffer that belongs to another plugin or theme.
- Fixed: structural bug in 9 language files (cs, de, es, fr, it, nl, pt, sv, uk) — five wizard keys (wiz_gcm_enable, wiz_gcm_info, wiz_recommended, wiz_sb_enable, wiz_sb_info) were stored at top level but read from admin. by the plugin, so existing translations were silently ignored. Keys moved to admin. in all affected files.
- Translated: filled all missing translations in 8 language files — fr (83), es (119), it (119), nl (130), cs (135), pt (135), sv (135), uk (135). All 11 languages now ship at 100% coverage. Brand and industry-standard names (Google Maps, Google Consent Mode v2, White Label, Marketing, Retargeting, Powered by CookieBoxs) are preserved as-is.
- Fixed: 46 hardcoded Polish strings in PHP and JavaScript files (cookieboxs.php, templates/admin.php, templates/banner.php, templates/news.php, assets/js/cookieboxs-admin.js) were appearing regardless of the user's language selection. Replaced with translation keys read from the language JSON files. 70 cookie scanner descriptions normalised to English (industry standard, matching Cookiepedia/Termly conventions).
- Translated: 26 new translation keys added to all 11 language files (386 keys total per file). Covers license activation messages, badge appearance options, scanner UI, GCM notices, news widget and Pixel-plugin detection notice.
- Improved: cookie scanner now detects Facebook/Meta Pixel installations made through dedicated manager plugins (PixelYourSite Free/Pro, Pixel Manager for WooCommerce, Official Facebook Pixel, Meta for WooCommerce, Pixel Cat, Pixel Caffeine, WP Pixel Manager, Webby Pixel Master). When one of these plugins is active, _fbp, _fbc and fr cookies are added to the detected list — even if the Pixel snippet is loaded indirectly (via GTM or after consent) and would not appear in the HTML-only scan. Applies to both the free and PRO scanners.
- Added: post-scan notice that lists detected Pixel manager plugins so site owners know which plugin is responsible for the marketing cookies.
- Fixed: script blocker was corrupting its own
data-cookieboxs-srcattribute. The regex that strips the originalsrc=from a blocked script tag also matchedsrc=inside the freshly injecteddata-cookieboxs-src=attribute (because the hyphen counts as a word boundary in PCRE), leaving a truncateddata-cookieboxs-and no URL. The result was that blocked third-party scripts (jsBarcode for WooCommerce product barcodes, TrustIndex review widget, etc.) could never be restored after the visitor accepted cookies — leading to "the page is missing parts" reports. Operations are now reordered: strip the originalsrc=first, then inject the new attributes. - Improved: cookie blocker now recognises common UI / functional JavaScript libraries served from generic CDNs (jsBarcode, QRCode, Swiper, Owl Carousel, Slick, jQuery, Lodash, Popper, Moment, lazysizes, Flickity, AOS, Lightbox/Fancybox, Leaflet, Chart.js, etc.) and routes them to the
functionalconsent category instead of the defaultmarketingbucket. Visitors who decline marketing cookies will keep seeing product barcodes, sliders and other display features. - Added:
cookieboxs_default_unknown_categoryfilter so site owners can change the fallback category for unknown external scripts (default remainsmarketingfor GDPR safety). - Added: automatic detection of incompatible output-filtering plugins (WP Rocket, W3 Total Cache, LiteSpeed Cache, WP Super Cache, Autoptimize, Hummingbird, WP-Optimize, Cache Enabler, Breeze, SG Optimizer, Powered Cache, FlyingPress, NitroPack, Perfmatters). When one of these is active, the automatic script blocker is skipped and consent is enforced through the standard category gating instead.
- Added:
cookieboxs_disable_script_blockerfilter so site owners and other plugins can opt out of the automatic blocker per request. - Changed: automatic script blocker now defaults to OFF for new installs and for upgrades from versions that did not have the option. Existing users keep their current setting.
- Added two-phase Cookie Scanner: server-side HTML detection + browser-based JavaScript cookie detection via hidden iframe.
- Browser scan detects cookies set by GTM-loaded scripts (Meta Pixel, TikTok Pixel, etc.) that server-side scanning cannot see.
- Expanded cookie detection patterns: 55+ known cookies from 30+ providers.
- Added PRO tools including geo-targeting, additional templates, declaration, analytics, branding controls, and custom CSS.
- Improved PRO settings UI.
- Bundled Chart.js locally for PRO analytics.
- Fixed settings-saving issues across PRO sub-tabs.
- Improved WordPress coding standards compliance.
- Added automatic script blocker and cookie cleaner.
- Added optional PRO licensing, analytics, and export tools.
- Removed non-functional placeholder integrations from the admin UI.
- Rebranded the plugin from CookieBox to CookieBoxs.
- Updated plugin naming, URLs, and internal handles.