| 开发者 | ontario777 |
|---|---|
| 更新时间 | 2026年7月11日 02:48 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
wp_head priority 1, before any tag manager or gtag snippet.wp_plain_consent_log) with a privacy-preserving SHA-256 subject hash over a daily-rotating salt, and a 730-day default retention purge (filterable via constant).GET /mirror-nonce endpoint (Cache-Control: no-store), so full-page caching does not break nonce validation.CF-IPCountry header when present, with a fail-safe default: if the country cannot be determined, the visitor is treated as in-scope.PLAIN_COOKIE_CONSENT_FACEBOOK_PIXEL_ID in wp-config.php.PLAIN_COOKIE_CONSENT_CLARITY_PROJECT_ID in wp-config.php.PLAIN_COOKIE_CONSENT_LINKEDIN_PARTNER_ID in wp-config.php.window.plainCookieConsent JavaScript API (getCategories, hasConsent, onChange, onGrant, onRevoke) for site-specific vendors.plain_cookie_consent_autoclear_cookies filter).localStorage / sessionStorage cleanup on a real granted-to-revoked transition (plain_cookie_consent_clear_storage_keys filter).wcag2a, wcag2aa, wcag21aa tags) run on every push and pull request via GitHub Actions.plain-cookie-consent folder to /wp-content/plugins/.wp-config.php.The plugin does not auto-gate reCAPTCHA, because its legal basis is context-dependent: on contact forms it generally requires consent, while as payment anti-fraud it may be consent-exempt. The Diagnostics "reCAPTCHA / security CAPTCHA" probe flags its presence so you can decide. The bundled docs/INTEGRATION.md documents gating patterns.
After a fresh activation or update, full-page cache can keep serving HTML generated before the plugin was active. Diagnostics compares the normal public front page with a cache-busted front-page request for the bootstrap and consent-default source checks. If the cache-busted render contains the plugin markers but the normal public page does not, purge your WordPress page cache, Redis/Varnish/Nginx full-page cache, and Cloudflare/CDN cache, then rerun diagnostics before editing theme or tag-manager code.
No. Switzerland (CH) is deliberately excluded from the consent-required region set. The Swiss revFADP has no prior-consent rule for cookies equivalent to ePrivacy Art. 5(3), so Swiss traffic falls under the rest-of-world (granted-by-default) branch. The in-scope set is the EEA (EU-27 + Iceland, Liechtenstein, Norway) plus the United Kingdom.
No — not by default. The consent audit log and all plugin settings are preserved when you uninstall (GDPR Art. 7.1 evidence; a reinstall finds prior records and configuration intact). To permanently delete all data, go to Settings → Cookie Consent → Data on uninstall, switch to delete mode (type DELETE to confirm), and then proceed with the WordPress uninstall. The rotating subject salt is always removed in both modes. Exporting the log first (CSV or JSON) is recommended for portable evidence before any permanent deletion.
No. There is no external telemetry. Consent records stay in your own WordPress database, with the subject identifier stored only as a salted SHA-256 hash.
CHANGELOG.md in the plugin package and repository.