WordPress

CookieBoss has an official WordPress plugin. Install it, paste your Site ID, and your consent banner is live.

Step 1: Create a CookieBoss account

Sign up at cookieboss.io/signup. The free plan covers one domain with all core consent features.

Step 2: Add your domain

In the CookieBoss dashboard at app.cookieboss.io, go to Sites → + New Site and enter your WordPress domain. Click Add Site.

Step 3: Install the CookieBoss plugin

In your WordPress admin:

  1. Go to Plugins → Add Plugin
  2. Search for CookieBoss
  3. Click Install Now, then Activate

Manual install

Prefer to upload the zip yourself? Download the latest release from wordpress.org/plugins/cookieboss and use Plugins → Add Plugin → Upload Plugin.

Step 4: Configure the plugin

  1. Go to Settings → CookieBoss in WordPress
  2. Paste your Site ID (find it in app.cookieboss.io → your site → Installation Script)
  3. Click Verify — you should see a green confirmation
  4. Click Save Settings — Connection Status flips to Connected

Where to find your Site ID

In the CookieBoss dashboard, open your site and look at the Installation Script section. The Site ID is the 26-character ULID in the script URL (https://cdn.cookieboss.io/scripts/YOUR_SITE_ID/consent.js).

Step 5: Publish in CookieBoss

Back in the CookieBoss dashboard, open your site and click Publish. This compiles your consent script with your banner settings, cookie categories, and language translations. The banner will not appear on your WordPress site until you complete this step.

Verify the installation

Open your WordPress site in an incognito/private browser window. The consent banner should appear at the bottom. Open the browser console and run:

Console check js 
console.log(window.CookieBoss)

If the script loaded correctly, this logs the CookieBoss API object.

Plugin settings reference

General

  • Site ID — your CookieBoss Site ID. Use Verify to check the script is reachable on the CDN.
  • Enable Banner — toggle the banner without removing the plugin. Useful for temporary disable.

Script Blocking

  • Blocking Mode — when enabled, the plugin rewrites script tags for known tracking scripts (Google Analytics, GTM, Facebook Pixel, Hotjar, etc.) so they only run after consent. Disable this if you prefer to manage script blocking centrally in the CookieBoss dashboard.
  • Inject GCM v2 default state — sets all Google consent categories to “denied” by default before any Google tags load. Required for Google Ads compliance in the EU. Enabled by default.
  • URL Passthrough — passes ad click info (gclid, dclid) through page URLs even when ad_storage is denied. Improves Google Ads conversion modeling.
  • Ads Data Redaction — redacts ad click identifiers from network requests when ad_storage is denied. Stricter privacy but may reduce conversion accuracy.

Admin Options

  • Admin Preview Mode — hides the banner for logged-in administrators, so you can browse and edit content without the consent banner in the way. Visitors still see the banner.

Cookie & Script Scanner

Click Scan Site Now to detect cookies and tracking scripts on your site. Results are categorized and shown in the CookieBoss dashboard.

WooCommerce

The plugin automatically detects WooCommerce and protects essential cart and checkout cookies (woocommerce_cart_hash, wp_woocommerce_session_*, etc.) so checkout always works regardless of consent state. Marketing and analytics scripts respect consent normally.

No additional configuration is required.

Block third-party scripts in WordPress themes or other plugins

For scripts not covered by the built-in Blocking Mode (custom theme code, other plugins’ tracking scripts), change the type attribute to text/plain and add a data-cookieboss-category attribute:

Blocked script example html 
<!-- This script won't run until the visitor consents to "analytics" -->
<script type="text/plain" data-cookieboss-category="analytics"
src="https://example.com/tracking.js"></script>

Supported categories: necessary, functional, analytics, marketing.

Caching plugins

CookieBoss works with all major WordPress caching plugins (WP Rocket, W3 Total Cache, WP Super Cache, LiteSpeed Cache). The consent script is loaded from the CookieBoss CDN with proper cache headers, so it bypasses page caching cleanly.

No special configuration is needed.

Multisite

The plugin can be activated network-wide or per-site. Each WordPress site needs its own CookieBoss Site ID — one Site ID is bound to one domain.

Content Security Policy (CSP)

If your site sends Content-Security-Policy headers (via a security plugin or server config), add the CookieBoss domains:

DirectiveDomainPurpose
script-srccdn.cookieboss.ioLoads the consent script
connect-srca.cookieboss.ioSends consent analytics

See the full CSP configuration guide for examples.

Troubleshooting

Plugin shows “Not configured” after entering Site ID

  • Click Save Settings after Verify. The Verify check does not auto-save.

“Verify” succeeds but no banner appears on the site

  • Go to your site in the CookieBoss dashboard and click Publish. The script returns 404 until the site is published.

Banner appears in admin but not on the public site

  • Disable Admin Preview Mode in Settings → CookieBoss → Admin Options, or sign out / use an incognito window to test as a visitor.

Site Health warning about external script

  • This is expected. The consent script is loaded from cdn.cookieboss.io by design for instant updates without re-deploying your site.

Plugin conflicts with other consent plugins

  • Only one consent management plugin should be active at a time. Deactivate any other CMP plugins (Cookiebot, Complianz, GDPR Cookie Consent, etc.) before activating CookieBoss.