WP Consent API Integration - Cookie Compliance

Applies to: WordPress Plugin v3.1.0+

WP Admin: Compliance > Settings tab > Configuration > WP Consent API

Overview

From v3.1.0 onward, Compliance by Hu-manity.co registers as a Consent Management Platform (CMP) for the WP Consent API. This means cooperative WordPress plugins (WooCommerce, Google Site Kit, Burst Statistics, and others) can read the visitor’s banner choice directly from a standard WordPress API, without you having to write any custom “trust the banner” snippets.

The integration is on by default. For most sites, you do not need to change anything — cooperative plugins start respecting consent automatically as soon as the WP Consent API plugin is active.

How It Works

You install the WP Consent API plugin (free, from WordPress.org). This plugin provides a shared vocabulary — functions like wp_has_consent('marketing') and constants like WP_CONSENT_API_CONSENT_TYPE — that every cooperative plugin agrees to use.
Compliance registers itself as the active CMP. On activation, Compliance v3.1.0+ tells the WP Consent API plugin: “I am handling consent on this site.” It also declares which consent categories it supports (functional, statistics, statistics-anonymous, marketing, preferences).
The visitor sees the banner and makes a choice. Compliance writes the choice into the standard WP Consent API cookie (wp_consent_…), keyed by category.
Cooperative plugins read the cookie. WooCommerce checks wp_has_consent('marketing') before enabling Stripe’s analytics features; Site Kit checks wp_has_consent('statistics') before sending pageviews to GA4; Burst reads it before recording anonymous stats. Each plugin self-gates.
Global Privacy Control (GPC) is honoured. If the visitor’s browser sends the Sec-GPC: 1 header, Compliance automatically forces the marketing category to deny, regardless of the banner state. This satisfies CCPA and most US state-law “Do Not Sell or Share” requirements.

Currently Registered Consumer Plugins

These plugins read consent from the WP Consent API and self-gate when Compliance is the active CMP:

Plugin	Gates
WooCommerce	Stripe analytics, PayPal analytics, marketing add-ons
Google Site Kit	GA4, AdSense, Tag Manager, Search Console
Burst Statistics	Anonymous and cookie-based statistics
WP Statistics	First-party visitor tracking
Pixel Manager for WooCommerce	Meta, Google Ads, TikTok, Pinterest pixels
AddToAny Share Buttons	Social-share network calls
AFL UTM Tracker	UTM attribution cookies

The list grows as the WP Consent API ecosystem expands. For any plugin not on this list, autoblocking and category-based script gating still apply.

Configuration

In the WordPress admin, go to Compliance → Settings tab → Configuration and locate the WP Consent API toggle.

On (default) — Compliance registers as the CMP and writes consent into the WP Consent API cookie. Recommended.
Off — Compliance does not register. Cooperative plugins will look for another CMP, and if none is present they fall back to their own default behaviour (typically deny-by-default).
Greyed out — The WP Consent API plugin is not installed or not active. Install it from WordPress.org to enable the toggle.

Category Mapping

The WP Consent API defines five standard categories. Compliance maps its own purpose categories to them as follows:

WP Consent API Category	Compliance Purpose
`functional`	Always granted (essential / strictly necessary)
`statistics-anonymous`	Granted at Site Optimization (Balanced) and above
`statistics`	Granted at Site Optimization (Balanced) and above
`preferences`	Granted at Content Personalization and above
`marketing`	Granted at Personalized only; forced deny if GPC is set

Verifying the Integration

Open the site in a fresh incognito session.
Open the browser console (F12) and run:
- wp_get_consent_type() — should return 'optin' in EU/UK/EEA or 'optout' under US state laws.
- wp_has_consent('functional') — should always return true.
- wp_has_consent('marketing') — should return false before the visitor consents, and update when they make a choice.
Accept marketing in the banner and re-run wp_has_consent('marketing'). It should now return true.
If you have a cooperative plugin installed (Site Kit, WooCommerce, etc.), confirm its dashboard reflects the visitor’s state — for example, Site Kit’s GA4 module should report “consent: granted” events.

Relationship to Google Consent Mode

Google Consent Mode v2 (GCM) and the WP Consent API are independent and complementary paths. Compliance fires both:

GCM v2 gates Google-side tag execution — analytics_storage, ad_storage, ad_user_data, ad_personalization. This works for any GA4, Google Ads, or Floodlight tag, regardless of how it was added.
WP Consent API gates server-side and plugin-level behaviour for cooperative consumer plugins.

If you use Site Kit as the source of your GA4 tag, both paths run: GCM tells the Google tag what consent state to operate under, and the WP Consent API tells Site Kit itself whether to even send the request. Both must be configured correctly. See the GTM / Tag Trigger Timing Troubleshooting article for the Site Kit-specific scenario.

Troubleshooting

The WP Consent API toggle is greyed out

The WP Consent API plugin is not installed or not active. Install it from WordPress.org and activate it.

Cooperative plugin still fires before consent

Check the toggle is on, then check the plugin’s own settings. Some plugins (Site Kit, Burst) have their own “Consent Management” section that may need to be set to “Use a CMP” rather than “Always allow”. See the per-plugin troubleshooting in Autoblocking Not Working — Troubleshooting.

I had a manual “push consent into [plugin]” snippet from an older version

Remove it. With v3.1.0+ and the WP Consent API plugin active, manual bridges are redundant and can cause double-fires.

I want to opt out of the integration entirely

Turn the WP Consent API toggle off. Compliance will continue to operate normally; cooperative plugins will fall back to their own defaults.

Was this article helpful?

YesNo