TayIT WordPress GDPR Cookie Plugin
Complete Privacy Compliance, Not Just a Banner

Call Us - 07462 497661

Running a WordPress site today means navigating a complex landscape of cookies, tracking scripts, and strict privacy laws like GDPR, CCPA, and LGPD. The TayIT GDPR & Consent Plugin is built for site owners, agencies, and developers who need more than just a cosmetic “cookie banner” — they need a robust, self‑hosted compliance engine they can actually rely on.

The Problem: “Banner‑Only” Compliance Is Broken

Too many WordPress cookie plugins are, in practice, just “banner plugins”:

  • They show a pop‑up and store a consent choice, but don’t actually enforce that choice on the server.
  • They rely on JavaScript to scan cookies after the page has already loaded, which means some tracking happens before the banner is even visible.
  • They give the illusion of compliance while leaving real technical gaps between “what we promise visitors” and “what actually happens on the server”.

For example, a visitor clicks “Reject all” — but:

  • PHP session cookies are still set before consent is given.
  • WordPress.com stats or Jetpack tracking (stats.wp.com, pixel.wp.com) continue to collect data from visitors and even admins.
  • WooCommerce Order Attribution (Sourcebuster) drops multiple cookies on every visitor by default, even when they try to reject analytics.
  • Third‑party scripts (analytics, pixels, GTM) are still fired in the page source, then “hidden” with CSS or JavaScript.
  • Cookies from lead‑gen forms or ad scripts leak into the user’s browser anyway.

That’s not compliance. That’s a cosmetic exercise that exposes site owners to legal risk, not protection from it.

Why Cosmetic Consent Fails Legally

1. Regulations Require Prior Consent (Not Just a Banner)

GDPR (Europe), CCPA (California), and LGPD (Brazil) all follow the same core principle: non‑essential data processing must happen only after a user has given explicit, informed consent.

“Prior consent” means:

  • No cookies are set until the user has seen a clear notice and has actively chosen to enable categories.
  • No tracking scripts connect to third‑party servers until consent is granted.

If your plugin only “hides” or “disables” scripts after they’ve already loaded, the data exchange has already happened. That’s a violation of prior consent, not compliance.

2. “Implied Consent” Is No Longer a Safe Legal Strategy

In many jurisdictions, it’s no longer enough to assume consent just because someone continued browsing your site. Regulators expect:

  • Unchecked categories by default.
  • Explicit, affirmative action (e.g., clicking “Accept” for each category).
  • Proof that the user could have rejected everything and still used the site.

Most “banner‑only” plugins fail this. They use cookie walls, pre‑ticked checkboxes, or “disabling” scripts instead of true blocking — leaving site owners with weak legal defences.

3. Cookie Walls Are Not a Legal Loophole

Many plugins try to force consent by making site access depend on accepting cookies. But this is not compliant with GDPR and similar laws. You must allow users to browse the site (with only strictly necessary cookies) even if they reject all non‑essential tracking.

A real compliance tool must:

  • Allow users to reject all marketing/tracking cookies and still use the site.
  • Only load non‑essential scripts when consent is given.

4. Server‑Side Cookies Are Often Missed

Most cookie scanners only run in the browser after page load. This means they miss:

  • PHP session cookies created server‑side.
  • Cookies from WordPress core, WooCommerce, login systems, and other plugins.
  • WooCommerce Order Attribution (Sourcebuster) cookies that are injected automatically to track marketing sources.
  • Non‑essential cookies that are sent to the browser before the consent banner even appears.

In a typical WooCommerce store, this means that detailed marketing attribution data is being collected via Sourcebuster cookies whether or not a visitor accepts analytics cookies. TayIT blocks those Sourcebuster scripts at the server level by default, so WooCommerce Order Attribution cannot set its cookies unless you explicitly choose to allow it in the plugin’s advanced settings.

If your cookie policy falsely claims to list “all cookies” but misses server‑side ones, that policy is factually incorrect — another compliance red flag.

The Real Solution: A Server‑Side Compliance Engine

The TayIT GDPR & Consent Plugin is built from the ground up as a privacy gatekeeper that runs at the server level, not just in the browser. Rather than relying on JavaScript hooks and front‑end tricks, TayIT moves the compliance logic to PHP, where it can actually enforce user choices before any data is sent.

How TayIT Works: True Prior Blocking

On page load, TayIT’s engine:

  • Intercepts known tracking scripts that set non‑essential cookies (Google Analytics, Facebook Pixel, Woo Order Attribution, etc.) at the PHP level — before they’re sent to the browser. In Strict Mode it can block all external scripts unless you whitelist them.
  • Prevents Google Analytics, Facebook Pixel, GTM, Sourcebuster (by default), and custom scripts from being rendered in the page source until the user consents or you explicitly allow them.
  • Replaces media embeds (YouTube, Google Maps, etc.) with placeholders that only load when the user clicks to accept.

That’s not “hiding” scripts. That’s actually preventing them from running at all until consent is given — which is what GDPR and LGPD expect.

Server‑Side Cookie Detection: No More Hidden Cookies

Unlike browser‑only scanners, TayIT uses a server‑side cookie scanner to detect:

  • PHP session cookies and other server‑set cookies.
  • Cookies from WordPress core, plugins, and themes.
  • Third‑party cookies that are injected before the page is fully built.

Because it runs at the server level, TayIT can build a more accurate, complete cookie list than any purely client‑side tool. This makes it possible to accurately describe your cookie usage in your policy, not just guess and hope.

Google Consent Mode v2, Not IAB TCF

For most business sites, the practical requirement is not the publisher‑focused IAB TCF framework, but Google’s modern Consent Mode v2.

TayIT supports Consent Mode v2 natively, so you can:

  • Ensure GA4, Google Ads, and GTM adjust their behaviour correctly when consent is denied.
  • Strip personal data from ad clicks when marketing cookies are denied (data redaction).
  • Pass ad click information via URL parameters instead of cookies when consent is denied (URL passthrough).
  • Push clear consent events into the GTM data layer to trigger or block tags.

This lets you respect user privacy while still maintaining valuable analytics and conversion insights, without the complexity and external dependencies of TCF.

Protecting More Than Just Visitors: Admin Shield

Privacy concerns don’t stop at the front‑end. Many WordPress plugins quietly install trackers in the admin dashboard that send data about your site, plugins, and usage to third‑party servers (e.g., stats.wp.com, pixel.wp.com).

TayIT includes a unique feature: Admin Shield. It:

  • Identifies and blocks specific backend trackers in the WordPress admin area, currently focusing on stats.wp.com and pixel.wp.com when they are injected without Jetpack.
  • Replaces the tracking script with a comment like <!-- TayIT GDPR: Blocked Admin Tracker (stats.wp.com) --> so you can verify it’s working.
  • Respects an explicit Jetpack installation by leaving its admin tracking intact on the assumption that you chose to enable those features.

Other consent plugins only protect visitors. TayIT protects your entire site, including your own workspace as an admin.

Real Proof of Compliance, Not Just a Cookie

Getting consent is only half the battle. GDPR, CCPA, and LGPD all require you to be able to prove that consent was obtained, recorded, and can be exported for audit.

Secure, Auditable Consent Logs

TayIT logs every consent event server‑side:

  • Each consent choice: accept, reject, category update.
  • Timestamp, IP address, and user agent.
  • Full consent state (which categories were granted or denied).

You can:

  • View recent logs directly in the WordPress dashboard.
  • Click “View Details” to see the full JSON data for each event.
  • Export the full log history as a CSV for legal or internal audit purposes.

This is audit‑level evidence, not just a browser cookie that can be deleted.

Handling Data Subject Requests (DSR) in WordPress

Privacy laws give users the right to access, export, and delete their personal data. TayIT makes this manageable with a built‑in DSR system:

  • Add a simple shortcode `[tayit_gdpr_request_form]` to create a DSR request page.
  • Visitors can submit data access or deletion requests and verify their email (double opt‑in).
  • Requests are then viewable in the admin panel, so you can process them within your normal workflow.

This turns a complex legal obligation into a simple, integrated process, not something you have to handle through email or external tools.

Accessibility, Flexibility, and Ownership

Compliance should never come at the cost of usability or control.

Accessibility (WCAG 2.1 AA)

The TayIT consent banner and preference center are designed to be:

  • Fully keyboard‑navigable, with proper focus management.
  • Screen‑reader friendly, with correct ARIA labels and landmarks.
  • Compliant with WCAG 2.1 AA, so you’re not creating an accessibility barrier while chasing privacy compliance.

Full Customisation

The plugin is built to match your brand and site design:

  • Choose layout: top, bottom, or floating box.
  • Customise colours, fonts, and button styles.
  • Adjust cookie expiry (default 365 days for accepted, 1 day for rejected).
  • Publish a live preview so you can see changes before going live.

Self‑Hosted, No SaaS, No External Dependencies

TayIT is 100% self‑hosted:

  • No external consent server or CMP API.
  • No data is sent to third‑party systems.
  • License is permanently bound to your domain for security and simplicity.
  • No monthly subscriptions or pageview limits.

You keep ownership, control, and all data on your own server.

Important Legal Note

TayIT is a technical tool that gives you the controls regulators expect:

  • Blocking non‑essential cookies and scripts before consent.
  • Server‑level scanning and accurate cookie lists.
  • Secure consent logging and audit trails.
  • DSR and admin privacy features.

However:

  • No plugin can guarantee legal compliance on its own.
  • GDPR, CCPA, and LGPD also require accurate privacy policies, cookie policies, contracts with data processors, and internal procedures.
  • TayIT is designed to be a strong technical foundation, but it should be used as part of a wider compliance programme and, where appropriate, with professional legal advice.

Looking for a WordPress‑Native Compliance Solution?

If you’re tired of “banner‑only” plugins that give you a pretty notice while hiding the real risks, the TayIT WordPress GDPR Cookie Plugin is built for you.

It’s not just a banner. It’s a self‑hosted, auditable privacy engine that:

  • Blocks key tracking scripts at the server level (so their cookies are never set), rather than just hiding them with CSS or JavaScript.
  • Scans for server‑side and plugin cookies that other tools miss.
  • Provides Google Consent Mode v2 support without the complexity of IAB TCF.
  • Includes Admin Shield and DSR portal so you can protect your own dashboard and handle user requests within WordPress.
  • Generates real, exportable audit logs so you can prove compliance in practice, not just in theory.

Try TayIT and build a WordPress site that’s genuinely compliant, not just pretending to be.

Call Us - 07462 497661    Check our Pricing and Comparison    Buy TayIT GDPR Plugin Now