=== Cookie Rocket - Cookie Consent & Privacy Compliance ===
Contributors: templatesrocketwp
Tags: cookies, gdpr, lgpd, consent, privacy
Requires at least: 5.9
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.3.0
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Cookie consent banner with native compliance for LFPDPPP (Mexico), LGPD (Brazil) and GDPR. Zero external dependencies. Lightweight and fast.

== Description ==

**Cookie Rocket** is a cookie consent plugin built from the ground up for Latin American privacy laws, with full GDPR compatibility.

* Automatic script blocking: common third-party trackers (Google Analytics, Meta Pixel, Hotjar, Microsoft Clarity, LinkedIn, TikTok and more) are blocked until consent, with Google Consent Mode v2 built in.
* Built-in cookie scanner: detect on demand which known tracking services are present on your site and the cookies they set.
* Zero external scripts and zero CDN dependencies — everything is served from your own site.
* Native compliance for LFPDPPP (Mexico) and LGPD (Brazil).
* GDPR compatible out of the box.
* 100% local — no consent data is sent to third-party servers.
* WooCommerce aware: respects shop pages and checkout.
* Fully customizable colors, fonts sizes, copy and banner position.
* WCAG 2.1 AA accessible: keyboard navigation, focus states, ARIA labels.
* Multisite compatible.
* Five banner layouts: bottom bar, top bar, floating card, modal and drawer.

= Shortcodes =

* `[cookie-rocket-preferences]` — renders a button that re-opens the cookie preferences modal.
* `[cookie-rocket-withdraw]` — renders a link that withdraws consent and clears stored preferences.

= Cookie Rocket Pro =

A commercial Pro version with automatic geo-routing, cookie scanner, full audit log, REST API and Google Tag Manager integration is available at [templatesrocket.com](https://templatesrocket.com/cookie-rocket-pro). The free version published here is fully functional and does not require the Pro plugin to work.

== Installation ==

1. Upload the `cookie-rocket` folder to the `/wp-content/plugins/` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Go to **Cookie Rocket** in the admin menu to configure the banner copy, colors and behavior.
4. Optionally, place the `[cookie-rocket-preferences]` shortcode in your privacy policy page to let visitors update their choices at any time.

== Frequently Asked Questions ==

= Does this plugin send any data to external services? =

No. Cookie Rocket stores consent entirely in the visitor's browser (cookie + localStorage) and logs events to your own WordPress database. No third-party requests are made.

= Is it compatible with caching plugins? =

Yes. The banner state is read from a first-party cookie, so caching (page cache, object cache, CDN) does not interfere with consent storage or display.

= Does it block third-party scripts automatically? =

Yes. The free version automatically blocks the most common third-party tracking scripts — Google Analytics, Meta (Facebook) Pixel, Hotjar, Microsoft Clarity, LinkedIn, TikTok, Google Ads and more — until the visitor accepts the matching cookie category, and it ships Google Consent Mode v2 (default denied) out of the box. Enqueued scripts are blocked by default; an optional setting also blocks scripts pasted directly into your theme or header. Cookie Rocket Pro adds a scanner that discovers and auto-categorizes *any* script or cookie on your site — including ones not in the built-in list — plus unlimited custom rules.

= Is it translation-ready? =

Yes. The text domain is `cookie-rocket` and a complete `.pot` file is included under `/languages/`. All banner and modal strings are wrapped for translation. WordPress automatically loads translations for plugins hosted on WordPress.org, and you can also translate the banner yourself with Loco Translate or Poedit, or via WPML/Polylang. The default strings are in Spanish.

= Does it work on WordPress Multisite? =

Yes. Each site stores its own settings. Activate per-site or network-activate from the network admin.

== Screenshots ==

1. Banner displayed at the bottom of the page on first visit.
2. Preferences modal with toggles per cookie category.
3. Plugin settings screen with banner variant, copy and consent duration.
4. Banner design screen with color picker, border radius and dark mode controls.

== Changelog ==

= 1.3.0 =
* New: full translation readiness. All banner and modal strings are now wrapped for translation and a complete .pot file is shipped under /languages/. WordPress auto-loads translations for plugins hosted here; you can also translate the banner with Loco Translate or Poedit, or via WPML/Polylang.

= 1.2.0 =
* New: built-in Cookie Scanner (Cookie Rocket &rarr; Scanner). Scan your site on demand to discover which known third-party tracking services are present, with their category and the cookies they set, and confirm what Cookie Rocket is blocking. Cookie Rocket Pro adds scheduled scans and detection of cookies that are not in the built-in list.

= 1.1.2 =
* Fix: the default cookie categories and settings are now created automatically if they are missing (for example when the plugin files were copied in without running activation). Such installs previously showed an empty preferences modal and could block scripts that "Accept all" was unable to re-enable.

= 1.1.1 =
* Fix: "Accept all" and the preferences modal now correctly grant the chosen cookie categories. A long-standing bug read the category list incorrectly, so accepting analytics/marketing did not actually enable those scripts. In 1.1.0 this prevented blocked scripts from being re-activated after consent; they now re-activate as expected.

= 1.1.0 =
* New: automatic script blocking. Cookie Rocket now neutralizes the most common third-party tracking scripts (Google Analytics, Meta Pixel, Hotjar, Microsoft Clarity, LinkedIn, TikTok, Google Ads, Pinterest, X) until the visitor accepts the matching category, then re-activates them in the browser. The banner now genuinely blocks cookies instead of only recording a choice.
* New: Google Consent Mode v2 is now built into the free version — a default "denied" state is emitted in the page head before any Google tag loads, and updated when the visitor consents.
* New: optional raw-HTML blocking (Settings &rarr; Script Blocking) also neutralizes tracking scripts pasted directly into the theme or header, not only enqueued ones. Off by default.
* New: best-effort cookie cleanup removes known analytics and marketing cookies when consent is rejected or withdrawn.
* New: "Script Blocking" settings section with toggles for Consent Mode, enqueued-script blocking and raw-HTML blocking.

= 1.0.5 =
* Fix: banner title, body and button labels set on the Settings screen are now applied on the front-end. Previously the customized copy was saved but ignored, so the banner always showed the built-in defaults.
* Fix: the "Consent Duration (days)" setting is now honored. Previously consent always expired at the 365-day default regardless of the configured value.
* Fix: the consent audit log records events again. A parameter-name mismatch between the front-end script and the AJAX handler prevented consent actions from being written to the log.
* Fix: corrected the cookie name referenced in the FAQ for manual script gating (the first-party consent cookie is `cookroco_consent`).

= 1.0.4 =
* Changed: the post-consent floating preferences button now defaults to OFF (was ON in 1.0.3) for a cleaner out-of-the-box experience. Visitors can still re-open preferences via the `[cookie-rocket-preferences]` shortcode placed wherever you want (footer, menu, etc.). Existing installations that had it enabled keep it enabled.
* Added: the Pro features panel now lists "Customizable floating button" — Cookie Rocket Pro adds position (left/right/center), color, icon and label customization for the floating button.

= 1.0.3 =
* Fix: the preferences modal close button (X) and Escape key now work correctly after the visitor has already consented. Previously, event handlers were only bound while the banner was visible, so re-opening the modal via the floating button left the X non-functional.
* Fix: the modal title typography is now forced to a clean sans-serif system stack and no longer inherits the theme's heading font (some themes were applying script/serif fonts to the modal headline).
* New setting: "Show Floating Button" (Settings page) lets administrators hide the bottom-left circular button that appears after consent. Defaults to ON for backwards compatibility.

= 1.0.2 =
* Added a Pro features showcase panel at the bottom of the Settings page so users can discover what is included in Cookie Rocket Pro (geo-detection, cookie scanner, Google Consent Mode v2, WooCommerce mode, audit log + CSV export). No popups, no admin notices, single discreet CTA — fully compliant with WordPress.org plugin guidelines.

= 1.0.1 =
* Visual refresh: preferences modal now uses the Templates Rocket brand palette (lime green #80e040 + near-black #0a0f1a) for visual consistency with the brand. No functional changes.

= 1.0.0 =
* Initial release on WordPress.org.

== Upgrade Notice ==

= 1.3.0 =
Translation readiness: the banner and modal strings are now fully translatable and a complete .pot is included. No visible change by default; translate via Loco Translate, WPML/Polylang or translate.wordpress.org.

= 1.2.0 =
New Cookie Scanner under Cookie Rocket &rarr; Scanner: detects known tracking services on your site on demand and shows what is being blocked. Safe update; no change to the banner or blocking behavior.

= 1.1.2 =
Robustness fix: default categories and settings now self-heal if missing, so the preferences modal and "Accept all" work even on installs where activation never ran. Recommended.

= 1.1.1 =
Important fix for 1.1.0: "Accept all" and the preferences modal now correctly enable the chosen categories, so scripts blocked before consent are re-activated when the visitor accepts. Recommended for everyone on 1.1.0.

= 1.1.0 =
Major update: Cookie Rocket now actually blocks common tracking scripts (Google Analytics, Meta Pixel, Hotjar and more) until consent, with Google Consent Mode v2 built in. Review Settings &rarr; Script Blocking after updating, especially if you use a caching plugin.

= 1.0.5 =
Correctness fixes: custom banner copy and consent duration set in Settings are now actually applied, and the consent audit log records events again. Recommended update; the banner looks the same by default.

= 1.0.4 =
Post-consent floating button now defaults to OFF for a cleaner site. Installs that explicitly enabled it keep it enabled; re-enable any time in Settings. The [cookie-rocket-preferences] shortcode is always available as alternative.

= 1.0.3 =
Important fix: the preferences modal can now be closed (X button) after consent, the title typography no longer inherits the theme's heading font, and the floating button can be hidden via a new setting. Recommended update.

= 1.0.2 =
Adds a Pro features showcase panel at the bottom of the Settings page. Safe to update — no functional changes to the cookie banner itself.

= 1.0.1 =
Visual refresh only. Brand-aligned colors in the preferences modal. Safe to update.

= 1.0.0 =
First public release.
