=== Cookie Rocket - Cookie Consent & Privacy Compliance ===
Contributors: templatesrocketwp
Tags: gdpr, cookie consent, cookie banner, consent mode, lgpd
Requires at least: 5.9
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.9.0
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

GDPR cookie consent that actually blocks tracking scripts until consent, with Google Consent Mode v2 and a cookie scanner. LGPD & LFPDPPP ready.

== Description ==

**Cookie Rocket** is a lightweight cookie consent plugin that actually **blocks** third-party tracking scripts until your visitors consent — not just a banner on top. Automatic blocking of Google Analytics, Meta Pixel, Hotjar and more, plus **Google Consent Mode v2**, a cookie scanner and a consent log, are all included in the free version. Native compliance for GDPR, LGPD (Brazil) and LFPDPPP (Mexico).

* Automatic script blocking: common third-party trackers (Google Analytics, Meta Pixel, Hotjar, Microsoft Clarity, LinkedIn, TikTok and more) are blocked until consent, with Google Consent Mode v2 built in.
* Built-in cookie scanner: detect on demand which known tracking services are present on your site and the cookies they set.
* Consent audit log with an admin viewer: every consent decision is recorded and browsable for compliance.
* Editable cookie categories: rename, re-describe and reorder the categories shown on the banner.
* Live banner preview in the admin so you can see your configured banner without leaving the dashboard.
* Zero external scripts and zero CDN dependencies — everything is served from your own site.
* Native compliance for LFPDPPP (Mexico) and LGPD (Brazil).
* GDPR compatible out of the box.
* 100% local — no consent data is sent to third-party servers.
* WooCommerce aware: respects shop pages and checkout.
* Fully customizable colors, fonts sizes, copy and banner position.
* WCAG 2.1 AA accessible: keyboard navigation, focus states, ARIA labels.
* Multisite compatible.
* Five banner layouts: bottom bar, top bar, floating card, modal and drawer.

= Shortcodes =

* `[cookie-rocket-preferences]` — renders a button that re-opens the cookie preferences modal.
* `[cookie-rocket-withdraw]` — renders a link that withdraws consent and clears stored preferences.

= Cookie Rocket Pro =

A commercial Pro version with automatic geo-routing, cookie scanner, full audit log, REST API and Google Tag Manager integration is available at [templatesrocket.com](https://templatesrocket.com/cookie-rocket-pro). The free version published here is fully functional and does not require the Pro plugin to work.

== Installation ==

1. Upload the `cookie-rocket` folder to the `/wp-content/plugins/` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Go to **Cookie Rocket** in the admin menu to configure the banner copy, colors and behavior.
4. Optionally, place the `[cookie-rocket-preferences]` shortcode in your privacy policy page to let visitors update their choices at any time.

== Frequently Asked Questions ==

= Does this plugin send any data to external services? =

No. Cookie Rocket stores consent entirely in the visitor's browser (cookie + localStorage) and logs events to your own WordPress database. No third-party requests are made.

= Is it compatible with caching plugins? =

Yes. The banner state is read from a first-party cookie, so caching (page cache, object cache, CDN) does not interfere with consent storage or display.

= Does it block third-party scripts automatically? =

Yes. The free version automatically blocks the most common third-party tracking scripts — Google Analytics, Meta (Facebook) Pixel, Hotjar, Microsoft Clarity, LinkedIn, TikTok, Google Ads and more — until the visitor accepts the matching cookie category, and it ships Google Consent Mode v2 (default denied) out of the box. Enqueued scripts are blocked by default; an optional setting also blocks scripts pasted directly into your theme or header. Cookie Rocket Pro adds a scanner that discovers and auto-categorizes *any* script or cookie on your site — including ones not in the built-in list — plus unlimited custom rules.

= Is it translation-ready? =

Yes. The text domain is `cookie-rocket` and a complete `.pot` file is included under `/languages/`. All banner and modal strings are wrapped for translation. WordPress automatically loads translations for plugins hosted on WordPress.org, and you can also translate the banner yourself with Loco Translate or Poedit, or via WPML/Polylang. The default strings are in Spanish.

= Does it work on WordPress Multisite? =

Yes. Each site stores its own settings. Activate per-site or network-activate from the network admin.

== Screenshots ==

1. Banner displayed at the bottom of the page on first visit.
2. Preferences modal with toggles per cookie category.
3. Plugin settings screen with banner variant, copy and consent duration.
4. Banner design screen with color picker, border radius and dark mode controls.

== Changelog ==

= 1.9.0 =
* New: full internationalization. English is now the source language with a complete Spanish (es_ES) translation bundled, so the plugin shows in English by default and automatically in Spanish on Spanish-language sites (all es_* locales). A complete .pot is included for further translations.
* Existing sites keep their saved banner copy and categories; only the untranslated built-in defaults are affected.

= 1.8.2 =
* Documentation: clearer description, short description and search tags that lead with what makes Cookie Rocket different — real script blocking and Google Consent Mode v2 in the free version. No code changes.

= 1.8.1 =
* Housekeeping: removed an unused legacy stylesheet (public/css/cookie-rocket.css) that was never enqueued. No functional or visual change — all banner styling is delivered inline.

= 1.8.0 =
* New: the "Drawer" banner layout is now a real right-side slide-in panel (previously it was an alias of the floating card). The other layouts — bottom bar, top bar, modal and floating card — are unchanged.

= 1.7.0 =
* New: live banner preview on the Banner Design screen. An embedded preview shows your banner with your saved colors, copy and layout without leaving the admin. It uses a preview-only flag; the banner behavior for visitors is unchanged.

= 1.6.0 =
* New: Cookie Categories editor (Cookie Rocket &rarr; Categorías). Customize the name, description and order of the cookie categories shown on the banner. Cookie Rocket Pro adds creating custom categories and mapping specific scripts/cookies to them.

= 1.5.0 =
* New: the admin interface is now fully translatable. All settings, scanner, consent-log and Pro-panel strings are wrapped for translation and included in the .pot. No visible change; the default language is unchanged.

= 1.4.0 =
* New: Consent Log viewer (Cookie Rocket &rarr; Consent Log). A read-only, paginated table of recorded consent events (date, action, accepted categories, policy version, anonymized visitor hash) plus totals, so you can demonstrate compliance. Cookie Rocket Pro adds CSV export and date/action/country filtering.

= 1.3.0 =
* New: full translation readiness. All banner and modal strings are now wrapped for translation and a complete .pot file is shipped under /languages/. WordPress auto-loads translations for plugins hosted here; you can also translate the banner with Loco Translate or Poedit, or via WPML/Polylang.

= 1.2.0 =
* New: built-in Cookie Scanner (Cookie Rocket &rarr; Scanner). Scan your site on demand to discover which known third-party tracking services are present, with their category and the cookies they set, and confirm what Cookie Rocket is blocking. Cookie Rocket Pro adds scheduled scans and detection of cookies that are not in the built-in list.

= 1.1.2 =
* Fix: the default cookie categories and settings are now created automatically if they are missing (for example when the plugin files were copied in without running activation). Such installs previously showed an empty preferences modal and could block scripts that "Accept all" was unable to re-enable.

= 1.1.1 =
* Fix: "Accept all" and the preferences modal now correctly grant the chosen cookie categories. A long-standing bug read the category list incorrectly, so accepting analytics/marketing did not actually enable those scripts. In 1.1.0 this prevented blocked scripts from being re-activated after consent; they now re-activate as expected.

= 1.1.0 =
* New: automatic script blocking. Cookie Rocket now neutralizes the most common third-party tracking scripts (Google Analytics, Meta Pixel, Hotjar, Microsoft Clarity, LinkedIn, TikTok, Google Ads, Pinterest, X) until the visitor accepts the matching category, then re-activates them in the browser. The banner now genuinely blocks cookies instead of only recording a choice.
* New: Google Consent Mode v2 is now built into the free version — a default "denied" state is emitted in the page head before any Google tag loads, and updated when the visitor consents.
* New: optional raw-HTML blocking (Settings &rarr; Script Blocking) also neutralizes tracking scripts pasted directly into the theme or header, not only enqueued ones. Off by default.
* New: best-effort cookie cleanup removes known analytics and marketing cookies when consent is rejected or withdrawn.
* New: "Script Blocking" settings section with toggles for Consent Mode, enqueued-script blocking and raw-HTML blocking.

= 1.0.5 =
* Fix: banner title, body and button labels set on the Settings screen are now applied on the front-end. Previously the customized copy was saved but ignored, so the banner always showed the built-in defaults.
* Fix: the "Consent Duration (days)" setting is now honored. Previously consent always expired at the 365-day default regardless of the configured value.
* Fix: the consent audit log records events again. A parameter-name mismatch between the front-end script and the AJAX handler prevented consent actions from being written to the log.
* Fix: corrected the cookie name referenced in the FAQ for manual script gating (the first-party consent cookie is `cookroco_consent`).

= 1.0.4 =
* Changed: the post-consent floating preferences button now defaults to OFF (was ON in 1.0.3) for a cleaner out-of-the-box experience. Visitors can still re-open preferences via the `[cookie-rocket-preferences]` shortcode placed wherever you want (footer, menu, etc.). Existing installations that had it enabled keep it enabled.
* Added: the Pro features panel now lists "Customizable floating button" — Cookie Rocket Pro adds position (left/right/center), color, icon and label customization for the floating button.

= 1.0.3 =
* Fix: the preferences modal close button (X) and Escape key now work correctly after the visitor has already consented. Previously, event handlers were only bound while the banner was visible, so re-opening the modal via the floating button left the X non-functional.
* Fix: the modal title typography is now forced to a clean sans-serif system stack and no longer inherits the theme's heading font (some themes were applying script/serif fonts to the modal headline).
* New setting: "Show Floating Button" (Settings page) lets administrators hide the bottom-left circular button that appears after consent. Defaults to ON for backwards compatibility.

= 1.0.2 =
* Added a Pro features showcase panel at the bottom of the Settings page so users can discover what is included in Cookie Rocket Pro (geo-detection, cookie scanner, Google Consent Mode v2, WooCommerce mode, audit log + CSV export). No popups, no admin notices, single discreet CTA — fully compliant with WordPress.org plugin guidelines.

= 1.0.1 =
* Visual refresh: preferences modal now uses the Templates Rocket brand palette (lime green #80e040 + near-black #0a0f1a) for visual consistency with the brand. No functional changes.

= 1.0.0 =
* Initial release on WordPress.org.

== Upgrade Notice ==

= 1.9.0 =
Internationalization: English is now the default language, with a bundled Spanish translation auto-applied on Spanish sites (all es_* locales). Your saved banner copy and categories are unchanged.

= 1.8.2 =
Documentation and listing copy only — no code changes.

= 1.8.1 =
Housekeeping only: removes an unused legacy stylesheet that was never loaded. No change to the banner.

= 1.8.0 =
The "Drawer" banner layout is now a distinct right-side panel (it previously matched the floating card). Only affects sites using the Drawer layout; other layouts are unchanged.

= 1.7.0 =
Adds a live banner preview on the Banner Design screen. Safe update; no change to the banner shown to visitors.

= 1.6.0 =
New Categories editor lets you rename, re-describe and reorder the cookie categories shown on the banner. Safe update; existing categories are unchanged until you edit them.

= 1.5.0 =
The admin screens are now fully translatable. No visible change; safe update.

= 1.4.0 =
New Consent Log viewer under Cookie Rocket &rarr; Consent Log shows recorded consents for compliance. Safe update; read-only, no change to the banner.

= 1.3.0 =
Translation readiness: the banner and modal strings are now fully translatable and a complete .pot is included. No visible change by default; translate via Loco Translate, WPML/Polylang or translate.wordpress.org.

= 1.2.0 =
New Cookie Scanner under Cookie Rocket &rarr; Scanner: detects known tracking services on your site on demand and shows what is being blocked. Safe update; no change to the banner or blocking behavior.

= 1.1.2 =
Robustness fix: default categories and settings now self-heal if missing, so the preferences modal and "Accept all" work even on installs where activation never ran. Recommended.

= 1.1.1 =
Important fix for 1.1.0: "Accept all" and the preferences modal now correctly enable the chosen categories, so scripts blocked before consent are re-activated when the visitor accepts. Recommended for everyone on 1.1.0.

= 1.1.0 =
Major update: Cookie Rocket now actually blocks common tracking scripts (Google Analytics, Meta Pixel, Hotjar and more) until consent, with Google Consent Mode v2 built in. Review Settings &rarr; Script Blocking after updating, especially if you use a caching plugin.

= 1.0.5 =
Correctness fixes: custom banner copy and consent duration set in Settings are now actually applied, and the consent audit log records events again. Recommended update; the banner looks the same by default.

= 1.0.4 =
Post-consent floating button now defaults to OFF for a cleaner site. Installs that explicitly enabled it keep it enabled; re-enable any time in Settings. The [cookie-rocket-preferences] shortcode is always available as alternative.

= 1.0.3 =
Important fix: the preferences modal can now be closed (X button) after consent, the title typography no longer inherits the theme's heading font, and the floating button can be hidden via a new setting. Recommended update.

= 1.0.2 =
Adds a Pro features showcase panel at the bottom of the Settings page. Safe to update — no functional changes to the cookie banner itself.

= 1.0.1 =
Visual refresh only. Brand-aligned colors in the preferences modal. Safe to update.

= 1.0.0 =
First public release.
