=== Plain Cookie Consent ===
Contributors: ontario777
Tags: gdpr, cookie consent, consent mode, privacy, eprivacy
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 0.6.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Minimal clean-room GDPR/ePrivacy consent banner with Google Consent Mode v2, early inline replay, DSAR helper, and no upsells.

== Description ==

Plain Cookie Consent is a no-frills GDPR + ePrivacy consent banner for WordPress. It ships a single banner, Google Consent Mode v2 defaults, a server-side audit log with pseudonymised subject hashing, a DSAR lookup helper, and constant-gated Meta Pixel / Microsoft Clarity / LinkedIn Insight Tag helpers — all under GPL v2, with no upsells and no external telemetry.

The plugin is designed to support a GDPR/ePrivacy-compliant consent setup. Final compliance depends on the site owner's configuration and linked privacy policy.

= Core compliance features =

* Google Consent Mode v2 defaults injected at `wp_head` priority 1, before any tag manager or gtag snippet.
* Early inline consent replay with a revision gate — consent recorded before a policy revision bump is not replayed; the banner re-prompts instead.
* Server-side audit log (`wp_plain_consent_log`) with a privacy-preserving SHA-256 subject hash over a daily-rotating salt, and a 730-day default retention purge (filterable via constant).
* Consent revision system with a "Force re-consent for all users now" admin action and strict rollback if the audit insert fails.
* Two-step choice pattern: the first layer offers Accept All and Show Options; the preferences screen (one click away) offers equal-weight Accept All, Reject All, and Save Preferences buttons.
* Server-mirror consent cookie via a cache-safe `GET /mirror-nonce` endpoint (`Cache-Control: no-store`), so full-page caching does not break nonce validation.
* Geo targeting: the consent-required region set is the EEA (EU-27 plus Iceland, Liechtenstein, Norway) plus the United Kingdom. Detection uses the Cloudflare `CF-IPCountry` header when present, with a fail-safe default: if the country cannot be determined, the visitor is treated as in-scope.
* CSV/JSON streamed export of the consent log, plus a pre-uninstall evidence warning with one-click export.
* DSAR lookup admin tool: recompute a visitor's subject hash from IP + User-Agent and list matching consent-log entries (GDPR Art. 15 support).

= Integrations =

* Meta Pixel: define `PLAIN_COOKIE_CONSENT_FACEBOOK_PIXEL_ID` in `wp-config.php`.
* Microsoft Clarity: define `PLAIN_COOKIE_CONSENT_CLARITY_PROJECT_ID` in `wp-config.php`.
* LinkedIn Insight Tag: define `PLAIN_COOKIE_CONSENT_LINKEDIN_PARTNER_ID` in `wp-config.php`.
* Public `window.plainCookieConsent` JavaScript API (`getCategories`, `hasConsent`, `onChange`, `onGrant`, `onRevoke`) for site-specific vendors.
* Cookie cleanup on revoke with curated defaults for LinkedIn, TikTok, Hotjar, Clarity, Yandex Metrica, and Snapchat (`plain_cookie_consent_autoclear_cookies` filter).
* `localStorage` / `sessionStorage` cleanup on a real granted-to-revoked transition (`plain_cookie_consent_clear_storage_keys` filter).

= Accessibility =

* The banner and preferences modal are attested against WCAG 2.1 AA.
* axe-core smoke tests (`wcag2a`, `wcag2aa`, `wcag21aa` tags) run on every push and pull request via GitHub Actions.
* Site-level accessibility remains the operator's responsibility.

= Languages =

Translation catalogs ship for nine languages: English, German, Russian, Spanish, French, Italian, Dutch, Polish, and Portuguese. Banner language auto-resolution covers all nine shipped languages, including regional variants (for example de-AT or pt-BR), with any other locale falling back to English. Any shipped catalog can also be selected explicitly, and translators can override strings the standard WordPress gettext way.

= Not included =

* TCF v2.2 (programmatic publishers).
* Consent analytics dashboards beyond the read-only Consent Health widget.
* Multi-domain consent sync.
* Banner A/B testing.
* Script auto-blocking beyond Consent Mode and the documented vendor helpers.

== External services ==

This plugin has no telemetry and never sends data to its own or the author's servers. Consent records stay in your own WordPress database.

The plugin can optionally load three well-known third-party marketing/analytics tags **on your behalf**. Each one is OFF by default and only ever loads when BOTH of the following are true:

1. You explicitly enable it by defining the matching constant in `wp-config.php`, and
2. The visitor grants the relevant consent category in the banner.

If you do not define these constants, the plugin makes no third-party requests at all. Once enabled, the tag still loads only after the visitor grants the relevant consent category in the banner.

= Meta (Facebook) Pixel =

Optional advertising measurement. Enabled by defining `PLAIN_COOKIE_CONSENT_FACEBOOK_PIXEL_ID`. When a visitor grants **advertising** consent, the plugin loads `https://connect.facebook.net/en_US/fbevents.js` and initialises the Pixel with your Pixel ID. From then on, on each page view, Meta receives standard Pixel data: your Pixel ID, the page URL and referrer, the visitor's IP address and browser/user-agent, and a PageView event. Nothing is sent before advertising consent.
Provider: Meta Platforms, Inc. Privacy Policy: https://www.facebook.com/privacy/policy/ — Business Tools Terms: https://www.facebook.com/legal/terms/businesstools

= Microsoft Clarity =

Optional session analytics (heatmaps and session insights). Enabled by defining `PLAIN_COOKIE_CONSENT_CLARITY_PROJECT_ID`. When a visitor grants **analytics** consent, the plugin loads `https://www.clarity.ms/tag/<your-project-id>`. From then on, on each page view, Microsoft receives Clarity analytics data: your project ID, the page URL, the visitor's IP address and browser/user-agent, and interaction events such as clicks and scrolls. Nothing is sent before analytics consent.
Provider: Microsoft Corporation. Privacy Statement: https://www.microsoft.com/privacy/privacystatement — Clarity Terms of Service: https://clarity.microsoft.com/terms

= LinkedIn Insight Tag =

Optional advertising measurement on LinkedIn. Enabled by defining `PLAIN_COOKIE_CONSENT_LINKEDIN_PARTNER_ID`. When a visitor grants **advertising** consent, the plugin loads `https://snap.licdn.com/li.lms-analytics/insight.min.js` with your Partner ID. From then on, on each page view, LinkedIn receives Insight Tag data: your Partner ID, the page URL, and the visitor's IP address and browser/user-agent. Nothing is sent before advertising consent.
Provider: LinkedIn Corporation. Privacy Policy: https://www.linkedin.com/legal/privacy-policy — LinkedIn Ads Agreement: https://www.linkedin.com/legal/ads-agreement

== Disclaimer ==

This plugin is provided "as is", free of charge, for evaluation and use at
the site operator's own discretion and risk.

* The site operator alone chooses which plugins to install and run on their
  site, and bears full responsibility for that choice and its consequences.
* The plugin is offered for informational and evaluation purposes. The
  authors make no guarantees and no promises of any kind — including
  correctness, completeness, fitness for a particular purpose, or
  uninterrupted operation.
* Software may contain errors. Any errors, malfunctions, data loss, or
  legal consequences arising from the use of this plugin are the sole
  responsibility of the site operator.
* Nothing in this plugin or its documentation constitutes legal advice.
  The plugin is designed to support a GDPR/ePrivacy-oriented consent setup,
  but it does not and cannot guarantee legal compliance of any specific
  site — final compliance always depends on the operator's configuration,
  vendors, and policies.
* The warranty disclaimer and limitation of liability are governed by
  sections 11 and 12 of the GNU GPL v2 license that ships with this plugin.

== Installation ==

1. Upload the `plain-cookie-consent` folder to `/wp-content/plugins/`.
2. Activate the plugin via the Plugins menu.
3. Visit Settings → Plain Cookie Consent to configure the Privacy Policy URL, policy version, and optional data-controller name.
4. For Meta Pixel / Microsoft Clarity / LinkedIn Insight: define the relevant constant in `wp-config.php`.

== Frequently Asked Questions ==

= Is reCAPTCHA covered? =

The plugin does not auto-gate reCAPTCHA, because its legal basis is context-dependent: on contact forms it generally requires consent, while as payment anti-fraud it may be consent-exempt. The Diagnostics "reCAPTCHA / security CAPTCHA" probe flags its presence so you can decide. The bundled docs/INTEGRATION.md documents gating patterns.

= Is Switzerland covered? =

No. Switzerland (CH) is deliberately excluded from the consent-required region set. The Swiss revFADP has no prior-consent rule for cookies equivalent to ePrivacy Art. 5(3), so Swiss traffic falls under the rest-of-world (granted-by-default) branch. The in-scope set is the EEA (EU-27 + Iceland, Liechtenstein, Norway) plus the United Kingdom.

= Does the plugin collect any data itself? =

No. There is no external telemetry. Consent records stay in your own WordPress database, with the subject identifier stored only as a salted SHA-256 hash.

== Screenshots ==

1. Consent banner — first layer.
2. Cookie preferences modal — equal-weight Accept / Reject.
3. Settings page — Privacy Policy URL, consent revision, policy version, controller name.
4. Diagnostics panel — checks including policy-version drift, Google Fonts, and reCAPTCHA presence.
5. Consent Health dashboard widget.

== Changelog ==

= 0.6.3 =
* Fixed: DSAR lookups now reliably match visitors whose User-Agent contains escaped characters or stray whitespace — the recording and lookup paths now canonicalise the User-Agent identically. Hashes for ordinary User-Agents are unchanged.
* Performance: the Consent Health dashboard widget caches its 7-day counts for a few minutes instead of querying the audit log on every admin page load.
* Internal hardening and cleanup (input unslashing, prefixed uninstall globals).

= 0.6.2 =
* Banner language now auto-resolves across all nine shipped locales, including regional variants (for example de-AT or pt-BR), with English fallback.
* Localized the optional data-controller banner label.
* Documented the optional Meta Pixel / Microsoft Clarity / LinkedIn Insight Tag integrations under a new "External services" section.
* Housekeeping: admin notice/menu scripts and styles are now enqueued; the Consent Mode defaults use the standard inline-script API; removed a redundant translation-loading call.

= 0.6.1 =
* Added an explicit Disclaimer section (no warranties, operator responsibility, not legal advice).

= 0.6.0 =
* localStorage / sessionStorage cleanup on consent revoke (transition-only, filterable allowlist).
* DSAR lookup admin tool (GDPR Art. 15 support).
* Microsoft Clarity helper (constant-gated, analytics consent).
* LinkedIn Insight Tag helper (constant-gated, advertising consent).
* New Diagnostics probes: reCAPTCHA presence, Google Fonts remote loading, policy-version drift.
* Optional data-controller identity line in the banner.
* gettext i18n migration with shipped catalogs for 9 languages (en, de, ru, es, fr, it, nl, pl, pt).
* Optional floating "Cookie Settings" reopen icon (off by default).
* Consent Health dashboard widget (read-only, local data only).
* WCAG 2.1 AA attestation backed by axe-core CI smoke tests.
* Core namespace extraction (`ConsentLog`, `ConsentMirror`) with documented public hooks and backwards-compatible class aliases.
* New INTEGRATION.md covering WooCommerce, Stripe, reCAPTCHA, AMP, and page-cache rules.

= 0.5.2 =
* Raised the minimum supported PHP to 8.0.
* Documentation clarifications (compliance posture, Switzerland geo stance).

= 0.5.1 =
* Documentation hotfix after the 0.5.0 release audit.

= 0.5.0 =
* Public `window.plainCookieConsent` JavaScript API.
* Expanded cookie auto-clear filter for LinkedIn / TikTok / Hotjar / Clarity / Yandex Metrica / Snapchat.
* CSV/JSON audit-log export and pre-uninstall evidence warning.
* Optional YouTube `youtube-nocookie.com` oEmbed rewrite.
* Rate limit on the `/mirror` REST endpoint.

= 0.4.0 =
* Server-mirror consent cookie, audit log, revision system, and policy version.
* Cache-safe `/mirror-nonce` endpoint.
* Versioned boot-time migrator and multisite-correct activation/deactivation.
* Early-replay revision gate.

== Upgrade Notice ==

= 0.6.3 =
Bugfix + performance update. No breaking changes; stored consent hashes for ordinary User-Agents are unchanged.

= 0.6.2 =
Maintenance and documentation update. No breaking changes.

= 0.6.0 =
New features only — no breaking changes. `ConsentLog` / `ConsentMirror` moved to the Core namespace with backwards-compatible aliases kept; migrate custom extensions to the `Core\` namespace at your convenience.
