API Version

Wordpress plugin

Overview

The Signatu Wordpress plugin allows you to integrate the Cookie Banner in Wordpress.

Install

Download the plugin from:

https://cdn.signatu.com/plugin-wordpress/0.213.0/signatu.zip

The plugin is self contained. Install the plugin like this:

Download the latest version of the link above.
Go to your Wordpress site admin page.
Click Plugins->Add New->Upload Plugin.
Upload the plugin your downloaded from Signatu.
Activate the plugin.
Configure the plugin settings in Settings->Signatu.

Configuring the plugin

Access Token - a valid Signatu API access token. The token must have consentand dataprocessing:read permissions (this is default when creating the Cookie Banner). You can find the API Access Token at Access Tokens.
Banner Type - choose the banner type. The Cookie Button will show an action icon on every page, while the Cookie Banner will show default when the user has not taken any action.
Language - the language to display in the banner. Note that if you’re using custom texts, you need to ensure that your banner Data Processing Group has texts in the chosen language.
Data Processing Group ID - the ID of the Data Processing Group. You can copy it in your account at Account.
Privacy Policy URL - the URL of your Privacy Policy.
Banner Variant - the design and layout variant of the banner.
Banner Position - the position of the banner dialog.
Block By Default - block 3rd parties server side by default. The scripts can be re-enabled client side.

If you’re using the Cookie Button, the user can open the banner by clicking the button. In most cases no additional integration is needed.

Should you need more fine grained control of the banner, you can send messages to the DOM window. Refer to Signatu documentation for controlling the banner state.

Events

If you want to respond to events from the Cookie Banner, review the SDK documentation.

Script Blocking

The Wordpress plugin deploys both server-side and client side strategies to block scripts.

Server side blocking

Signatu adds a filter (using add_filter) to the script_loader_tag action. If a script is external to the Wordpress site domain, and Block By Default is enabled, the script src tag is removed and replaced by a data-src tag. The script will be re-enabled client side if Signatu determines the script is allowed to run.

Client side blocking

The Wordpress plugin automatically deploys the Script Blocker for client side blocking. The Blocker will also unblock scripts that have been blocked server side when the user’s consent setting allows the 3rd party to run.

Some Wordpress plugins do not use script_loader_tag Wordpress action to load scripts, but rather manipulate the HTML directly. These plugins will be able to inject scripts into the HTML that will be enabled by default. The Signatu client side blocker may deactivate these scripts, but there’s no guarantee they have not sent data to a 3rd party in the meantime.

Security

Content Security Policy (CSP)

The Wordpress plugin will embed an IFrame running the Signatu Cookie Banner. The banner will make calls to api.signatu.com. If you are using a Content Security Policy (CSP) on your site you need to ensure that connect-src allows the plugin to make calls to api.signatu.com, e.g.,:

Content-Security-Policy: connect-src 'self' api.signatu.com;

More information about CSP is available at MDN.