What the WP Consent API Actually Does
WordPress has thousands of plugins that set cookies or track visitors. Contact forms load reCAPTCHA. Analytics plugins drop tracking scripts. Marketing tools fire conversion pixels. Each of these plugins needs to know whether a visitor has given consent, but until the WP Consent API, there was no standard way for them to ask.
The WP Consent API is a WordPress plugin that creates a shared interface for reading and writing consent state. It does not collect consent itself. Instead, it acts as a bridge: a consent management platform (such as Kukie.io) writes the visitor's choices to the API, and other plugins read from it to decide whether they should load cookies or tracking scripts.
Originally developed by Rogier Lankhorst and contributors, the project now lives under the official WordPress GitHub organisation. With over 200,000 active installations and a published proposal for adoption into WordPress core, the API is becoming the standard consent layer for the platform.
The Problem: Plugins That Cannot Hear Each Other
Without a shared consent API, every plugin handles consent independently. Your cookie banner might correctly block marketing scripts until a visitor opts in, but a form plugin on the same page has no idea that happened. It loads its own third-party scripts regardless.
This creates two problems. First, your site leaks cookies that should have been blocked, putting you at risk of breaching Article 5(3) of the ePrivacy Directive. Second, you have no reliable way to audit whether all plugins on your site actually respect consent choices.
The WP Consent API solves this by giving every plugin the same two functions: wp_set_consent() to write consent state, and wp_has_consent() to read it. A CMP writes. Other plugins read. Everyone agrees on what the visitor chose.
How Kukie.io Integrates with the WP Consent API
The Kukie.io WordPress plugin now detects when the WP Consent API plugin is active and registers itself as the consent manager automatically. There is nothing to configure. Install both plugins, and the integration activates on its own.
Three things happen behind the scenes:
Kukie registers as the active CMP and sets the consent type to
optin, matching the strict consent model required by GDPR and the ePrivacy Directive.A JavaScript bridge listens for consent changes. When a visitor interacts with the Kukie banner, the bridge catches the
cc:consent-updatedevent and callswp_set_consent()for each relevant category.Consent categories are mapped from Kukie's model to the WP Consent API's five-category system, so every plugin reading from the API gets an accurate picture of what the visitor allowed.
Category Mapping
Kukie.io uses four cookie categories. The WP Consent API uses five. The integration maps between them as follows:
| Kukie.io Category | WP Consent API Category | What It Covers |
|---|---|---|
| Necessary | functional | Session cookies, CSRF tokens, load balancers |
| Functional | functional + preferences | Language settings, UI preferences, saved choices |
| Analytics | statistics + statistics-anonymous | Page views, scroll depth, anonymised usage data |
| Marketing | marketing | Ad pixels, retargeting scripts, conversion tracking |
The statistics-anonymous category is set alongside statistics when a visitor accepts analytics cookies. This allows plugins that offer a privacy-friendly analytics mode (first-party only, no cross-site tracking) to activate even when full analytics tracking is permitted.
Real-Time Consent Sync
Consent updates happen immediately. The moment a visitor clicks "Accept" or adjusts their preferences on the Kukie banner, the JavaScript bridge fires wp_set_consent() for every mapped category. Plugins listening for the wp_listen_for_consent_change event react instantly, loading or blocking their scripts without a page reload.
This matters for single-page interactions. If a visitor lands on a page with an embedded video, rejects marketing cookies, then later opens the banner again and opts in, the video embed can load right away. No refresh needed.
Which WordPress Plugins Support the WP Consent API
The value of the WP Consent API grows with every plugin that adopts it. Verified integrations include:
| Plugin | Category | How It Uses the API |
|---|---|---|
| Google Site Kit | Analytics / Ads | Reads consent state to configure Google Consent Mode signals |
| WooCommerce | E-commerce | Gates its SourceBuster attribution tracking script on consent |
| WP Statistics | Analytics | Checks statistics consent before tracking page views |
| Burst Statistics | Analytics | Switches between anonymous and full tracking based on consent level |
| Pixel Manager for WooCommerce | Marketing | Blocks ad pixels (_fbp, Google Ads) until marketing consent is granted |
| AddToAny | Social sharing | Defers social media script loading pending consent |
Google Site Kit is particularly significant. When both Site Kit and the WP Consent API are installed, Site Kit reads consent state directly from the API and passes it to Google Consent Mode. Combined with Kukie.io as the CMP, this creates a clean chain: visitor chooses on the Kukie banner, the WP Consent API relays the choice, and Site Kit translates it into Consent Mode signals for Google Analytics 4, Google Ads, and other Google services.
Google CMP Partner Programme and WordPress
Kukie.io is a certified Google CMP Partner, meaning the platform meets Google's technical requirements for Consent Mode v2 integration. For WordPress sites, the WP Consent API adds another layer to this: it ensures that consent signals reach Google services through Site Kit's native integration, not just through the Kukie script tag.
This dual-path approach gives you redundancy. Even if a caching plugin delays the main Kukie script by a few milliseconds, Site Kit can still read the stored consent state from the WP Consent API and set the correct Consent Mode defaults on page load.
Graceful Fallback: No WP Consent API, No Problem
If the WP Consent API plugin is not installed, Kukie.io works exactly as before. The banner loads, collects consent, blocks scripts based on category, and fires callback events for any custom integrations. The WP Consent API bridge simply does not activate.
This means there is no risk in updating the Kukie plugin. Sites without the WP Consent API see zero changes in behaviour. Sites with it get automatic integration.
How to Set It Up
The setup takes about two minutes:
Install the Kukie.io WordPress plugin from the WordPress dashboard or download it directly.
Install the WP Consent API plugin from the WordPress plugin directory. Search for "WP Consent API" under Plugins > Add New.
Activate both plugins. That is it.
There are no settings pages to visit, no API keys to paste, no category mappings to configure manually. The Kukie plugin detects the WP Consent API, registers itself, and starts syncing consent immediately.
To verify the integration is active, open your browser's developer console on a page with the Kukie banner and check for window.wp_consent_type. It should return "optin". You can also call wp_has_consent('marketing') in the console before and after accepting cookies to confirm the state changes.
Why This Matters for WooCommerce Sites
WooCommerce uses the WP Consent API to gate its attribution tracking. Without a CMP registered as the consent provider, WooCommerce falls back to assuming consent is granted (the default when no consent_type is set). That is a compliance gap for any store serving EU customers.
With Kukie.io registered as the CMP and consent_type set to optin, WooCommerce's tracking respects the visitor's actual choice. Marketing attribution scripts only fire after explicit consent.
Frequently Asked Questions
Does the WP Consent API replace my cookie banner?
No. The WP Consent API does not collect or display consent. It is a communication layer. You still need a consent management platform like Kukie.io to show the banner and record visitor choices. The API simply relays those choices to other plugins.
Do I need to configure the category mapping between Kukie and the WP Consent API?
No. The mapping is built into the Kukie WordPress plugin and activates automatically. Kukie's four categories (necessary, functional, analytics, marketing) are mapped to the WP Consent API's five categories without any manual setup.
Will the WP Consent API slow down my website?
The WP Consent API is a lightweight plugin that adds minimal overhead. It registers a few JavaScript functions and stores consent state in memory. There is no additional HTTP request or database query on each page load.
What happens if I deactivate the WP Consent API plugin?
Kukie.io continues to work normally. The consent bridge deactivates gracefully, and cookie blocking, banner display, and Consent Mode signals all function as before. Other plugins that relied on the WP Consent API will fall back to their own default consent behaviour.
Does Google Site Kit require the WP Consent API to work with Kukie?
Site Kit can receive Consent Mode signals directly from the Kukie script tag. The WP Consent API provides a second path for consent data, which improves reliability on cached pages. Both methods work independently.
Is the WP Consent API going to be part of WordPress core?
A formal proposal for core adoption was published on Make WordPress Core in December 2024. The plugin's GitHub repository is hosted under the official WordPress organisation. No confirmed timeline for inclusion has been announced.
Take Control of Your Cookie Compliance
If your WordPress site runs plugins that set cookies, the WP Consent API ensures they all listen to the same consent signal. Kukie.io handles the rest: scanning, categorising, displaying the banner, and syncing consent in real time.
