Developer Hub › WordPress

LGPD Cookie Consent for WordPress

Script placement via wp_head priority 1, caching plugin compatibility, and how to handle third-party plugin scripts — without conflicts.

Add to your site free — 2 minutes Google Consent Mode guide

Where does the LGPD consent script go in WordPress?

First item in wp_head, priority 1, in_footer set to false. WordPress runs hooks in ascending priority order, so priority 1 fires before most plugins and themes enqueue their scripts. This guarantees the consent manager loads before GTM, GA4, Meta Pixel, and anything else that WordPress injects via wp_enqueue_script.

Never use wp_footer, never add async or defer. The consent script must execute synchronously before any other script is parsed — that is the only way to block tracking before execution, which is what LGPD requires.

wp_enqueue_script setup

Add this to your theme's functions.php or a site-specific plugin. Replace YOUR_SITE_ID with the ID from your CookieFácil dashboard.

add_action( 'wp_enqueue_scripts', function() {
    wp_enqueue_script(
        'cookiefacil',
        'https://cdn.cookiefacil.com.br/cdn/cf-banner.min.js?site=YOUR_SITE_ID',
        [],    // no dependencies
        null, // no version — CDN uses immutable hashed filenames
        false // in_footer = false — MUST be in head
    );

    // Prevent Rocket Loader from deferring this script
    add_filter( 'script_loader_tag', function( $tag, $handle ) {
        if ( $handle === 'cookiefacil' ) {
            return str_replace( '<script ', '<script data-cfasync="false" ', $tag );
        }
        return $tag;
    }, 10, 2 );

}, 1 ); // priority 1 — fires before other plugins

The data-cfasync="false" attribute prevents Cloudflare Rocket Loader from deferring the script on sites behind Cloudflare.

Caching plugin compatibility

CookieFácil is compatible with all major WordPress caching plugins. No exclusion rules needed.

WP Rocket

The CookieFácil script is served from Cloudflare CDN with immutable headers — WP Rocket's JS minification and concatenation do not touch external scripts. No exclusions required. The consent cookie is first-party and is not cached.

LiteSpeed Cache

LiteSpeed does not minify or defer external scripts by default. If you have JS optimization enabled, exclude the CookieFácil handle from the defer list. The CDN URL contains ?site= which is a reliable exclusion pattern.

W3 Total Cache

If minify JS is enabled, exclude cdn.cookiefacil.com.br from the list. W3TC does not defer external scripts by default — no additional configuration needed in a standard setup.

WP Super Cache

WP Super Cache is a page-level cache only — it does not minify or reorder scripts. The CookieFácil placement via wp_enqueue_scripts priority 1 is preserved exactly as set. No configuration needed.

Removing conflicting consent plugins

Running two consent managers at once causes banner duplication and conflicting consent signals. Remove these before installing CookieFácil.

Common conflicting plugins to deactivate and delete:

  • GDPR Cookie Consent (WebToffee)
  • Cookie Notice & Compliance for GDPR / CCPA
  • CookieYes — GDPR Cookie Consent & Notice Bar
  • Complianz — GDPR/CCPA Cookie Consent
  • CAOS | Host Google Analytics Locally (blocks GA4, conflicts with GCM v2)

After deactivation, clear all caching layers (plugin cache, server cache, Cloudflare cache) before testing.

Blocking third-party plugin scripts

CookieFácil automatically blocks known analytics and marketing scripts (GA4, GTM, Meta Pixel, Hotjar). For custom or lesser-known plugins, add data-consent-category to their output using a script_loader_tag filter:

// Add consent category to a specific plugin's script
add_filter( 'script_loader_tag', function( $tag, $handle ) {
    if ( $handle === 'my-analytics-plugin' ) {
        return str_replace(
            '<script ',
            '<script type="text/plain" data-consent-category="analytics" ',
            $tag
        );
    }
    return $tag;
}, 10, 2 );

Choose the right plan for your business

Start free and scale as your consent volume grows. Billed in BRL — no credit card required to start.

Free

Start collecting consent records

  • 1 site · 1,000 visitors/month

  • Cookie consent banner — LGPD + GDPR ready

  • Basic consent reports

Start Free
Most Popular

Basic

For growing businesses

  • 2 sites · 5,000 visitors/month

  • CSV export of consent records

  • Remove CookieFácil branding

Get Started

Professional

For multiple sites and agencies

  • 5 sites · 50,000 visitors/month

  • CSV + PDF + advanced reports

  • Custom CSS and geo-targeting rules

Get Started
See all plans and features →

Frequently asked questions

  • Where does the LGPD consent script go in WordPress?

    Add it as the first item in wp_head with priority 1 using wp_enqueue_script with in_footer set to false. Never use defer or async — the consent script must execute synchronously before any tracking tag is parsed.

  • Will the CookieFácil script conflict with caching plugins?

    No. The script is served from Cloudflare CDN with immutable caching headers. WP Rocket, W3 Total Cache, WP Super Cache, and LiteSpeed Cache do not interfere. Consent decisions are stored in a first-party cookie, not in page cache.

  • Do I need a separate LGPD plugin if I use CookieFácil?

    No. One script tag handles all LGPD requirements: script blocking, consent UI, Google Consent Mode v2, and consent logs. Installing additional consent plugins alongside it will cause conflicts — remove them first.

  • How do I block WordPress plugins from loading before consent?

    CookieFácil automatically intercepts scripts matching known analytics and marketing patterns (GA4, Meta Pixel, Hotjar, etc.) before they execute. For custom plugin scripts, add data-consent-category="analytics" to their script tags using a script_loader_tag filter in your theme.