How to Correctly Place Tracking Codes with the GDPR Cookie Compliance Plugin

A common point of confusion for users of the 'GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD' plugin is where to place third-party tracking scripts, such as those for Google Analytics or Facebook Pixel. Incorrect placement can lead to codes running without user consent, defeating the purpose of the plugin, or scripts executing twice, which can skew analytics data.

Why This Problem Occurs

Many WordPress themes and page builders, like Divi, provide dedicated areas in their settings to insert code into the <head> or <footer>. Users often add their tracking codes there for convenience. However, when they later install a consent management plugin, they are unsure whether to remove the original codes, add them to the new plugin, or use both methods simultaneously. This creates a conflict where the plugin may not be able to control the scripts that were placed elsewhere.

The Recommended Solution: Use One Location

Based on community discussions and support threads, the recommended approach is to use the GDPR Cookie Compliance plugin as the single source for all consent-based tracking scripts.

1. Remove codes from other locations. Locate and remove any tracking codes you have placed in your theme's settings (e.g., Divi's integration tab), theme files (e.g., header.php), or other plugins.
2. Add all scripts to the GDPR plugin. Insert your tracking codes exclusively into the appropriate script areas within the GDPR Cookie Compliance plugin's settings (e.g., under 'Statistics' or the relevant cookie category).
3. Test the configuration. Use your browser's developer tools to verify that the scripts only load after the appropriate user consent has been given.

What Happens If You Use Both Locations?

If a tracking code is placed both in your theme and the consent plugin, the code placed in the theme will run unconditionally on every page load, regardless of a user's cookie consent status. The plugin has no control over scripts that are hardcoded into the theme. This means the script will bypass the consent mechanism, which is a potential compliance issue. It can also cause the same script to run twice, creating inaccurate data in your analytics reports.

Handling Multi-Language and Multi-Domain Setups

A separate but related issue involves websites using plugins like WPML with different domains per language, each requiring a unique tracking ID. The standard version of the GDPR Cookie Compliance plugin uses a single, site-wide setting for script snippets, meaning the same code would run on all domains.

This functionality, which allows for saving different code snippets per language, is a feature that has been addressed in a premium version of the plugin. For users with this specific need, exploring the extended features of that version may be necessary for a full technical solution.

Conclusion

For the GDPR Cookie Compliance plugin to function correctly and manage scripts as intended, it is crucial to centralize all consent-based code placement within its interface. Avoid duplicate placements in theme settings or files to prevent compliance issues and ensure your tracking data remains accurate.