Àpèjúwe
CMPly connects a WordPress site to CMPly.app.
The plugin prints the CMPly SDK in the public <head> at a very early priority and intentionally does not add defer or async, matching CMPlyÌtumọ̀ Yorùbá: ’s recommended integration for blocking third-party scripts before they execute.
Features:
- Connect button with a short-lived signed callback state and a single-use server-to-server authorization code.
- Live account plan and monthly pageview usage synchronized on connect and verification.
- Site ID configuration in Settings > CMPly.
- Auto-inject or manual embed mode for the CMPly SDK.
- HTTPS SDK loading from the official CMPly.app service.
- Optional SDK version query for cache busting.
- Optional language override with automatic browser-language detection by default.
- URL path exclusions with wildcard support.
- Editable Google Consent Mode v2 settings with global and regional consent defaults.
This plugin requires an active CMPly.app site configuration. CMPly provides the consent banner, consent storage, cookie/provider metadata, and related consent-management functionality.
External services
This plugin connects to CMPly.app, a third-party consent-management service, when CMPly is enabled and a Site ID is configured.
When an administrator chooses Connect or Verify, WordPress sends the site URL, connection identifiers, plugin version, and a short-lived connection code to CMPly. CMPly returns the Site ID and API key server-to-server. When an administrator opens, refreshes, or saves the Google Consent Mode screen, WordPress sends the site URL, Site ID, connection ID, API key, and GCM settings to CMPly. GCM responses are cached in WordPress for five minutes. The API key is stored as a non-autoloaded WordPress option, is never printed in public HTML, and is deleted on disconnect or uninstall.
The administrator-side connection and GCM requests use CMPly endpoints under https://cmply.app/api/integrations/wordpress/, including /sites/{siteId}/gcm. These requests are used only to authenticate the WordPress connection and read or save the connected siteÌtumọ̀ Yorùbá: ’s settings.
The plugin loads the CMPly JavaScript SDK from:
https://cmply.app/sdk/init.js
The SDK may request these CMPly API endpoints in the visitorÌtumọ̀ Yorùbá: ’s browser:
/api/sites/{siteId}to load banner settings./api/sites/{siteId}/cookies-listto load cookie details./api/sites/{siteId}/providersto load detected provider rules./api/sites/{siteId}/viewto record a banner/site view./api/consentto record a consent choice.
Data sent to CMPly may include the configured Site ID, consent categories selected by the visitor, consent metadata generated by the SDK, and standard request metadata such as IP address, user agent, referrer, and timestamp. CMPly uses this data to provide cookie consent functionality, consent records, analytics, and script-blocking configuration.
Service links:
- CMPly: https://cmply.app
- Terms of Service: https://cmply.app/terms
- Privacy Policy: https://cmply.app/privacy
Ìgbéwọlẹ̀
- Upload the plugin folder to
/wp-content/plugins/cmply. - Activate “CMPly” in WordPress.
- Go to Settings > CMPly.
- Click “Connect to CMPly” or paste the Site ID from the CMPly dashboard.
- Save settings and clear any page cache.
FAQ
-
Why is the script not loaded with defer?
-
CMPly must execute during HTML parsing so it can intercept and block third-party scripts before they run. Adding
deferorasyncwould make blocking less reliable. -
What if I already added the CMPly script manually?
-
Turn off Auto-inject SDK in Settings > CMPly and keep the manual script near the top of the document head. Keep only one CMPly SDK script on the page.
-
The button opens the CMPly web app with your WordPress site URL, return URL, and a signed WordPress callback-state token that expires after 30 minutes. CMPly separately returns a ten-minute, single-use authorization code. WordPress exchanges that code with CMPly over HTTPS and stores the resulting credentials server-side.
-
Can I disable CMPly on specific pages?
-
Yes. Add one path per line in Exclude Paths, for example:
/checkout/* -
The WordPress plugin stores only its admin settings in the WordPress database. The public consent cookie is created by the CMPly SDK in the visitorÌtumọ̀ Yorùbá: ’s browser.
Àwọn àgbéyẹ̀wò
Kò sí àwọn àgbéyẹ̀wò fún plugin yìí.
Àwọn Olùkópa & Olùgbéejáde
“CMPly” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí plugin yìí.
Àwọn OlùkópaṢe o nífẹ̀ẹ́ sí ìdàgbàsókè?
Ṣàwárí koodu, ṣàyẹ̀wò ibi ìpamọ́ SVN, tàbí ṣe àgbékalẹ̀ sí àkọsílẹ̀ ìdàgbàsókè nípasẹ̀ RSS.
Àkọsílẹ̀ àwọn àyípadà
1.0.20
- Added authenticated editing of Google Consent Mode v2 and regional consent defaults from WordPress.
- Added validation, five-minute response caching, manual refresh, and actionable connection errors for GCM settings.
1.0.19
- Synchronized the GitHub release source with the reviewed WordPress.org package.
- Added automated, version-validated deployment to WordPress.org.
1.0.18
- Clarified the connection flow by distinguishing the signed WordPress callback state from the single-use CMPly authorization code.
- Reworded upgrade messaging to avoid implying guaranteed protection from legal risk.
1.0.17
- Hide Reconnect while the connection is healthy and show it only after a verification failure.
1.0.16
- Automatically refresh plan and pageview usage when CMPly settings open and the saved snapshot is older than 15 minutes.
- Keep Verify connection as an immediate manual refresh and diagnostic action.
1.0.15
- Show fractional pageview usage below ten percent instead of rounding it to zero.
1.0.14
- Preserve freshly synchronized pageview usage, limits, and connection ID through WordPress option sanitization.
- Hide dashboard upgrade promotions for paid plans.
1.0.13
- Allow Verify to repair a missing connection ID using the saved API key, Site ID, and domain.
- Store the connection ID separately from editable plugin settings.
1.0.12
- Hide the header upgrade button for paid plans.
- Synchronize pageviews from the same billing-period statistics used by the CMPly dashboard.
1.0.11
- Hide the dashboard connection prompt after a CMPly account has been connected.
- Use the saved connection ID as the persistent UI connection state.
1.0.10
- Show the safe CMPly API error and HTTP status when credential exchange fails.
1.0.9
- Pass callback state as a dedicated CMPly parameter so nested URL encoding cannot remove it.
1.0.8
- Added precise callback-state diagnostics for missing, malformed, expired, wrong-user, and invalid-signature failures.
1.0.7
- Use a stateless, administrator-bound HMAC callback state that survives navigation, caching, and multiple tabs.
1.0.6
- Store the one-time connection state in administrator metadata so it works independently of transient cache backends.
1.0.5
- Replaced the external callback nonce with a one-time administrator-bound state token.
1.0.4
- Fixed nonce encoding in the nested WordPress connection callback URL.
- Replaced the WordPress expired-link screen with an actionable plugin error message.
1.0.3
- Added visible connection success and error messages.
- Distinguished manual Site ID configuration from an authenticated CMPly account connection.
1.0.2
- Fixed duplicate upgrade button icon during cached asset transitions.
1.0.1
- Fixed admin icon rendering and enabled interactive FAQ answers.
- Added live plan and pageview usage synchronization from CMPly.
1.0.0
- Initial release.
- Added one-time connection exchange and server-side connection verification.
- Added live plan and pageview usage synchronization from CMPly.
