=== Nivaj Cookie Consent ===
Contributors: ajayrajbanshi
Tags: cookie consent, gdpr, cookie banner, privacy, cookie compliance
Requires at least: 5.8
Tested up to: 6.9
Stable tag: 1.0.2
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

GDPR-compliant cookie consent with category-based consent, script blocking, GTM, consent logging, and customizable banner.

== Description ==

Nivaj Cookie Consent provides a complete cookie consent management solution for WordPress. It helps you comply with GDPR, CCPA, and other privacy regulations by giving visitors full control over cookie categories.

= Features =

* Category-based consent: Necessary, Analytics, Marketing, and Functional categories (customizable)
* Auto script blocking: Blocks scripts and iframes until the user consents to the appropriate category
* Google Tag Manager: Built-in GTM container injection with consent integration
* Google Consent Mode v2: Sends consent signals (ad_storage, analytics_storage, etc.) via dataLayer
* DataLayer events: Custom events fired on consent changes for tag management
* Consent logging: GDPR-compliant records with SHA-256 hashed IP and user agent
* CSV export: Export consent log records for compliance audits
* Cookie scanner: Detects cookies on your site and auto-categorizes 50+ known cookies
* Analytics dashboard: Consent statistics with daily charts and category acceptance rates
* Customizable banner: Position, colors, typography, button styles, and layout options
* Shortcode: `[nivaj_cookie_preferences]` to place a cookie preferences button anywhere
* Privacy policy snippet: Auto-generates a cookie table for your privacy policy page
* Lightweight: Vanilla JavaScript with no jQuery dependency on the frontend
* Accessible: ARIA attributes, keyboard navigation, and focus management
* Multisite support: Independent settings and consent log per site

= How It Works =

1. Install and activate the plugin.
2. Go to **Cookie Consent > Settings** to configure banner text, categories, and integrations.
3. Customize the banner appearance under **Cookie Consent > Appearance**.
4. Define script blocking patterns under **Cookie Consent > Scripts**.
5. Run the Cookie Scanner to detect cookies on your site.
6. Monitor consent activity on the **Cookie Consent > Dashboard**.

= Shortcode =

Use `[nivaj_cookie_preferences]` to add a "Cookie Preferences" button anywhere on your site.

Attributes:

* `text` – Button label (default: "Cookie Preferences")
* `class` – Additional CSS class

Example: `[nivaj_cookie_preferences text="Manage Cookies" class="my-btn"]`

= Privacy =

This plugin stores consent preferences in a browser cookie on the visitor's device. When consent logging is active, IP addresses and user agents are stored as one-way SHA-256 hashes combined with the WordPress salt, making them non-reversible. No personal data is shared with external services by this plugin itself. See the "External services" section below for details on optional Google integrations.

== External services ==

This plugin optionally connects to external services when the site administrator explicitly enables them. No external connections are made by default.

= Google Tag Manager =

When the administrator enables Google Tag Manager under Cookie Consent > Settings and provides a GTM container ID, this plugin loads the Google Tag Manager script from Google's servers.

What it does: Loads a tag management container that can manage analytics, marketing, and other scripts on the site.
When it connects: On every frontend page load, only when GTM is enabled and a valid container ID (GTM-XXXXXXX) is configured.
Data sent: The GTM container ID is sent to Google's servers to retrieve the container script. No personal visitor data is sent by this plugin directly; however, the loaded GTM container may collect data based on its own configuration.

* [Google Tag Manager Terms of Service](https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/)
* [Google Privacy Policy](https://policies.google.com/privacy)

= Google Consent Mode v2 =

When the administrator enables Google Consent Mode under Cookie Consent > Settings, this plugin sends consent signals to Google services via the browser's dataLayer.

What it does: Communicates the visitor's consent status (granted or denied) for ad storage, analytics storage, and personalization to Google services already running on the site.
When it connects: Consent default signals are set on page load. Consent update signals are sent when a visitor interacts with the cookie banner. This does not load any additional external scripts.
Data sent: Consent status values (granted/denied) for: ad_storage, ad_user_data, ad_personalization, analytics_storage, functionality_storage, personalization_storage, security_storage.

* [Google Consent Mode documentation](https://developers.google.com/tag-platform/security/guides/consent)
* [Google Privacy Policy](https://policies.google.com/privacy)

= Cookie Scanner (local only) =

The Cookie Scanner feature makes an HTTP request to your own site's homepage to detect cookies and scripts. It does not connect to any external service.

== Installation ==

1. Upload the `nivaj-cookie-consent` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Navigate to **Cookie Consent > Settings** to configure the plugin.

== Frequently Asked Questions ==

= Does this plugin block scripts automatically? =
Yes. Define URL patterns under **Cookie Consent > Scripts**, and the plugin will block matching `<script>` and `<iframe>` tags until the visitor consents to the relevant category.

= Is the consent banner customizable? =
Yes. You can customize the position (top bar, bottom bar, or center modal), layout, colors, font size, border radius, button styles, and add custom CSS.

= Does it work with Google Tag Manager? =
Yes. Enable GTM under **Cookie Consent > Settings > Advanced** and enter your container ID. The plugin also supports Google Consent Mode v2 for sending consent signals to Google services.

= Is it GDPR compliant? =
The plugin helps you achieve GDPR compliance by blocking non-essential cookies until consent is given, providing granular category-based choices, and logging consent for accountability. Full compliance depends on your overall site configuration and legal requirements.

= Does it support multisite? =
Yes. Each site in a multisite network has its own settings and consent log. The uninstall process cleans up data across all sites.

= Where is consent data stored? =
Consent preferences are stored in a browser cookie. Consent log records are stored in a custom database table with hashed (non-reversible) IP addresses and user agents.

= Can I add a cookie preferences button to a page? =
Yes. Use the `[nivaj_cookie_preferences]` shortcode or call `window.nivajCC.reopenBanner()` from JavaScript.

== Changelog ==

= 1.0.2 =
* Remove custom CSS feature (arbitrary CSS insertion not permitted per wp.org guidelines).
* Sanitize and validate cookie JSON data with structure checking in get_consent_from_cookie().
* Sanitize $_SERVER['HTTP_USER_AGENT'] with sanitize_text_field() before hashing.
* Sanitize individual consent cookie fields (version, timestamp, categories) instead of returning raw decoded JSON.

= 1.0.1 =
* Use wp_add_inline_script() for GCM and GTM scripts instead of inline script tags.
* Add explicit output buffer closing for script blocker.
* Add External services section to readme for Google GTM and GCM documentation.
* Remove inline JavaScript event handlers for WordPress coding standards compliance.
* Fix shortcode parameter type handling to prevent fatal errors.
* Remove Domain Path header (unnecessary since WordPress 4.6).

= 1.0.0 =
* Initial release.
* Category-based cookie consent with customizable banner.
* Auto script and iframe blocking.
* Google Tag Manager integration.
* Google Consent Mode v2 support.
* DataLayer custom events for consent tracking.
* Consent logging with hashed PII and CSV export.
* Cookie scanner with 50+ known cookie database.
* Analytics dashboard with daily charts and category rates.
* Advanced appearance customization.
* `[nivaj_cookie_preferences]` shortcode.
* Consent version warning in admin.
* REST API endpoints for consent management.
* Multisite support.