WordPress Consent API Audit: FitConsent CMP Passes All Checks

On WordPress, displaying a visual cookie banner is only half the battle. To be truly compliant, every background plugin that collects user data needs to listen to and respect the visitor\’s choices. Learn how the WP Consent API handles this communication seamlessly.

Historically, plugins on a single site interpreted consent independently or ignored it altogether. To solve this gap, the WordPress community introduced the WP Consent API—a standardized communication protocol that acts as a universal bridge between your Consent Management Platform (CMP) and your data-collecting plugins.

When you run an audited solution like FitConsent, user choices are automatically mapped directly to the five standard WordPress consent categories: functional, statistics-anonymous, statistics, preferences, and marketing. Let\’s walk through the full configuration and verification workflow as detailed in our official WP Consent API Compliance Audit.

Watch the Live Walkthrough Audit

Step 1: Install and Connect the FitConsent Plugin

FitConsent includes native, automatic support for the WP Consent API without requiring manual code hooks or extra backend development.

1. Log in to your WordPress dashboard, navigate to Plugins > Add New Plugin.
2. Search for FitConsent CMP, click Install Now, and then Activate.
3. Open your FitConsent platform dashboard, navigate to your website settings, and copy your unique Website ID.
4. Back in WordPress, go to Settings > FitConsent, paste your Website ID into the designated field, and hit Save Changes.

Step 2: Align Google Site Kit with the WP Consent API

Google Site Kit handles Consent Mode in WordPress by linking directly into the WP Consent API layer. When a visitor updates their preferences on the banner, the API passes that data directly down to Site Kit.

1. In your WordPress sidebar, click on Site Kit > Settings.
2. Locate the Consent Mode section.
3. Ensure the toggle is enabled. This ensures Google Analytics and Ads automatically hold back or execute data collection based on the API signals.

Step 3: Test and Validate Your Compliance Live

To verify that the integration is working as intended under strict opt-in frameworks like GDPR, you can audit the API via your browser\’s developer console.

Checking the Initial Denied State:
Open your website in a fresh incognito window. Before interacting with the cookie banner, right-click anywhere and choose Inspect, then open the Console tab. Run the core checking function:

wp_has_consent('statistics')

The console will return false. This confirms that data collection is effectively locked out out-of-the-box. You can also run our built-in diagnostic framework shortcut to see all statuses grouped together:

window.fitconsent_test_consent()

This will output a clean report confirming that Statistics, Marketing, and Functional parameters are completely set to denied.

Checking the Updated Granted State:
Now, click Accept All on your active visual banner. Run the check again in your console:

wp_has_consent('statistics')

The console will immediately shift and return true. FitConsent fires a structural update through the WP Consent API layer the exact millisecond the user interacts with the user interface, immediately releasing Google Site Kit to track the session compliantly.

A Proven Core for Your Client Projects

If you are a web designer or developer building technical stacks for clients, ensuring cross-plugin harmony is critical to preventing regulatory infractions. This native handshake eliminates the need for complex, manual tag mapping or custom Javascript event triggers.

To review the complete technical dataset and logs from our validation test, head over to the official WordPress Consent API Audit Report. Ready to deploy automated compliance on your staging environment? Get started with FitConsent today.

— Soufiane
Founder, FitConsent