Stella Cookies

Stella Cookies is a WordPress cookie consent plugin for managing a cookie banner, consent categories, and third-party content controls for analytics, marketing, and embedded services.

The plugin includes support for Google Consent Mode v2, configurable consent categories, script blocking patterns, iframe blocking, cookie policy content, and a built-in shortcode for displaying your cookie policy and cookie declaration page.

It is built for site owners who need a configurable cookie banner and for developers who need flexible controls for consent-based script loading.

Free Features 🚀

• Enable or disable the cookie banner from one settings screen.
• Support for Google Consent Mode v2 workflows.
• Block analytics and marketing scripts until consent.
• Optional strict prior blocking for uncategorized third-party scripts.
• Configure statistics and marketing script patterns.
• Configure allowlist patterns for trusted scripts.
• Optional iframe blocking for embedded third-party content.
• Consent version control for resetting consent after policy changes.
• Cookie Policy content editor.
• Cookie declaration list for transparency pages.
• [stella_cookies_policy] shortcode for policy and consent reset display.
• Banner design templates and custom styling controls.
• Button text, color, and font size customization.
• Preference manager with necessary, statistics, and marketing controls.
• Floating badge option to reopen consent controls.
• Live admin preview for banner design changes.
• In-admin help guide and system status summary.

Who It Is For

• Website owners who need a configurable consent banner.
• Agencies managing privacy compliance across client sites.
• Developers who need finer control over script loading behavior.
• Businesses that want a clean free plugin and an upgrade path to advanced compliance workflows.

= Upgrade to Pro ⚡=

Stella Cookies Pro extends the free plugin with advanced compliance tools including cookie scanning, staged scan review, scan history, email alerts, consent logs, analytics reporting, geo targeting, Global Privacy Control support, GTM sync, and additional banner branding controls.

External services

This plugin does not make direct HTTP requests to any external service or API on its own.

However, the plugin includes built-in script-blocking pattern lists that reference well-known third-party domain strings. These strings are used locally to match and block scripts loaded by your own site before consent is granted. No data is sent to these domains by the plugin itself.

The following third-party domains are referenced in the built-in blocking pattern defaults:

Google Tag Manager / Google Analytics

Pattern used: googletagmanager.com/gtag, google-analytics.com

These patterns allow the plugin to identify and block Google Analytics and Google Tag Manager scripts until the visitor consents to the Statistics category.

If your site loads Google tags, those tags will connect to Google’s servers. Please refer to Google’s own terms and privacy policy:
* Terms of Service: https://marketingplatform.google.com/about/analytics/terms/us/
* Privacy Policy: https://policies.google.com/privacy

Meta (Facebook) Pixel

Pattern used: connect.facebook.net

This pattern allows the plugin to identify and block Facebook/Meta Pixel scripts until the visitor consents to the Marketing category.

If your site loads the Meta Pixel, it will connect to Meta’s servers. Please refer to Meta’s own terms and privacy policy:
* Terms of Service: https://www.facebook.com/legal/terms/businesstools
* Privacy Policy: https://www.facebook.com/privacy/policy/

Other built-in patterns

The plugin also includes built-in blocking patterns for other common analytics and advertising services including clarity.ms (Microsoft Clarity), hotjar.com, doubleclick.net (Google Ads), googleadservices.com, googlesyndication.com, ads-twitter.com, platform.twitter.com, tiktok.com, snap.licdn.com, ct.pinterest.com, matomo, plausible.io.

All of these patterns are used solely to match and block third-party scripts on your own site. The plugin itself does not transmit any data to these services. Data transmission to these services only occurs after the visitor grants consent, or if the scripts are loaded by other means outside the plugin’s control.

Developer API (Hardcoded Scripts)

The safest and most WordPress-native way to load scripts is using wp_enqueue_script(). Stella Cookies will automatically detect and block these enqueued scripts based on your consent settings.

Please do not paste raw <script> tags directly into your theme templates (header.php, footer.php, etc.). Hardcoded raw scripts cannot be reliably blocked without causing conflicts with other plugins.

If you are a developer and absolutely must output a script manually, please use the provided helper functions. These functions will automatically enforce the user’s consent choice without rewriting the whole page.

For external scripts:
stella_cookies_script( ‘https://connect.facebook.net/en_US/fbevents.js’, ‘marketing’ );

For inline scripts:
php
stella_cookies_inline_script( "
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-XXXXXXXXXX');
", 'statistics' );