=== ConsentX ===
Contributors: consentxio
Tags: cookie consent, gdpr, ccpa, consent mode, cookie banner
Requires at least: 5.8
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

1-click cookie consent banner with Google Consent Mode v2 and pre-consent script blocking for GDPR, CCPA, and DPDPA.

== Description ==

ConsentX adds a fully-managed cookie consent banner to your WordPress site. Connect your ConsentX account once and the widget installs itself with no code to copy and no domain to configure by hand.

* **1-click connect.** Link your ConsentX account and your domain is registered automatically and the banner goes live.
* **Google Consent Mode v2.** Consent signals are set to denied by default and updated automatically when a visitor chooses.
* **Pre-consent script blocking.** Known trackers are blocked client-side by the widget, and you can optionally gate your own enqueued scripts too.
* **Geo-aware.** The banner adapts to the visitor's region (GDPR / CCPA / LGPD / DPDPA) from your ConsentX configuration.
* **Banner copy, categories, cookies, DSAR, and compliance reports** are managed in your ConsentX dashboard, so you can change them anytime without touching WordPress.

The plugin loads a single lightweight script (`embed.js`) from ConsentX. All banner content and policy is fetched at runtime and cached at the edge.

== External services ==

This plugin connects your site to ConsentX, a hosted consent-management service, to display and manage the cookie consent banner. A ConsentX account (free to start) is required for the plugin to do anything.

What is sent, and when:

* When you click "Connect to ConsentX": your site domain and site name are sent to https://app.consentx.io so a consent property can be created for your site and the banner is allowed to load on your domain.
* On each page view: the plugin loads a script (`embed.js`) from https://app.consentx.io. That script renders the banner from your dashboard settings and records each visitor's consent choice (a consent receipt) in ConsentX so you keep an auditable record. No request is sent to ConsentX until this script loads.

This service is provided by ConsentX (https://consentx.io). By using the plugin you agree to its terms and privacy policy:

* Terms of Service: https://consentx.io/terms
* Privacy Policy: https://consentx.io/privacy
* Cookie Policy: https://consentx.io/cookie-policy

== Installation ==

1. Upload the `consentx` folder to `/wp-content/plugins/`, or install the ZIP via Plugins → Add New → Upload.
2. Activate the plugin.
3. Go to Settings → ConsentX and click **Connect to ConsentX**.
4. Approve the connection in your ConsentX account. Done. The banner is live.

Prefer manual setup? Paste your site key under Settings → ConsentX and add your domain to the property in the ConsentX dashboard.

== Frequently Asked Questions ==

= Do I need a ConsentX account? =
Yes. You can create one free at https://consentx.io. The plugin connects to it.

= Does this slow down my site? =
The loader is a single small module and the banner config is served from a global edge cache. Consent Mode defaults are inlined so analytics tools behave correctly from the first paint.

= Where do I edit the banner text and cookie list? =
In your ConsentX dashboard. Changes apply to your live site automatically.

== Screenshots ==

1. The ConsentX settings screen: one-click connect, connection status, and Consent Mode v2 options.
2. The connected state showing your live site key and registered domain.
3. The consent banner on a live storefront, rendered from your ConsentX dashboard.
4. Manual setup: pasting a site key when you prefer not to use 1-click connect.

== Changelog ==

= 1.0.2 =
* Fix: the connect callback URL is now built with a raw nonce. wp_nonce_url() HTML-encoded the ampersand (&amp;), which corrupted the _wpnonce parameter on the return trip and failed the security check.

= 1.0.1 =
* Fix: the "Connect to ConsentX" button now reaches the authorize screen. The off-site redirect host is allowlisted (it was being dropped by wp_safe_redirect) and the callback URL is no longer double-encoded.

= 1.0.0 =
* Initial release: 1-click connect, Google Consent Mode v2 defaults, optional pre-consent script blocking, manual site-key fallback.
