Contentpass Integration

Contentpass is a privacy-focused monthly subscription for readers. With one registration, Contentpass users visit participating websites ad-free and without being tracked, while publishers receive subscription revenue that matches lost ad revenue at ad market rates.

The Contentpass Integration plugin integrates Contentpass with your site so you can combine consent management, script control, and Contentpass configuration from the WordPress admin.

Features

• Integration – Configure your Contentpass property (base URL, ID), choose your Consent Management Platform (CMP), and manage staging vs production behaviour.
• CMP support – Built-in hooks for major CMPs (for example Consentmanager, Didomi, CCM19, OneTrust, Usercentrics V2/V3, Sourcepoint). Choose whether the CMP is already on your site or should be loaded by the plugin (Consentmanager via validated snippet paste).
• Blocking Rules – Define patterns to scan for or exclude, with admin UI for script blocking aligned with your consent setup.
• Request Contract – Quick link to the Contentpass publisher contact flow with tracking parameters for support context.
• Staging mode – Limit Contentpass loading to logged-in editors and administrators while you test; optional URL debug flag for broader testing.

Admin screens require the manage_options capability by default (filterable via cp4wp_required_capability).

External services

This plugin connects to third-party services so you can integrate Contentpass and a Consent Management Platform (CMP) with WordPress. Only the services that match your plugin settings are used (one CMP at a time, plus Contentpass when configured and not in a disabled/staging-only state). No data is sent to CMP vendors you have not selected.

Contentpass (API and CDN)

Used to load the Contentpass integration (now.js), CMP-specific JavaScript stubs, and property configuration.

• What it is used for: Subscription and consent integration on the front end; verifying that your property CNAME and config.json are reachable during setup and admin saves.
• now.js (mandatory): The plugin always loads now.js from the publisher’s configured Contentpass base URL when Contentpass is active. This is part of the official Contentpass integration contract, not user-supplied executable code. The URL is derived from the validated base URL setting (not a free-text script field).
• What data is sent and when:
  • From the WordPress server (admin/setup): HTTP GET requests to https://{your-contentpass-base-url}/properties/{property-id}/config.json when you save settings, use “Check again”, or when the plugin refreshes cached configuration. These requests include the plugin User-Agent (Contentpass-WP/{version}) and your configured property ID. They do not include front-end visitor form input.
  • From the visitor browser (front end, when Contentpass loading is active): Scripts from your Contentpass base URL (for example {base-url}/now.js) and from https://static.contentpass.net/stubs/… to connect Contentpass with the selected CMP. The browser may send standard web request metadata (IP address, User-Agent, cookies, consent/subscription signals) to Contentpass as described in their documentation.
• Service provider: Content Pass GmbH (Contentpass)
• Terms of service: https://www.contentpass.net/en/terms
• Privacy policy: https://www.contentpass.net/en/privacy

Consentmanager

Loaded when Consentmanager is selected as the CMP in plugin settings.

• What it is used for: Displaying the Consentmanager cookie/consent banner and passing consent signals to ads and tags.
• Third-party script: The plugin loads Consentmanager’s semi-automatic CMP loader from the validated src URL in your pasted snippet (typically https://cdn.consentmanager.net/delivery/js/semiautomatic.min.js). Only allowlisted data-cmp-* attributes are used; pasted markup is parsed and not echoed raw. Paste the external semi-automatic script from Consentmanager Get Code in the plugin settings when Plugin should also load the CMP is selected.
• What data is sent and when: From the visitor browser to Consentmanager hosts (cdn.consentmanager.net, delivery.consentmanager.net, and related endpoints) when the CMP script loads and when visitors interact with the banner. Data typically includes the configured Code-ID, page URL, consent choices, and standard request metadata (IP address, User-Agent, cookies). The WordPress server does not proxy visitor consent to Consentmanager.
• Service provider: consentmanager AB (consentmanager.net)
• Terms of service: https://www.consentmanager.net/en/general-terms-and-conditions/
• Privacy policy: https://www.consentmanager.net/en/privacy/

Didomi

Loaded when Didomi is selected as the CMP.

• What it is used for: Didomi consent banner and preference management via the Didomi SDK.
• What data is sent and when: From the visitor browser to https://sdk.privacy-center.org/ (loader and related Didomi endpoints) when the CMP is enqueued. Requests include your Didomi API key, the site hostname (target parameter), and—depending on configuration—geo hints, consent state, and standard request metadata. Contentpass stub scripts may also load from https://static.contentpass.net/stubs/didomi/latest.js when Contentpass integration is active.
• Service provider: Didomi SAS
• Terms of service: https://tos.console.didomi.io/
• Privacy policy: https://www.didomi.io/privacy-policy

CCM19

Loaded when CCM19 is selected as the CMP.

• What it is used for: CCM19 cookie consent banner and consent storage.
• What data is sent and when: From the visitor browser to https://cloud.ccm19.de/app.js (with your configured API key and domain ID as query parameters) when the CMP loads and when visitors give or change consent. Standard request metadata (IP address, User-Agent, cookies, consent records) may be processed by CCM19. Contentpass stub scripts may load from https://static.contentpass.net/stubs/ccm19/latest.js when Contentpass integration is active.
• Service provider: Papoo Software & Media GmbH (CCM19)
• Terms of service: https://www.ccm19.de/agb.html
• Privacy policy: https://www.ccm19.de/en/wissen/datenschutzerklaerung.html

OneTrust

Loaded when OneTrust is selected as the CMP.

• What it is used for: OneTrust cookie consent banner and category/vendor consent via otSDKStub.js.
• What data is sent and when: From the visitor browser to https://cdn.cookielaw.org/ (OneTrust Cookie Consent CDN) using your configured domain script ID when the CMP loads and when visitors interact with the banner. Standard request metadata and consent choices may be sent to OneTrust. Contentpass stub scripts may load from https://static.contentpass.net/stubs/onetrust/latest.js when Contentpass integration is active.
• Service provider: OneTrust (Cookie Consent / Cookie Law)
• Terms of service: https://legal.onetrust.com/#masterterms
• Privacy policy: https://www.onetrust.com/privacy-notice/

Usercentrics

Loaded when Usercentrics V2 or V3 is selected as the CMP.

• What it is used for: Usercentrics consent banner and TCF/consent management.
• What data is sent and when: From the visitor browser to Usercentrics endpoints (for example https://web.cmp.usercentrics.eu/ or https://app.usercentrics.eu/, depending on version) with your settings ID when the CMP loads and when visitors interact with it. Consent records, page context, and standard request metadata may be processed by Usercentrics. Contentpass stub scripts may load from https://static.contentpass.net/stubs/usercentrics/latest.js when Contentpass integration is active.
• Service provider: Usercentrics GmbH
• Terms of service: https://usercentrics.com/terms-and-conditions/
• Privacy policy: https://usercentrics.com/privacy-policy-cmp/

Sourcepoint

Loaded when Sourcepoint is selected as the CMP (or when Sourcepoint helper scripts are used in Manual mode).

• What it is used for: Sourcepoint consent messaging and privacy manager (wrapperMessagingWithoutDetection.js).
• What data is sent and when: From the visitor browser to https://cdn.privacy-mgmt.com/ (and related Sourcepoint endpoints configured in your account) when messaging scripts load and when visitors give or update consent. Account/property identifiers, consent strings, page URL, and standard request metadata may be sent. Contentpass stub scripts may load from https://static.contentpass.net/stubs/sourcepoint/latest.js when Contentpass integration is active.
• Service provider: Sourcepoint Technologies, Inc.
• Terms of service: https://sourcepoint.com/terms-of-use/
• Privacy policy: https://sourcepoint.com/privacy-notice/

Post-consent ad / tag URLs (optional publisher setting)

Some publishers need specific third-party ad or analytics scripts to load only after consent (for example GPT, Prebid, or network tags). The plugin provides optional URL fields for this purpose.

• What it is used for: Loading external JavaScript files by URL after the CMP reports full consent, alongside the plugin’s script-blocking unblock flow.
• What publishers can enter: Only http:// or https:// script source URLs in structured admin fields (max 20). No inline JavaScript, HTML, PHP, or CSS can be saved.
• How the plugin outputs scripts: It builds <script src="…" async defer class="cpnotblocked"> tags programmatically from validated URLs. javascript:, data:, and other non-URL schemes are rejected at save time.
• What data is sent and when: From the visitor browser to the hosts in the configured URLs, only after consent, when those tags are injected.

Optional admin links

The plugin admin may link to Contentpass documentation and the publisher dashboard (for example https://docs.contentpass.net/ and https://publisher.contentpass.net/). These open in the browser when an administrator clicks them; they are not automatic background requests to third parties.