CMPly
CMPly connects a WordPress site to CMPly.app.
The plugin prints the CMPly SDK in the public <head> at a very early priority and intentionally does not add defer or async, matching CMPly’s recommended integration for blocking third-party scripts before they execute.
Features:
- Connect button with a short-lived signed callback state and a single-use server-to-server authorization code.
- Live account plan and monthly pageview usage synchronized on connect and verification.
- Site ID configuration in Settings > CMPly.
- Auto-inject or manual embed mode for the CMPly SDK.
- HTTPS SDK loading from the official CMPly.app service.
- Optional SDK version query for cache busting.
- Optional language override with automatic browser-language detection by default.
- URL path exclusions with wildcard support.
- Editable Google Consent Mode v2 settings with global and regional consent defaults.
This plugin requires an active CMPly.app site configuration. CMPly provides the consent banner, consent storage, cookie/provider metadata, and related consent-management functionality.
External services
This plugin connects to CMPly.app, a third-party consent-management service, when CMPly is enabled and a Site ID is configured.
When an administrator chooses Connect or Verify, WordPress sends the site URL, connection identifiers, plugin version, and a short-lived connection code to CMPly. CMPly returns the Site ID and API key server-to-server. When an administrator opens, refreshes, or saves the Google Consent Mode screen, WordPress sends the site URL, Site ID, connection ID, API key, and GCM settings to CMPly. GCM responses are cached in WordPress for five minutes. The API key is stored as a non-autoloaded WordPress option, is never printed in public HTML, and is deleted on disconnect or uninstall.
The administrator-side connection and GCM requests use CMPly endpoints under https://cmply.app/api/integrations/wordpress/, including /sites/{siteId}/gcm. These requests are used only to authenticate the WordPress connection and read or save the connected site’s settings.
The plugin loads the CMPly JavaScript SDK from:
https://cmply.app/sdk/init.js
The SDK may request these CMPly API endpoints in the visitor’s browser:
/api/sites/{siteId}to load banner settings./api/sites/{siteId}/cookies-listto load cookie details./api/sites/{siteId}/providersto load detected provider rules./api/sites/{siteId}/viewto record a banner/site view./api/consentto record a consent choice.
Data sent to CMPly may include the configured Site ID, consent categories selected by the visitor, consent metadata generated by the SDK, and standard request metadata such as IP address, user agent, referrer, and timestamp. CMPly uses this data to provide cookie consent functionality, consent records, analytics, and script-blocking configuration.
Service links:
- CMPly: https://cmply.app
- Terms of Service: https://cmply.app/terms
- Privacy Policy: https://cmply.app/privacy
