The WordPress coreCoreCore is the set of software required to run WordPress. The Core Development Team builds WordPress. development team builds WordPress! Follow this site for general updates, status reports, and the occasional code debate. There’s lots of ways to contribute:
Found a bugbugA bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.?Create a ticket in the bug tracker.
This post is a follow up to Feature Plugin Proposal: WP Consent API from 2020, which as part of the Core Privacy Roadmap, proposed a framework to allow extenders to coordinate user consent signals and help websites honor user privacy preferences.
Objective of this proposal
The legal and moral implications around respect for user consent and tracking have evolved steadily since the original proposal was published in 2020. Powering over 40% of the web, WordPress is in a position to lead by example and provide site operators built-in and extensibleExtensibleThis is the ability to add additional functionality to the code. Plugins extend the WordPress core software. means to address these concerns. This proposal seeks to gather consensus around adopting the WP Consent APIAPIAn API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. for inclusion in CoreCoreCore is the set of software required to run WordPress. The Core Development Team builds WordPress..
A brief history of the API
In early 2020, the WP Consent APIfeature pluginFeature PluginA plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. was announced. It enables the setting and retrieval of user consent preferences, made accessible to plugins that register with the API. It was designed to be lean and unobtrusive, opt-in only, and with no UIUIUser interface.
Rather than try to enforce cookie-setting compliance itself, the API lets opted-in plugins verify consent before placing cookies. It also allows consent categories to be defined and user choices set and stored by consent management providers (CMPs) and other extenders, where the technical and legal details around the various flavors of consent can be managed outside of WordPress.
In December 2020 the Consent API feature was swept up along with other features during a clean up of the features list, and marked as “Closed”. However, subsequent discussions in #core-privacy in following months were incognizant of the change, and there was confusion that it had been marked closed when attempts were made to move the pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to the WordPress GitHubGitHubGitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ org.
In March 2024, enforcement of the European Union’s Digital Markets Act (DMA) began, and adoption of the plugin has since grown from under 1,000 to over 100,000 active installations. Uptake of the plugin can largely be attributed to consent-requiring plugins such as Google Site Kit, WooCommerce, and WP Statistics, which use the API to support site analytics, advertising, marketing, and tagtagA directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) management.
Beyond the DMA, there are numerous other privacy-focused regulations around the world that over the past few years have come into effect, or will soon. User consent is a key theme to achieving many of these protections, and WordPress can provide the foundation on which consent plugins interact.
Considerations for Core adoption
The API has remained largely unchanged since its introduction, so would likely require refreshing to meet today’s Core merge expectations. There may also be features that need to be revisited, such as how non-consent-related plugins appear in Site Health recommendations.
Along with the API, Core could implement a default cookie “popup” or blockBlockBlock is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. that could be activated similar to the built-in Privacy Policy feature. This would give site owners a simple mechanism to request and track consent (cookie-based), and be customizable without requiring an additional plugin.
A sample use would be to request “statistics” consent through the popup, styled through a theme, and wrap client-side tracking code inside a wp_has_consent() check. Extenders can take things further by expanding the default categories and storage mechanism for more advanced integrations, as current adopters of the API do today.
Considering the original intent that this feature be merged to Core, agreement from Rogier that it remain available to the community, and the API’s adoption by other vendors, officially bringing the plugin into the WordPress org would send a clear signal to site owners and extenders that this is a community-built and supported standard.
What do you think about WordPress paving the way for easier integration of consent-based privacy controls? Please comment below, especially if you have dealt with implementing consent management in WordPress.
You must be logged in to post a comment.