wpm

record-of-consent-extension-for-complianz

plugin

1.4.3 • public • Published yesterday

Stores custom consent records triggered by Complianz events with compliance tracking and auditing capabilities.

complianceconsentdatabaseprivacy
Overview Versions Dependencies

Description

This plugin works alongside the free Complianz plugin to helps you keep a clear, reliable record of your visitors' consents so you can stay on top of privacy rules and audits. It is designed specifically to save and manage consent records, making it ideal if you don’t need all the bells and whistles of Complianz Pro.

I built this plugin with care to give you a solid, easy-to-use tool that should meet GDPR requirements. However, it doesn’t guarantee full legal compliance, and none of its settings or descriptions should be considered legal advice.

That said, here's why you'll like this plugin:

  • Keeps user IDs anonymous so your visitors' privacy is respected while staying compliant with data laws.
  • 5-step wizard to get you started quickly.
  • Uses SHA-256 hashing to help ensure consent records cannot be changed or tampered with without being detected.
  • Lets you customize how you view consent records. You can show or hide details, pick custom dates, and see the full history of consents if you want.
  • Gives you advanced filters to find exactly the records you need.
  • Allows you to export all consent data, so you can keep a backup or review it offline.
  • Manages data with options to automatically clean up old records.
  • Thorough uninstall deletes all plugin data.

Installation

  1. Install and activate the free Complianz plugin.
  2. Upload and activate this plugin.
  3. Go to Settings > Record of Consent and run the 5-step wizard.
  4. Configure filters, labels, and retention options as needed.
  5. Consent records will be stored automatically when Complianz triggers consent events.

Frequently Asked Questions

Can I also add the country or city of origin of a visitor in each record?

A GDPR consent record requires only strictly necessary information to demonstrate compliance. Detailed geographic data, like country or city of origin, generally exceeds data minimization principles.

Can I use this plugin with other consent plugins?

No. This plugin is specifically designed to work with Complianz.

Do I need Complianz installed for this plugin to work?

Yes. This plugin relies on the free Complianz plugin to be active. Think of it as an add-on that extends Complianz's consent features.

Does this plugin replace Complianz Pro?

No. This plugin is made to work alongside the free Complianz plugin by adding just the consent recording part. If you want all the extra features, you would use Complianz Pro instead.

How do I verify consent records integrity?

Each consent record is protected with a SHA-256 hash that uses a secret salt. If someone changes a record directly in the database, the integrity check will detect the mismatch.

I don’t have any marketing cookies on my website, but I still see records showing “marketing allowed.” Why is that?

If your website doesn’t use marketing cookies, Complianz hides that category in the banner but still keeps it in the background data. That’s why you might see “marketing allowed” in your Record of Consent — it’s just a placeholder in the system. No marketing cookies are actually loaded or tracked, and you can safely ignore it.

Is this plugin compatible with Autoptimize?

Yes.

Is this plugin compatible with W3 Total Cache?

Yes.

Why are IP addresses not matching external analytics tools?

This usually happens because some hosting providers use reverse proxies or load balancers that don't forward the original visitor IP to PHP. In those cases, server-side tools (like this plugin) may record the proxy's IP, while browser-based analytics tools (which are usually client-side JS) capture the correct visitor IP.

This is a hosting infrastructure issue, not a plugin limitation. The plugin correctly stores consent records, but unreliable IP forwarding can make it harder to match records to specific users, which may affect compliance with data subject access or deletion requests.

The plugin includes a PHP multi-header fallback system to detect the real visitor IP when possible, by checking headers such as X-Forwarded-For or HTTP_CF_CONNECTING_IP. However, this cannot guarantee accuracy in all environments.

To improve detection:

  • Ask your hosting provider to enable X-Forwarded-For or X-Real-IP
  • Use a hosting service that fully supports IP forwarding
  • Use multiple identifiers (IP + User Agent + timestamp + UID)
  • Document this limitation in your privacy policy

Screenshots

Record of Consent

Record of Consent

Custom Label

Custom Label

Filtering Options

Filtering Options

Core Configuration

Core Configuration

Display Settings

Display Settings

Export & Maintenance Function

Export & Maintenance Function

Data Integrity Tool

Data Integrity Tool

Changelog

1.4.3

  • Fixed: Consent method detection now uses inference-based logic instead of non-existent Complianz events - content blocker consent is explicitly detected via cmplz_enable_category event, all other consent (banner/preferences) defaults to "banner" method.

1.4.2

  • Critical bug fix: Prevents database bloat from duplicate consent records on every page load. Recommended for all users.

1.4.1

  • Enhancement: Improved region filter extensibility and dynamic column support
  • Code Quality: Added filter hooks for enhanced modular architecture
  • Bug Fix: Pagination input trimming on record pages with multi-digit page numbers

1.4

  • Fixed: Yoda condition checks across all comparison statements
  • Fixed: Missing PHPDoc @param tags for function parameters
  • Fixed: Inline comment punctuation (added full stops)
  • Fixed: Missing @Package tag in file comments
  • Fixed: Converted all inline // comments to /** */ DocBlock format for classes and functions
  • Improved: Code compliance with WordPress Coding Standards (WPCS)
  • Improved: PHPDoc documentation completeness

1.3

  • Feature: Modular plugin architecture - optional features now available via drop-in module system.
  • Feature: Multi-header IP detection with Cloudflare, Nginx, X-Forwarded-For, and Client-IP support.
  • Feature: IP source tracking column for GDPR audit compliance (logs which header provided IP).
  • Enhancement: Collapsible settings tiles with persistent state.
  • Enhancement: IP Source column tooltip explaining reliability levels.
  • Security: X-Forwarded-For header extracts only first IP to prevent spoofing.
  • Database: Automatic schema upgrade adds ip_source column to existing installations.
  • Core: Generic module loader with auto-discovery in includes/module/ directory.

1.2.2

  • Feature: Advanced multi-header IP detection with priority fallback system (Cloudflare, Nginx, standard proxies).
  • Feature: Added ip_source column to track which HTTP header provided the IP address for GDPR audit compliance.
  • Feature: Debug logging for IP detection when CMPLZ_ROC_DEBUG is enabled.
  • Security: X-Forwarded-For header now extracts only the first IP address to prevent spoofing.
  • Database: Automatic schema upgrade adds ip_source column to existing installations.
  • Compatibility: Universal IP detection works on Cloudflare, Aruba, SiteGround, VPS, and shared hosting.
  • Code Quality: Added dynamic current date display to timestamp format options and reordered date/time formats with ISO 8601 recommended as default.

1.2.1

  • Compliance: Excluded consent denial records from storage per GDPR requirements (proof of refusal not required) by adding frontend validation to skip AJAX storage when users deny all cookies.

1.2

  • Feature: Added automatic database table migration when changing the table suffix in Settings, with full data verification and rollback on failure.
  • Security: Added confirmation dialog with backup recommendation before table suffix migration to prevent accidental data loss.
  • Security: Added esc_html() wrapper to all translated strings in wp_die() calls for proper escaping.
  • Security: Added esc_html() wrapper to number_format_i18n() output in pagination display.
  • Security: Added wp_unslash() to all $_POST variables before sanitization per WordPress standards.
  • Security: Added esc_sql() to table names in export functions to prevent SQL injection.
  • Code Quality: Improved WordPress Coding Standards compliance for WordPress.org submission.
  • Code Quality: Improved error logging for cancelled consent storage requests to reduce console noise.
  • Bug Fix: Removed region validation check that prevented consent storage when Complianz Free doesn't provide region data.
  • Bug Fix: Fixed consent storage failures when region field is empty or unavailable.
  • Bug Fix: Corrected error handling to allow storage with missing geographic data.
  • Documentation: Updated inline code comments for better maintainability.

1.1.9

  • Security: Added esc_html() wrapper to all translated strings in wp_die() calls for proper escaping.
  • Security: Added esc_html() wrapper to number_format_i18n() output in pagination display.
  • Security: Added wp_unslash() to all $_POST variables before sanitization per WordPress standards.
  • Security: Added esc_sql() to table names in export functions to prevent SQL injection.
  • Code Quality: Improved WordPress Coding Standards compliance for WordPress.org submission.
  • Code Quality: Improved error logging for cancelled consent storage requests to reduce console noise during rapid consent changes.
  • Bug Fix: Removed region validation check that prevented consent storage when Complianz Free doesn't provide region data.

1.1.8

  • Bug Fix: Removed region validation check preventing consent storage with Complianz Free.
  • Code Quality: Improved error logging for cancelled consent storage requests.

1.1.7

  • Code Quality: Fixed all WordPress Plugin Check errors and warnings for WordPress.org compliance.
  • Code Quality: Added translator comments to 9 translation strings with placeholders for better localization support.
  • Code Quality: Replaced all date() calls with gmdate() for timezone-safe date formatting (8 instances).
  • Code Quality: Prefixed all global variables in tab files with 'cmplz_roc_' to prevent conflicts (100+ variables).
  • Code Quality: Fixed sprintf() placeholder ordering to use numbered placeholders (%1$d, %2$d) for proper translation.
  • Bug Fix: Fixed JavaScript error when denying all consent categories by simplifying action_type logic in cm-roc.js.
  • Localization: Updated .pot translation template file with new translator comments and strings.

1.1.6

  • Code Quality: Replaced CSS nth-child selectors with semantic ID and class-based selectors for improved maintainability and readability.
  • Bug Fix: Fixed responsive column hiding where only table headers were hidden but data cells remained visible.

1.1.5

  • Bug Fix: Fixed bulk delete/export actions not working when triggered from bottom dropdown in Records tab.
  • Security: Replaced check_admin_referer() with wp_verify_nonce() in bulk action handlers to prevent nonce expiration issues.
  • Code Quality: Updated JavaScript confirmation dialog to check both top and bottom bulk action dropdowns.
  • Bug Fix: Removed undefined method call causing fatal error in consent storage (get_geographic_details).
  • Bug Fix: Updated frontend JavaScript to filter out functional and preferences categories, storing only statistics and marketing.
  • Code Quality: Cleaned up unused geographic detail processing in consent handler.

1.1.4

  • Security: Added capability checks in bulk export handlers to prevent unauthorized data access.
  • Security: Added table existence validation before all database operations to prevent SQL errors.
  • Security: Enhanced error messages in export functions to prevent information disclosure.
  • Bug Fix: Fixed critical issue where the database table was not created during wizard setup, causing consent storage failures.
  • Bug Fix: Fixed navigation issues where pagination and sorting controls incorrectly redirected between tabs.
  • Code Quality: Enhanced error handling with user-friendly messages for missing database tables.

1.1.3

  • Security: Fixed SQL injection vulnerability in database query methods by adding prepared statements and column whitelisting.
  • Security: Added missing capability checks in bulk action handlers to prevent unauthorized access.
  • Security: Enhanced XSS prevention with proper escaping of user-generated content in HTML attributes.
  • Security: Improved rate limiting by combining IP address and user agent for better fingerprinting.
  • Security: Strengthened IP anonymization verification to reject non-anonymized data instead of auto-correcting.
  • Security: Added input length validation to prevent DoS attacks from oversized data submissions.
  • Security: Enhanced table suffix validation with length limits and SQL keyword blocking.
  • Security: Improved error messages to prevent information disclosure about internal system structure.
  • Security: Added CSRF protection double-check for critical destructive actions.
  • Security: Enhanced JSON validation to prevent malformed data from being stored.
  • Code Quality: Removed redundant logging prefixes for cleaner error logs.
  • Code Quality: Updated plugin version constant to match current release version.

1.1.2

  • Wrapped UI text strings in PHP files for localization readiness (.mo and .po files).
  • Applied WordPress translation functions (__(), _e()) to all text strings.
  • Set up text domain for the plugin to support language file implementation.
  • Added Italian translation files for plugin localization.
  • Fixed minor CSS bugs and consolidated style rules for better maintainability.
  • Fixed an alignment issue in the Settings tab.
  • Introduced CSS variables for color control, allowing centralized color management.
  • Corrected alignment issues with checkmarks in the Records tab.
  • Removed a deprecated category from the Records tab (column & filter) and Settings tab (columns checkbox).

1.0

Initial release with full consent recording, tamper-resistant records, privacy-preserving user labels, advanced filters, export, and data retention features.

Upgrade Notice

1.0

Initial release. Adds essential consent record-keeping functionality alongside Complianz free.

Legal Notice & Disclaimer

This plugin is provided "as is," and the author makes no warranties, express or implied, regarding its accuracy, reliability, or legal compliance. By using this plugin, you acknowledge and agree that:

  • You are solely responsible for your compliance with GDPR, CCPA, and other applicable data protection laws.
  • You must update your website's Privacy Policy to disclose the collection and processing of consent data.
  • You should regularly back up your data and keep your site well-maintained.
  • None of the settings or descriptions in this plugin should be taken as legal advice.
  • The author expressly disclaims any liability for damages, data loss, or other issues arising from the use, misuse, or reliance on this plugin.
  • You use this plugin at your own risk, and the author assumes no liability for any resulting consequences.
  • Donations are welcome to support ongoing development but do not imply any warranty or official support.