Back to home

gdpr logo



Depending on your WordPress site settings you can:

    1. update plugin directly from your WordPress dashboard: just go to the Plugins, search for Ultimate GDPR and click on “Update now”, then just follow the steps to update the plugin.
    2. You can also update plugin manually. To do this, go to the Downloads section of your Envato account:, search for the Ultimate GDPR plugin and download the new version (Installable WordPress file only). Then either upload a zip package with the plugin via Plugins > Add new in your WordPress dashboard (you will need to delete the previous version of the plugin first).
    3. If you have access to your WordPress site files directory, unzip the installable plugin package and replace the folder wp-content/plugins/ct-ultimate-gdpr with the new files.

You can check which version of the plugin you use after login to your WordPress admin dashboard. When in dashboard go to the “Plugins” list and search for “Ultimate GDPR & CCPA Plugin”. If you will see “Update now” button next to it, that means that new version is available. Alternatively, you can check plugin version in “Description” column on the plugins list and see if that’s the same version as visible in Changelog, that can be found at the bottom of the page, here:

It’s easy! Just go to the list of certified suppliers on IAB website, here:, open the list that applies to you and use “Search” field to check if your supplier is listed. When in doubt it’s always good idea to reach out your supplier directly.

We know that the amount of legal information in Ad Choices popup can be overwhelming, but we need to comply with standards set by IAB Europe and make sure that all required information and choices are included in a popup. Its content and available settings are subject to the compliance check and were diligently tested and approved by the TCF compliance team.

According to IAB Europe, new, updated deadline for launching TCF 2.2 is November 20th 2023.

If you are here, you probably do 😊 But jokes aside: you probably need a CMP solution for your website, that is TCF 2.2 compliant. Ultimate GDPR & CCPA is a certified CMP, but you can use any solution listed here:

We implemented changes required for TCF 2.2 compliance in version 5.0 of our Ultimate GDPR & CCPA plugin, so if you’re already using it, the only thing you need to do is update the plugin to version 5.+ and enable “TCF 2.2” compliance set of settings under TCF Compliance tab.

TCF is a Transparency and Consent Framework dedicated to bring standardization of the information and choices that should be provided to users over the processing of their personal data, and to how these choices should be captured, communicated and respected. TCF version 2.2 launches at 20th 2023.

If you are an online Publisher, advertiser or user of one of Google services like AdSense, AdMob, AdManager in EEA and you want to ensure the continuity of access to your services through Google platforms, you will need to use TCF 2.2 or 2.1 compliant solution on your website, or make sure that you partners are using one.

Website security

1. Make sure you are using the 2.5 version of our plugin

If not, the detailed guide on how to update the plugin is here:

- click 'update now' in WordPress Backend plugin section
- or you can also upload plugin manually – newest version

After updating the plugin, go to settings and check whether there are any additional, undesired values (see detailed instructions in point 2)

2. Check GDPR & CCPA settings in admin panel about Privacy Policy and Terms and Conditions (screenshot1, screenshot2)

Terms and Conditions of Ultimate GDPR & CCPA Plugin GDPR Privacy Check

2a. Check the settings of ‘Read More Custom URL’, 'Right to be forgotten' / 'Admin email to send new request notifications to' for any unverified links.

2b. If you can see any records not entered by you example: Example of hacked siteplease make sure to remove it from admin panel and Save settings.

3. That should secure your website.

Ways to update plugin to newest version:

- click "update new" in WordPress Backend plugin section
- or you can also update plugin manually via FTP client. Download the latest  version of the plugin in "Downloads" section of your Envato account and extract the plugin zip file. Then upload the folder you extracted from the zip file, named "ct-ultimate-gdpr" to the /wp-content/plugins/ folder on your web server. Then you need to go back WordPress dashboard of your website, and activate the plugin from your "Plugins" section.

Common Issues

Even if the Age Verification option from the Ultimate GDPR & CCPA plugin is active users still might try to access the page bypassing this option.

To fully prevent it, please make sure to choose a page for the Select 'my account' page.
This will fully block users from trying to browse the website without age confirmation, instead it will be directed to a chosen page.

The option is available in the WordPress dashboard on path Ultimate GDPR & CCPA > Age Verification > Options
Site age verification

Plugin includes experimental feature Pseudonymization. Which is encrypting user data in the database, then on page load user data is decrypted.

This type of functionality can require some server resources. If you see a higher load on the server, we recommend disabling Pseudonymization.

Not integrated Plugins

Plugins that are not integrated with Ultimate GDPR & CCPA may not function as expected or may create a conflict.

We do strive to integrate plugins that our users use. We're constantly adding new features, assuring compatibility with major plugins and themes.

Integrated Plugins

Plugins that are integrated have full compatibility with Ultimate GDPR & CCPA.

The following plugins are officially integrated:

  • Facebook Pixel
  • Google Analytics
  • Quform WordPress Builder
  • BuddyPress Plugin
  • Gravity Forms
  • Formidable forms
  • CleanTalk Plugin
  • WooCommerce
  • Contact Form 7
  • Mailchimp for WordPress
  • Mailster - Email Newsletter Plugin
  • Facebook Pixel
  • Flamingo
  • MailPoet Newsletters
  • WP Rocket Plugin
  • wpForo
  • PixelYourSite Pro
  • Metorik Helper
  • Klaviyo

There are thousands of plugins for WordPress, we can’t possibly include all the compatible ones in this list.

Don’t worry if you are using plugins not listed above. We created how-to with information how to integrate plugin on your own.

If you don't feel comfortable with editing the PHP code - we will do our best to help you with that - just contact us at [email protected] about new plugin integration. We're currently extending the GDPR & CCPA plugin and adding more features.

There are many factors that may affect the cookie consent from always showing.

These are some of the reasons why this happens:

  • In most cases this is due to a caching plugin / caching module enabled in the server. Currently, we have integration on most popular cache plugin (like WP Rocket Plugin). If you are using a caching plugin that is not integrated, the solution might be:

    1. Go to the Caching Plugin’s settings and search for the option to “allow cookies”.
    2. Add “ct-ultimate-gdpr-cookie” to allow GDPR cookies.
  • Option in Ultimate GDPR & CCPA > Cookie Consent > Advanced settings - ‘Show advanced cookie popup always, even when the consent is given’ is enabled. This will show the trigger for the Cookie Advance Settings.

  • Your server is running with old PHP version (<PHP 5.6) which causing the script to fail. Upgrading the server’s PHP version will make the site secure and advanced.

    • To check what the PHP Version of the server, read this page: LINK
    • To update the PHP Version of the server, read this page: LINK
  • There are javascript errors on your site (caused by other plugins/theme) which are causing the conflict.

There are thousands of plugins that are compatible with WordPress. Ultimate GDPR & CCPA is coded to be compatible with themes that are using WordPress Coding Standards, but some themes and plugins do not follow this standard and may cause issues with compatibility.

These are some steps to troubleshoot if there’s error/s when Ultimate GDPR & CCPA is activated:


Create a Backup for your site before doing these steps to prevent any issue with your site.

Check for Theme Conflicts

  • Change into a default WordPress theme and check if the issue still persist.
  • If the issue doesn’t persist, the issue is caused by the theme.
  • If the issue still persist, please proceed with Check for Plugin Conflicts.

With the thousands of plugins that are available, one or more plugins have a chance to conflict with Ultimate GDPR & CCPA. We’re doing our best to integrate plugins user’s are using that are in conflict with Ultimate GDPR & CCPA.

To know which plugin is causing the conflict, follow this instructions:

Check for Plugin Conflicts

  • Disable all the plugins except for Ultimate GDPR & CCPA. Check if the issue is there, if not proceed with these instruction.
  • Activate plugins one at a time. After activating a plugin, check if the issue is there.
  • If the issue is not there, deactivate the plugin again and activate another plugin. Repeat this process until the issue is recreated.
  • If the issue is there, then this issue is due to this plugin.
  • Check the plugin’s settings if there is a setting that is making the conflict with Ultimate GDPR & CCPA.

For premium plugin integration, share test access to website with the mentioned plugin for faster integration.

You can also manually integrate plugins by following these instructions.

Analytics and Statistics

Since installing the plugin I’ve seen a big drop in traffic. Today I found out that it was because the plugin blocks analytics as standard.

In GDPR & CCPA plugin we provide several options to manage your Google Analytics tracking. Please check the available options below:

  1. Allow Google Analytics to always track all users like before
    ⇒ Make sure that you triggered cookie detector and Google Analytics cookies are listed in Services Manager (⇥how to use Service manager)
    Edit Google Analytics service
    Uncheck the Do you want to activate this service? checkboxdeactivate service⇒ Save changes with Update button

  2. Track Users Anonymously
    ⇒ Make sure that you triggered cookie detector and Google Analytics cookies are listed in Services Manager (⇥how to use Service manager)
    Edit Google Analytics service
    Uncheck the Do you want to activate this service? checkbox
    ⇒ Add Google Analytics Tracking ID in Ultimate GDPR & CCPA > Cookie popup screen
    ⇒ Enable Google Analytics anonymized IP trackinganonymized google analytics ip tracking⇒ Save Changes

  3. Set default privacy group to Analytics (enable tracking before user's consent)
    ⇒ Make sure that you triggered cookie detector and Google Analytics cookies are listed in Services Manager (⇥how to use Service manager)
    Edit Google Analytics service
    Check the Do you want to activate this service? checkboxactivate service⇒ Set the type of cookie to level of your choice (by default it will Analytics) and remember your choicetype of cookie⇒ Save changes with Update button
    ⇒ Navigate to Cookie Consent > Advanced Settings > Additional Settings
    ⇒ Change default privacy group to the same as type of cookie selected for Google Analytics service

    default privacy group

    ⇒ Save changes

Using the Google Tag Manager to manage your Google Analytics makes it faster and easier.


Install Google Tag Manager first in your site so that it can monitor the sites activity.

In the Tag Manager, create the Tag for Google Analytics. You can use a pre-existing Google Analytics ID.

By using Google Tag Manager, you can customize how Google Analytics behave in your site.

For information on how to install and setup Google Tag Manager, click here.

Our cookie scanner ('Detect Cookie' button) is using parameters to access the site and find the lists of cookies that site are using.

To prevent Google Analytics from counting Cookie Scanner stats, you need to filter ?ctpass=1 requests. It can be achieved with Google Analytics IP address filter

To know how to create an IP address filter, click

Our cookie scanner is using URL /?ctpass=1 parameter to access your site and find all the cookies that site is using.
To prevent Google Analytics from counting stats for ?ctpass=1 requests - just create an IP address filter.
Our cookie scanner IP is:


Although we are trying to make sure these IPs won't change, due to increasing popularity of cookie scanner some new IPs may be added. If you happen to see any cookie scanner activity in your Google Analytics account, please verify you have all IPs added.

How to create an IP address filter?
Check this documentation from Google Support:


Why is it that Not All Cookies are Found on my site?

The Cookie scanner is mimicking the site’s user, which is surfing the website.

What the user is doing, accessing, or loading on the site will affect the amount of cookies that are in the site.

In these rare situations, cookie scanner cannot detect the cookie, for example:

  • A particular cookie is added not on page load, but later.
  • A particular cookie is added after user somehow interact with the site (clicking on the link, submitting the form, etc).

To learn more about how to block cookies, read this part of the documentation.

Why are some cookies not Blocked?

These are some of the reasons why this happens:

  • User have visited the site before the plugin was activated.

    We don’t want to block all the cookies since the user already interacted with the site.

    These cookies are saved in the users computer and could be removed by clearing the computer’s cache history.

  • Cookie is essential for the site to work. (example: PHP session)

    These are cookies that are needed for your site to work properly. These cookies are usually added in the cookie whitelist.

    To know more about Cookie Whitelist, read this part of the documentation.

  • The cookie is a “third party” type.

    Opposite to a “first party” cookie, a “third party” cookie couldn’t be block using standard programmatical methods.

    The only way to do it is to prevent the script that is adding the cookie from initializing.

    We’re trying to find ways to do so, but there are some rare occasions that it isn’t possible/difficult to block such scripts.


    You can read more information about third party cookies here.

  • The cookies are created by other plugins that are not integrated with Ultimate GDPR & CCPA.

Cookies that are generated by the active plugins in the site.


How to remove cookies that are generated before plugin is installed?

It’s not always possible to remove existing cookies. For example, “third-party” cookies cannot be removed programmatically. The only way to “block” them is to prevent them from creating.

Users can also remove them manually, by going to the browser settings and clear cookies there (users can also use CTRL + Shift + Delete shortcut to open the browser settings for clear cookies).


The Cookie Groups for Ultimate GDPR & CCPA are cookie levels, where you would need to pass level 1 to get to level 2. These levels have cookies that are set in them and when you pass to another level, these cookies will also remain.


The Cookie Privacy Setting / Trigger will show when Use advanced cookie groups popup is activated in Ultimate GDPR & CCPA > Cookie Consent > Advance settings tab.
Advanced cookie groups popup setting

We believe that this more intuitive and easier manageable for customers, when they don't need to investigate every single cookie's purpose from each group, but have simple choice between Level 1, 2, 3, or 4 of tracking, where they need to just decide whether they would allow more advanced tracking or just the necessary information.

Please note that all information within every cookie group can be edited and each group can be easily disabled. More information about cookies groups can be found in GDPR Documentation.

Cookie Scanner

The Cookie scanner is mimicking the site's user, which is surfing the website.

What the user is doing, accessing, or loading in the site will affect the amount of cookies that are in the site.

In these rare situations, cookie scanner cannot detect the cookie, for example:

  • A particular cookie is added not on page load, but later.
  • A particular cookie is added after the user somehow interacts with the site (clicking on the link, submitting the form, etc).

To learn more about how to block cookies, read this part of the documentation.

There are a few reasons why the scanner might not working on the website. Please make sure that:

  • Website on which the Cookie Scanner is used is publicly accessible, otherwise, the scanner can't access the website.
  • From version 1.7.7 of the plugin, the Cookie Scanner feature won't work until license code won't be added in the correct field of the plugin.

From version 1.7.7 Ultimate GDPR & CCPA plugin will ask to add a license key. It's a new requirement that needs to be fulfilled to be able to use the Cookie Scanner feature.

Ultimate GDPR & CCPA Plugin License Key Missing


Activating cookie scanner

To activate the Cookie Scanner please go from the WordPress dashboard to Ultimate GDPR & CCPA > License or click the link available in the dashboard message.
You will find there the field where you can enter your license key.


GDPR License Key


Don't know where to find your license key? Please follow the instruction under this link.