Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Moove GDPR Cookie Compliance is a free WordPress plugin from Moove Agency that adds a configurable consent banner and a preferences manager to a WordPress site. The plugin lives entirely on the publisher's server : it does not call out to any external endpoint, does not phone home, and stores the visitor's consent decision in a single first party cookie. As a Consent Management Platform it is the tool that fulfils GDPR Article 7(1) and ePrivacy Article 5(3) consent obligations rather than a tracking technology itself.
Moove GDPR Cookie Compliance is a popular WordPress plugin that adds a cookie banner, a preferences manager and a script blocker to a WordPress site. It is developed by Moove Agency in the United Kingdom and offered both as a free plugin and in a Premium edition with extra features (Google Consent Mode v2, IAB TCF support, scan import). It is installed on the publisher''s own WordPress server, like any other plugin.
On the visitor side, the plugin only stores a single first party cookie named moove_gdpr_popup that encodes the consent decision (strict, advanced, performance, third party, all). On the publisher side it can store a consent log in the WordPress database with IP, timestamp and chosen options. There is no external call at runtime in the default configuration. The IP based geolocation toggle, if enabled, calls a third party geolocation service and should be disabled when EU only operation is required.
As a Consent Management Platform, the plugin is the tool that helps the publisher comply with Article 7(1) GDPR (record of consent) and Article 5(3) ePrivacy (prior consent before non strictly necessary cookies). The single cookie it sets is itself strictly necessary and exempt from consent. The lawful basis for storing the consent decision is Article 6(1)(c) GDPR (compliance with a legal obligation).
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
The free version does not auto detect every third party script: anything the plugin does not recognise will fire before consent. Always test the site with the browser dev tools and a consent denied state, and add manual rules for any embed (Google Maps, YouTube, Hotjar, Meta Pixel) that the plugin does not catch. Verify that the script category mapping matches the consent the user actually gave.
Configure the categories you really use (strict, performance, marketing) and remove the rest. Disable the IP geolocation toggle if EU only. Enable the consent log and set a retention period. Audit the rendered HTML in a consent denied state at every deployment. Document the plugin in your processing register as the tool fulfilling the consent obligation, not as a tracker.
Websites using Moove GDPR Consent must obtain user consent under GDPR regulations.
DPIA considerations
Moove GDPR Cookie Compliance is the layer that brings WordPress into ePrivacy and GDPR alignment, not a tracker. Key considerations : (1) the plugin only ever stores the consent decision itself, so it does not introduce its own DPIA risk; (2) the real risk lies in how the publisher configures the script blocker, every uncategorised third party script can fire before consent if it is not enumerated in the plugin settings; (3) the plugin shipped a Geolocation IP API toggle in older versions that calls an external service, this feature should be disabled on EU only deployments; (4) the consent log is stored in the WordPress database alongside the visitor's IP and timestamp and is therefore personal data with its own retention policy; (5) for multisite or large networks the plugin should be replaced with a server side CMP that supports a central audit trail. A DPIA is generally not required for the plugin itself.
Sample consent text
Our cookie banner is powered by Moove GDPR Cookie Compliance, a WordPress plugin installed on our own server. The banner stores your consent decision in a single first party cookie (moove_gdpr_popup) on this domain. No data is sent to a third party, and the plugin does not track you. You can change your decision at any time using the Cookie Settings link in the footer.
Third-party domains contacted
mooveagency.comwordpress.org/plugins/gdpr-cookie-complianceCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| moove_gdpr_popup | Strictly necessary | 1 year | Stores the visitor's consent decision (accepted, rejected, granular) so the banner is not shown again on subsequent visits. |
Moove GDPR Consent is an essential service, but transparency matters. Manage all your consent with FlowConsent.
A single first party cookie named moove_gdpr_popup with a 1 year lifetime that encodes the visitor's consent decision. No other cookie comes from the plugin itself.
No. Storing the consent decision is strictly necessary to honour the user's choice and is exempt from consent under Article 5(3) ePrivacy.
Article 6(1)(c) GDPR (compliance with a legal obligation) for storing the consent decision. The third party scripts the plugin controls each rely on consent (Article 6(1)(a)) when fired after acceptance.
Not by default. The plugin is self hosted on the publisher's server and does not call any external endpoint. The optional IP geolocation feature, if enabled, may call a third party service and should be disabled for EU only operation.
No for the plugin itself. A DPIA may still be required by the third party scripts that the plugin blocks or allows (analytics, ads, embeds), but those have their own scope.
Enumerate every third party script the site loads and assign it the right category. Test with consent denied in the browser dev tools. Disable IP geolocation if EU only. Enable the consent log with a defined retention. Use the granular categories rather than a binary accept or reject.
Yes : Complianz, CookieYes, Borlabs Cookie (Germany), Klaro, Cookie Notice & Compliance for GDPR or the open source FlowConsent for a fully European, hosted CMP. Each has different strengths in script auto detection, multilingual support and TCF integration.
List moove_gdpr_popup as strictly necessary with its domain (your own site) and lifetime. Document that no data leaves the site via the plugin. Mention Moove Agency only as the plugin author, not as a recipient of personal data.