A few weeks ago, I was helping a friend prepare their WordPress site for GDPR compliance when I made a startling discovery.
There were email marketing pixels from Drip firing on every page load, capturing visitor behavior before users even knew data was being collected. Plus, they had Reddit Ads tracking scripts that were building user profiles in the background.
The legal implications hit me immediately. Under GDPR and CCPA regulations, websites must obtain explicit user consent before loading most third-party scripts that process personal data. This meant blocking cookies from these third party scripts before consent.
Unfortunately, WordPress doesn’t come with a built-in system to block such scripts. That’s when I discovered WPConsent, a plugin designed specifically for managing consent and blocking unauthorized third-party scripts.
In this article, I’ll show you how to block custom scripts and iframes in WordPress.
Why Block Custom Scripts and iFrames in WordPress?
The biggest privacy headache I’ve encountered with WordPress sites comes from scripts that load automatically without asking permission first. Most website owners don’t even realize how many third-party services are collecting their visitors’ data.
When you install an email marketing service like Drip or Constant Contact, these tools often insert tracking pixels that monitor every page your visitors view.
Similarly, social media advertising tools like Reddit Ads pixels and Facebook tracking pixels can identify visitors across multiple websites, creating comprehensive digital fingerprints.
Developer tools also create their own compliance challenges. For example, GitHub embeds and custom iframes might seem harmless, but they transmit visitor IP addresses and collect other user data.
To make sure your WordPress site complies with privacy laws like GDPR and CCPA, it’s important to get consent from users before these services can load cookies and scripts on your site.
The consequences of non-compliance go beyond potential fines. Privacy-conscious visitors often leave websites immediately when they detect unauthorized tracking. Your site’s reputation also suffers when users discover their data was collected without permission.
That said, let’s look at how you can easily block custom scripts and iframes in WordPress.
Blocking Custom Scripts and iFrames in WordPress
The best way to stop custom scripts from loading cookies on your website is by using WPConsent.
It is the best cookie management plugin for blocking unauthorized scripts. The plugin works by intercepting scripts before they load and checking whether users have given proper consent. If consent hasn’t been granted, then it prevents services like Drip and other embeds from accessing visitor data.
The best part about using WPConsent is that it offers a pre-built library of services, helps create a consent banner, manage logs, create a Do Not Track form, and more.
Note: For this tutorial, I will use the WPConsent Pro version because it includes custom script blocking feature along with other advanced options like the service pre-built library, Do Not Track addon, geolocation templates, and more. However, there is also a WPConsent Lite version which you can use for free and scan your site for cookies.
With that, let’s look at the steps you can follow to prevent custom scripts and iframes from loading before consent.
Step 1: Install and Activate WPConsent Plugin
First, you will need to visit the WPConsent website and signup for a new account.
After that, you can head to your WPConsent account area and go to the ‘Downloads’ tab.
Go ahead and click the Download WPConsent button and save the plugin ZIP files on your computer.
Once you’ve saved the plugin files, the next thing to do is install and activate them on your WordPress site. If you need help, then please see our guide on how to install a WordPress plugin.
After that, you’ll see the WPConsent setup wizard. Simply click the ‘Let’s Get Started’ button and follow the onscreen instructions.
Step 2: Create a Service for Your Custom Script
Now that WPConsent is up and running on your site, you’ll need to go to WPConsent » Settings and head to the ‘Cookie’ tab.
From here, you can click the ‘Add A Service’ button to add your custom service
Next, a new window will open where you can enter the details of your custom service.
You’ll need to select the category, service name, description, and privacy policy URL (optional).
When you’ve entered these details, go ahead and click the ‘Save’ button.
Step 3: Add Cookie Details for Your Custom Service
Next, you will need to enter cookie details for the custom service you just created.
To start, you can click the Add A Cookie button under the ‘Cookie’ tab in WPConsent settings.
On the next screen, you can select your service from the dropdown menu (like Reddit Ads), enter a cookie name, ID, description, and duration.
When you’re finished, simply click the Save button.
That’s it, your custom service and its cookies details are now added to WPConsent.
Step 4: Add Custom Script/iframe to Block
Next, you will need to head to WPConsent » Settings from your WordPress dashboard and then switch to the ‘Advanced’ tab.
To block your custom script or iframe, simply click the Add Custom iFrame/Script button.
Next, a new window will open where you can enter details of your custom script.
You can start by selecting a category and picking the service you created earlier. After that, select whether it is script or iframe, and then enter the script or iframe tag.
To demonstrate, let’s run with the Reddit Ads example where you added the script to your site using WPCode. First, you’ll need to click the Category dropdown menu and select the service category (essential, statistics, or marketing).
Once that’s done, you can then click the Service dropdown menu and choose the ‘Reddit Ads’ option.
Next, you’ll need to give WPConsent a unique piece of text to look for within that script. For example, Reddit Ads script has a source URL that you can use as a unique identifier, which looks like this: www.redditstatic.com/ads/pixel.js.
WPConsent also lets you add Script Keywords if your script includes JavaScript functions to block that are dependent on the main script. In case of an iframe, the plugin lets you add Blocked Elements and enter CSS selectors for elements to block before consent.
Once that’s done, you click the ‘Save’ button. You will now see your custom script added to the list. For instance, the Reddit Ads script appears under Marketing Scripts.
WPConsent will now start blocking the custom script or iframe before consent on your site.
FAQs About Blocking Custom Scripts and iframes
Here are some common questions about preventing custom scripts and iframes in WordPress before consent:
1. Why is it important to block custom scripts and iframes in WordPress for GDPR compliance?
Blocking custom scripts and iframes in WordPress are essential for GDPR compliance because it prevents unauthorized loading of third-party services that collect personal data without explicit user consent. This helps avoid legal penalties and protects user privacy.
2. Can I block specific third-party tracking scripts like Reddit Ads or Facebook pixels using WPConsent?
Yes, WPConsent allows you to create custom services and add specific third-party scripts or iframes such as Reddit Ads pixels or Facebook tracking pixels, setting criteria for blocking them until user consent is provided.
3. How does WPConsent help in managing and blocking scripts in WordPress?
WPConsent helps manage and block unauthorized scripts in WordPress by intercepting scripts before they load, checking user consent, and blocking services like tracking pixels or iframes if consent has not been granted, thereby ensuring compliance with privacy laws.
I hope this article helped you learn how to block custom scripts and iframes in WordPress. You may also want to see our guide on how to block Google Maps widget before consent in WordPress and how to manage cookie consent data in WordPress.
If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.
