Site hardening plus Borlabs Cookie consent setup — security and compliance handled together, not as an afterthought.

What's required for GDPR-compliant cookie consent on a WordPress site?

A compliant setup needs: consent collected before non-essential cookies load (not after), granular accept/reject-by-category options, a documented consent log, and Google Consent Mode v2 integration if you run Google Ads or Analytics. Dotance implements this via Borlabs Cookie, configured — not just installed with defaults.

Security and GDPR get treated as separate problems, but the fixes overlap: both are about controlling what runs on your site and what data it touches. We harden WordPress at the basics that actually get exploited — login attempt limiting, file-edit lockdown, keeping core/plugins current — and then configure Borlabs Cookie so consent is collected correctly before any tracking script fires, with Consent Mode v2 wired in for Google Ads/Analytics.

What's included: security hardening audit (login, file permissions, exposed endpoints), Borlabs Cookie setup with category-based consent, Consent Mode v2 integration, and a documented compliance summary you can hand to legal.

Common Problems We Fix

My WordPress site got hacked — what do I do first?

First: don't panic-delete anything. Take the site offline or restrict access, restore from the last known-clean backup, then identify and close the entry point (usually an outdated plugin, weak admin password, or exposed xmlrpc.php) before bringing it back online — restoring without closing the hole means getting hacked again within days.

Borlabs Cookie is blocking Google Analytics/Ads even after consent.

Usually a category-tagging mismatch — the tracking script isn't correctly assigned to the "Statistics"/"Marketing" category Borlabs gates. Fix: audit each script's category assignment and Consent Mode v2 wiring.

I got a GDPR complaint/warning even though I have a cookie banner.

A banner that lets tracking scripts load before the visitor clicks accept isn't compliant — this is the single most common GDPR cookie mistake. Fix: verify scripts are genuinely blocked pre-consent, not just visually hidden behind a banner.

My login page keeps getting brute-forced.

Fix: login attempt limiting + renaming the login URL away from the default /wp-admin where bots concentrate attacks.

A plugin has a file-edit backdoor I didn't know about.

WordPress's built-in theme/plugin file editor is itself a common attack vector once an account is compromised. Fix: disable file editing via DISALLOW_FILE_EDIT, a basic hardening step often skipped.

Frequently Asked Questions

Is a security plugin enough on its own?

No — a plugin catches known attack patterns, but hardening (removing unused admin accounts, limiting login attempts, keeping software current) closes the gaps a plugin alone won't.

Does GDPR apply if my business isn't in the EU?

If any of your site visitors are in the EU/UK, yes — GDPR is about visitor location, not business location.

What's Google Consent Mode v2?

Google's framework for adjusting how Ads/Analytics behave based on a visitor's consent choice — required as of March 2024 for any site running Google Ads to EU/UK/CH visitors.

How do I know if my site is currently compromised?

Warning signs: unexpected admin users, unfamiliar files in wp-content, Google flagging the site as "hacked" in search results, or unexplained outbound traffic/spam. A hardening audit checks all of these.

Do you offer emergency hack cleanup?

Yes, as a one-off service independent of an ongoing maintenance plan — first step is always taking the site offline/restricting access before cleanup begins.

Is Borlabs Cookie free or paid?

Paid, one-time or subscription depending on plan — but it's the most reliable option we've found for genuine Consent Mode v2 integration, versus free alternatives that often only handle the banner UI, not the actual script-blocking logic.

Get a quote

Tell us about your project. We’ll get back within 24 hours with a clear assessment and timeline.

Get in touch

Quick question? Send us a message.