Site hardening plus Borlabs Cookie consent setup — security and compliance handled together, not as an afterthought.
What's required for GDPR-compliant cookie consent on a WordPress site?
A compliant setup needs: consent collected before non-essential cookies load (not after), granular accept/reject-by-category options, a documented consent log, and Google Consent Mode v2 integration if you run Google Ads or Analytics. Dotance implements this via Borlabs Cookie, configured — not just installed with defaults.
Security and GDPR get treated as separate problems, but the fixes overlap: both are about controlling what runs on your site and what data it touches. We harden WordPress at the basics that actually get exploited — login attempt limiting, file-edit lockdown, keeping core/plugins current — and then configure Borlabs Cookie so consent is collected correctly before any tracking script fires, with Consent Mode v2 wired in for Google Ads/Analytics.
What's included: security hardening audit (login, file permissions, exposed endpoints), Borlabs Cookie setup with category-based consent, Consent Mode v2 integration, and a documented compliance summary you can hand to legal.
Common Problems We Fix
My WordPress site got hacked — what do I do first?
First: don't panic-delete anything. Take the site offline or restrict access, restore from the last known-clean backup, then identify and close the entry point (usually an outdated plugin, weak admin password, or exposed xmlrpc.php) before bringing it back online — restoring without closing the hole means getting hacked again within days.
Borlabs Cookie is blocking Google Analytics/Ads even after consent.
Usually a category-tagging mismatch — the tracking script isn't correctly assigned to the "Statistics"/"Marketing" category Borlabs gates. Fix: audit each script's category assignment and Consent Mode v2 wiring.
I got a GDPR complaint/warning even though I have a cookie banner.
A banner that lets tracking scripts load before the visitor clicks accept isn't compliant — this is the single most common GDPR cookie mistake. Fix: verify scripts are genuinely blocked pre-consent, not just visually hidden behind a banner.
My login page keeps getting brute-forced.
Fix: login attempt limiting + renaming the login URL away from the default /wp-admin where bots concentrate attacks.
A plugin has a file-edit backdoor I didn't know about.
WordPress's built-in theme/plugin file editor is itself a common attack vector once an account is compromised. Fix: disable file editing via DISALLOW_FILE_EDIT, a basic hardening step often skipped.
Frequently Asked Questions
Is a security plugin enough on its own?
No — a plugin catches known attack patterns, but hardening (removing unused admin accounts, limiting login attempts, keeping software current) closes the gaps a plugin alone won't.
Does GDPR apply if my business isn't in the EU?
If any of your site visitors are in the EU/UK, yes — GDPR is about visitor location, not business location.
What's Google Consent Mode v2?
Google's framework for adjusting how Ads/Analytics behave based on a visitor's consent choice — required as of March 2024 for any site running Google Ads to EU/UK/CH visitors.
How do I know if my site is currently compromised?
Warning signs: unexpected admin users, unfamiliar files in wp-content, Google flagging the site as "hacked" in search results, or unexplained outbound traffic/spam. A hardening audit checks all of these.
Do you offer emergency hack cleanup?
Yes, as a one-off service independent of an ongoing maintenance plan — first step is always taking the site offline/restricting access before cleanup begins.
Is Borlabs Cookie free or paid?
Paid, one-time or subscription depending on plan — but it's the most reliable option we've found for genuine Consent Mode v2 integration, versus free alternatives that often only handle the banner UI, not the actual script-blocking logic.