Note: This implementation is performed on a WordPress website using a pre-2023 Cookiebot account with a Plus plan. The steps should be similar for other website types, account types, and plans. As of mid-2025, Cookiebot pricing plans have been changed and any premium tier should provide sufficient access to premium features.

After a recent overhaul of the Confidence Interval website and data privacy standards, we had the opportunity to assess the current landscape of CMPs (Cookie Management Platforms) and consent banners. We have prior experience implementing Cookiebot, and in order to fill the void that is a blog post outlining the true down-and-dirty work of a full, custom Cookiebot implementation, we took notes. 

There are three major steps: 

1. Implementation 

2. Configuration 

3. Customization 

This post will cover the first two, implementation and configuration, but due to the amount of information and code to cover for a fully customized banner, we will break the section on customization out into its own blog. 

Implementation 

1. Since the site is built on WordPress, you simply need to install the free Usercentrics-developed Cookiebot plugin available through the WordPress Plugin Directory.  

2. Once the plugin is installed and activated, head over to Cookiebot.com and create an account or log in to your existing one.  

Note: At the time of writing, there are three login options. The one you will use is determined by the age of your account. Since ours was created prior to September 18, 2023, our interface may appear slightly different from yours. 

3. Create your first domain group. Since we will be creating two different groups (GDPR vs Non-GDPR), it is beneficial to name this group accordingly. If you would like, you can also create your GDPR domain group now, but we will circle back to that later when the requirements begin to diverge. 
   

4. The next step is to add your site domain name to the Domains table. This lets Cookiebot know it needs to scan your website each month (or day, if you choose) for cookies and tracking technologies. 
   
   

5. After the Domain Group is created, it is simply a matter of retrieving your Domain Group ID from the Your Scripts tab in the settings. No screenshots of this one, since the page includes quite a bit of sensitive data, like API keys and scripts that you can use to implement the banner manually. We just grab that ID and copy-paste it into the WordPress Cookiebot plugin dashboard. 

Configuration 

6. Moving back to the Cookiebot dashboard and over to the Banner tab, we can begin working on basic configuration. Cookiebot offers a default banner template for all tiers of subscriptions, called “Swift” that allows for quick and easy setting adjustments. 

7. In this tab, you can make some quick and simple changes, such as adjusting banner position, updating the theme color, and uploading your logo. 
   

8. Furthermore, there are quite a few options regarding what exactly the banner even does. For our non-GDPR banner, we decided to go with the straightforward option that would address legality with any users who might fall under data privacy acts within the US (California, Colorado, etc.). For this, all you need to do is select “Do Not Sell or Share (Opt-in)” from the Opt-in / Opt-out settings dropdown. 

9. Since we decided to establish our non-GDPR banner first, we had the opportunity to utilize Implied Consent or, in short, the ability to automatically submit consent approval if the user begins to interact with the website (specifically, by scrolling). While this provides a more pleasant user experience, it is forbidden by GDPR regulations, which means that we have our first major divergence in our banner requirements.  

10. Locate the Geotargeting setting at the bottom of this tab. The dropdown should be set to “All visitors” by default. Ensure this is the case before moving on to the next step. 

11. If you haven’t already, create a second domain group and give it a name to reflect that it will be used for GDPR compliance. DO NOT add another domain to the new domain group, it will result in additional costs.

12. Following steps 6-8 again, set up this new GDPR compliant domain in the Banner tab. There will be three key differences: 

• Instead of “Do Not Sell or Share (Opt-in)”, we will select “Inline Multilevel”, and then below the dropdown in the Pre-checked boxes section, ensure all three boxes are unchecked.  

If you would like more information, this article by Cookiebot does a wonderful job of outlining the reasons, but in short, a ruling by the CJEU (Court of Justice of the European Union) determined that explicit consent would need to involve the user actively ticking the box themselves. 

• Second, our consent method will need to be updated to use Explicit Consent. GDPR regulations mandate that interaction with a website does not equal consent. 

• The Geotargeting dropdown (at the bottom of the Banner tab) will need to be set to “Visitors from the EU/EEA only”. 
  

13. If you would like (and we recommend you do so), move over to the Privacy Trigger tab and activate the trigger on both your GDPR and Non-GDPR configurations. This allows users to view and change their current consent state. Feel free to make some changes to the colors and positioning of the trigger button while you are here. 

14. Before moving back to the WordPress side of things, we can look at the Content tab. For our website, we decided to leave these settings alone, but if you would like to change the text in your banner, wording of the buttons, or even set up a second language option, you may do so here. 

15. Now moving back to the WordPress dashboard, we have a few items to address. 

16. Starting with the most important item for enabling our GDPR functionality, head to the Multiple Configurations tab and enable the Multiple Configurations toggle under Additional Configurations. 

17. Scrolling down to the bottom of this tab, we can now see some text entry boxes for additional Domain Group IDs. There should be an existing entry for you’re the Domain Group ID you already entered on the General Settings tab, and the Region should say “Primary Domain Group”. What this means is that your primary (in this case, non-GDPR) banner will appear everywhere. 

18. To add GDPR countries, copy the Domain Group ID from the Your Scripts tab on the Cookiebot dashboard, then return to the Multiple Configurations tab in WordPress and enter it into the first empty Domain Group ID box.  

19. This next step is a bit tedious, and my theory is that the WordPress plugin was created with the new version of the Cookiebot dashboard in mind. Despite setting our Geotargeting in the Cookiebot dashboard to display the GDPR banner to Visitors from the EU/EEA only, we now need to add the individual countries to the Region list. 

• The countries to include at the time of writing are:

Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom 

And with that, you should have a GDPR-compliant Cookie banner. We encourage you to test both of your banners by accessing the site from IP addresses in both non-GDPR and GDPR locations using a VPN. At this point, you could absolutely leave the banner as-is with the minor styling updates mentioned back in step 7, or you can keep an eye out for our upcoming post covering the creation of a fully custom Cookiebot banner. The process involves a bit of familiarity with HTML, CSS, and JavaScript, but we will do our best to break it down into short, modular snippets.