Minimalistic Cookie Notice for WordPress (under 2KB, no plugin)
A 2 KB cookie notice for WordPress — no plugin, no cookie wall, no scripts in the critical path. Drops a dismissible banner in the footer and remembers the choice for one year. That is the whole thing.
Most cookie-notice plugins weigh 40-80 KB of JS, inject a render-blocking stylesheet, and add 3-5 additional HTTP requests before the visitor can read your homepage. For a site that runs no third-party tracking (or only first-party analytics that do not require consent under most jurisdictions), that overhead is absurd. This snippet is what I run on gauravtiwari.org itself — HTML, tiny CSS, ~15 lines of vanilla JS. Dismisses, remembers, ships.
What this snippet does
- Renders a dismissible cookie banner in the footer with a single “Got it” button
- Stores the consent as a 1-year first-party cookie (
gt_cookie_notice=1) so the banner never reappears after dismissal - Ships inline CSS under 600 bytes and inline JS under 400 bytes — zero external requests
- Injects after DOMContentLoaded so it never blocks First Contentful Paint
- Respects
prefers-reduced-motionfor the fade-in animation - GDPR-note-compliant for sites that use no tracking or only essential/first-party cookies
Install and use
Drop the code into your child theme functions.php or a site-specific mu-plugin at wp-content/mu-plugins/cookie-notice.php. No settings page, no options — edit the message text directly in the function. If you actually run third-party tracking, replace this with a proper Consent Management Platform (Iubenda, CookieYes), not this snippet.
<?php
/**
* Minimalist cookie notice for WordPress.
* Place in child theme functions.php or mu-plugins/cookie-notice.php.
*/
add_action( 'wp_footer', function () {
if ( isset( $_COOKIE['gt_cookie_notice'] ) ) return;
?>
<style>
.gt-cookie-notice{position:fixed;inset:auto 1rem 1rem 1rem;max-width:30rem;margin-inline:auto;padding:.9rem 1.1rem;background:#111;color:#fff;border-radius:.6rem;box-shadow:0 10px 30px rgba(0,0,0,.25);font-size:.9rem;line-height:1.45;display:flex;gap:1rem;align-items:center;justify-content:space-between;z-index:9999;opacity:0;transform:translateY(6px);transition:opacity .25s,transform .25s}
.gt-cookie-notice.is-visible{opacity:1;transform:translateY(0)}
.gt-cookie-notice button{background:#fff;color:#111;border:0;border-radius:.4rem;padding:.4rem .8rem;font-weight:600;cursor:pointer}
@media(prefers-reduced-motion:reduce){.gt-cookie-notice{transition:none}}
</style>
<div class="gt-cookie-notice" role="region" aria-label="Cookie notice">
<span>This site uses first-party cookies to remember your preferences. <a href="/privacy/" style="color:#93c5fd">Privacy policy</a>.</span>
<button type="button" id="gt-cookie-accept">Got it</button>
</div>
<script>
document.addEventListener('DOMContentLoaded', function () {
var n = document.querySelector('.gt-cookie-notice');
if ( ! n ) return;
requestAnimationFrame( function () { n.classList.add('is-visible'); } );
document.getElementById('gt-cookie-accept').addEventListener('click', function () {
document.cookie = 'gt_cookie_notice=1;path=/;max-age=' + ( 60 * 60 * 24 * 365 ) + ';SameSite=Lax';
n.remove();
});
});
</script>
<?php
} );How it works
The PHP handler bails immediately if the gt_cookie_notice cookie is already set — no output, no wasted bytes. Otherwise it prints a scoped <style>, the banner markup, and a tiny inline script on wp_footer, ensuring HTML, CSS, and JS all sit in the same document so no render-blocking request fires. The script waits for DOMContentLoaded, adds an is-visible class on the next animation frame (for the fade-in), and on click writes a SameSite=Lax cookie with a 1-year max-age then removes the banner from the DOM.
Download and source
- Gist: gist.github.com/wpgaurav (search “cookie-notice.php”)
- Repo home for the full Simple Cookie Notice plugin: wpgaurav/simple-cookie-notice (if you want a real settings page)
- If you need full GDPR/CCPA with category toggles, use Iubenda — this snippet is NOT a consent management platform
FAQs
Is this GDPR/CCPA compliant?
For a site that runs no third-party tracking or only strictly-necessary first-party cookies, a notice like this is sufficient under most readings of GDPR. If you run Google Analytics, Meta Pixel, Hotjar, or any tracker that drops non-essential cookies, you need a real Consent Management Platform that gates those scripts behind an explicit opt-in. This snippet is not that.
Why inline the CSS and JS instead of enqueueing?
Because the whole point is sub-2KB and zero additional HTTP requests. Enqueueing would add two round trips on first visit and block rendering. Inline keeps it in the HTML payload where it belongs for a component this small.
How do I change the wording?
Edit the <span> content inside the PHP. It is a single line. No filter, no setting — if you want one, wrap it in apply_filters().
Does it conflict with Flying Press, WP Rocket, or Cloudflare APO?
No. All three respect wp_footer output and serve the inline script directly. The banner also never changes state based on HTML cache, only on the first-party cookie.
How do I reset the notice while I test?
Delete the gt_cookie_notice cookie in DevTools (Application → Cookies) or open an incognito window.
Can I use this on a WooCommerce or FluentCart store?
Yes, but only if your store runs no third-party tracking. Stripe, PayPal, and fraud-prevention scripts may set cookies you need to disclose and gate explicitly — a snippet like this cannot gate those, so use a full CMP.
Related snippets
- Remove spam links from WordPress comments — the privacy-compliance pair
- Simple Cookie Notice plugin on GitHub (if you want an admin UI)
- All PHP snippets