You Don’t Need a Cloud Service for a Cookie Banner (Do the Math)
Somewhere along the way, “show a consent dialog and remember the answer” became a SaaS category with per-domain pricing, monthly scans and a JavaScript bundle served from someone else’s CDN. For plenty of sites the cloud tier makes sense. For a typical WordPress site it is usually paying rent on something a small plugin does locally — and the cloud version can be worse for the very compliance it sells.
What the law actually requires of the banner
Strip away the marketing and GDPR/ePrivacy ask the banner layer for five things: prior consent before non-essential cookies (opt-in), granular categories rather than all-or-nothing, an equally easy reject option, the ability to withdraw later, and a record of the choice. Note what is absent from that list: cloud dashboards, monthly cookie scans, consent analytics, a vendor’s logo in your footer.
What the cloud services actually add
Fairness requires the honest version of their pitch:
- Automatic cookie scanning — genuinely useful on large sites where marketing adds tags weekly; mostly noise on a stable WordPress site whose stack changes twice a year.
- Consent logging at scale — relevant for enterprises expecting to demonstrate consent records for millions of users; a first-party cookie plus server logs satisfies most SMB scrutiny.
- Legal-text upkeep across 40 jurisdictions — valuable if you operate in 40 jurisdictions.
- IAB TCF support — actually necessary if you run programmatic advertising. If you don’t know what TCF is, you almost certainly don’t need it.
Where the cloud version quietly costs you
- An external request before consent. The banner script loads from the vendor’s CDN on every first visit — an ironic data flow for a privacy tool, and another third party for your privacy policy.
- A render-blocking dependency on someone else’s uptime, in front of every new visitor’s first paint.
- Per-domain subscription pricing that turns a solved problem into a permanent line item across your sites.
- Integration gaps: many cloud banners never touch the WP Consent API, so your WordPress plugins cannot react to consent even though the banner “works”.
What a good self-hosted banner must do
The bar is concrete: publish choices to the WP Consent API (so compliant plugins react automatically), emit Google Consent Mode v2 defaults early and updates on choice (so Google tags behave), respect Global Privacy Control, offer opt-in/opt-out/geo models, remain keyboard-accessible, and load zero external resources. That is a complete GDPR consent layer for a WordPress site — no invoice attached.
The honest decision rule
Choose a cloud CMP if you run programmatic ads (TCF), operate at enterprise scale, or need multi-jurisdiction legal maintenance as a service. Otherwise, a self-hosted banner that speaks WP Consent API + Consent Mode v2 does everything the regulator and Google require — faster, cheaper, and with one less data processor to disclose.
Consent Banner is exactly this: a free, self-contained banner that drives the WP Consent API and Consent Mode v2 with zero external requests. Get Consent Banner →