We’ve just done a performance review of Foliovision.com and were not happy to find a some big issues with both our social media sharing plugin (Social Warrior) and with our GDPR plugin which is currently Moove GDPR Cookie Compliance. Moove’s GDPR Cookie Compliance is generating excessive queries and requires more helper files than it should.
Here’s a review of Moove GDPR Cookie Compliance against its serious WordPress competitors, Cookie Information, Complianz and CookieYes. Brace yourself – GDPR plugin reviews do not make appetising reading. Keep in mind these are the best plugins in the WordPress space with plenty of five star reviews and users.
Moove GDPR Cookie Compliance
102/125 five star reviews, 200000+ users, £159/year 5 sites
We’ve used both the free and paid version of the Moove GDPR plugin. I’m very sad to leave a negative review, as out of the up-to-date and maintained GDPR plugins (GDPR is another one of these modern constantly moving fences, which makes it impossible for publishers to set up websites and just continue to add content and carry on with their lives), Moove was the least offensive in terms of advertising and ongoing fees. At the time we bought the paid version it was €99/year. Now it’s €159 for 5 sites which is too much for what is effectively nuisanceware.
On the plus side, Moove does allow a publisher to not show cookie acceptance forms in jurisdictions where they are not required. There’s a built in geoIP querying system, with no additional costs. This was the nice touch which persuaded me to jump on board Moove in the first place. While the price is now too high, Moove does allow dev domains with a fair list of such domains including dev, staging, localhost, test, beta, pantheon, kinsta etc…
When your support and updates contract ends, Moove does not try to claw back its plugin and cripple it.
On the other hand, I hadn’t fully noted the technical inefficiency of the Moove GDPR Cookie compliance plugin. Performance is a big issue. Every page load generates 15 queries, mostly to update wp_gdpr_cc_options. There’s a .js file which is to be expected, but there’s two CSS files.
We also ran into an issue where our site’s Plugins page would not load for 40 seconds. It turned out that it’s a failed license check from Moove which runs every time we open Plugins. Even when the query runs successfully it takes a full half second for itself.
Moove_GDPR_License_Manager->validate_license()
This is holding hostage Moove’s paying users. I don’t mind paying but I do mind when developers make the lives of their paying users worse for the sake of their own convenience.
When I opened the mooveagency.com website to investigate current status of the plugin, my browser started to run slow. It turns out just having mooveagency.com open in a browser window runs at 20% CPU (as opposed to 0.1% CPU for the other sites, including WordPress.org I have open in Brave now for comparison).
Based on how their own website performs, it’s clear the Moove Agency consider it okay to hijack the browsers of their visitor. Alas their GDPR plugin reflects this attitude, with excessive queries and poor performance. As the other plugins in this category are so astonishingly awful (high monthly fees, embedded adware – see dhager’s review of Cookie Information for example), Moove gets 2.5 stars from me.
Cookie Information | Free GDPR Consent Solution
76/138 five-star reviews, recent reviews mostly 1 star, 100000+ (still) users
Here’s what happened to Cookie Information, which had been a highly rated free solution from Van Ons until:
After this plugin has been taken over they turned it into an advertising tool and for some reason just inject a bunch of crap in your WP sites. And if you don’t register to their newsletter, this plugin goes inactive without any notification.
Or Total Disaster:
HTML Code on the front end, missing privacy links, fatal errors etc. A once great plug-in has become a complete disaster. At the same time, there is massive advertising for a subscription. What is the point of all this?
Or:
since then they’ve completely restyled everything with links to there own website and even worse they’ve now disabled the plugin on all my sites until I sign up to their newsletter!
Hostage-taking doesn’t seem within the bounds of WordPress plugin directory standards. I’m surprised Cookie Information | Free GDPR Consent Solution is still listed. The solution for existing Cookie Information users is to download an old version of the plugin from Advanced View and change the version number to 100 and to prevent the plugin from updating. Here’s the direct link to v1.5.9 from before the plugin changed hands. This is not a great solution as GDPR is a moving target.
Really Simple Plugins’s Complianz – GDPR/CCPA Cookie Consent
777/810 five-star reviews, 300000+ users
Complianz is $165/year for 5 websites. The free version is too limited to bother with.
Ironically Complianz also forces you to use their servers for your GDPR policy, generating less privacy, not more. What’s also very annoying about Complianz is that even after buying the plugin, you are hostage:
The premium license insures 1 year priority support by e-mail and 1 year of premium updates. After this period your subscription will renew automatically. You will be warned sufficiently beforehand. If you decide not to renew the license, the plugin will still work, but any premium features will not be supported and new updates are not available.
Renewal policy should be to withhold updates, not remove functionality. WordPress.org can’t do anything about this violation of GPL etiquette and plugin guidelines as the bait and switch happens here after you buy the pro plugin. Don’t do it.
WebToffee’s CookieYes | GDPR Cookie Consent & Compliance Notice:
1802/1928 five-star reviews, 1+ million users
I had given this plugin a four star review six years ago.
When I went to look at the commercial version four months ago some of the answers put me off. Let’s start with the price of $199/5 sites, every year. Not inexpensive at all.
What is theoretically better about CookieYes is that unlike Complianz, CookieYes should continue to work properly after support and updates run out:
The plugin license comes as a 12-months subscription. The license is valid for one year and will renew after that automatically unless canceled. You can use the plugin for lifetime, but support and updates of the plugins will be available as long as the license is active.
Alas CookieYes is is doing part of the work on a remote server for no other reason other than to force users to renew:
The cookie scanning feature of the plugin, however, will only work with an active valid license.
CookieScanning identifies the cookies your site is using, semi-automatically. This feature is effectively at the core of the plugin so effectively CookieYes breaks if you don’t renew. It is possible to use CookieYes without CookieScanning so this is a better situation than Complianz. Unfortunately the developer Richard Ashby is excessively miserly with licensing. There’s no staging site option, which at $40/site per year even on a developer license is gold-bricking:
Since the license is valid per site, you can only activate it on one site at a time. During testing, you may activate in the staging site and once you decide to go live, you can deactivate from staging and activate in the live site.
This carries on to subdomains or multisite:
Yes, they are compatible. However, you will need a license for every site. E.g., if you have subsites as www.domainname/site1, www.domainname/site2, and www.domainname/site3, you will have to activate the license on every subsite (site1, site2, site3). Our system recognizes the name of the URL www.domainname/site1 is different from www.domainname/site2 which means you will need to buy a license for every subsite in order to activate them on all sites.
I can see some limits to subsites and subdomains but these are pretty publisher unfriendly rules.
CookieYes? CookieNo!
Conclusion
None of these cookie plugins are light and flexible or particularly affordable. What would make me happy:
- completely freestanding: I don’t want to depend on a remote server at all.
- no subscription requirement: if I pay once, I expect the plugin to work as well as its last version forever. It’s not that I expect forever updates for free. Just don’t cripple the plugin.
- renewals enjoy a reasonable discount: I’m an existing customer, I’ve paid the price of entry. For the ongoing support and updates (support is much less expensive in the second year and afterwards). There’s nothing more hypocritical and depressing than watching these formerly open-source developers create subscription crippleware.
- lightweight: cookie compliance is a nuisance for both publishers and website visitors. The way cookie compliance has been finagled by large companies makes it next to useless for actually preserving privacy. The best thing a plugin developer can do is make cookie compliance as imperceptible as possible in both load times and performance.
I understand that big companies like awful, ultra-heavy cookie compliance software which makes it so painful to opt-out of cookies. One of the large service providers includes a very calculated two-minute saving process – when I run across their software on a publisher’s site, I either go directly to a no javascript version or just close the page if I don’t absolutely need the content behind the “cookie wall”.
I’m not the only one who thinks this way:
Cookie Consent is a negative barrier to a good user experience. They’re intrusive and ugly. Cluttering screens. They also slow down your website.
There’s a lot of room in the GDPR space for an independent developer who creates a lightweight and easy to configure privacy plugin which is standalone with reasonable pricing. We aren’t likely to try to tackle it ourselves for two reasons. One – we have our hands full with FV Player, BusinessPress and FV Markdown (a new Markdown plugin which is completely transparent in use with WordPress shortcodes). Two – I don’t like GDPR technology enough to want to spend weeks of my life on it every year.
But I’ve rarely seen a richer lode just waiting to be taken over by an independent.
Alec Kinnear
Alec has been helping businesses succeed online since 2000. Alec is an SEM expert with a background in advertising, as a former Head of Television for Grey Moscow and Senior Television Producer for Bates, Saatchi and Saatchi Russia.
Enjoyed this write up. And sadly even two years later it seems there aren’t many independent options.
Have you found any alternatives in the interim? I tried Pressidium Cookie Consent which ticks a lot of boxes, but seems very resource intensive.
Hi Antony,
Moov GDPR Cookie Compliance did not honour the five site license we bought and never provided support when I wrote in. So we created a version which allows us to use the licenses for which we paid. Here it is.
Download and enjoy.
This version records the logs which are required by EU law. The free version should not be allowed in the WordPress plugin repository as the way it works is illegal (does not record consent).