Termly Acquires GDPR/CCPA Cookie Consent Banner, Turns Free Plugin Into a Commercial SaaS Product

Company A sells its plugin. Company B picks it up and moves forward with an overhauled version that looks and feels much different than the original. Users are outraged by the changes. It seems to be a repeating theme in 2021, almost as a rule rather than an exception.

Last month, Termly announced its acquisition of the GDPR/CCPA Cookie Consent Banner plugin. The plugin was a simple tool for adding and styling a consent banner for the front end. It is now a SaaS (Software as a Service) product that requires a Termly account to operate.

According to the team’s blog post, such changes were necessary. “Termly’s products, including the cookie consent management platform, are designed to cover the EU GDPR, the ePrivacy Directive, UK GDPR, and the CCPA. These laws require more than just a cookie consent banner to be compliant. Termly can help you build a privacy policy, create a Data Subject Access Request form, and comply with other privacy law requirements.”

In the past couple of weeks, users have taken to the WordPress.org review system, handing out 21 of the plugin’s 29 total one-star ratings. The project has over 200,000 users, so more should be expected if the general consensus is that this was a poor move by the company.

One of the complaints from users is the commercialization of the plugin. In the past, it was completely free to use. While there is still a free tier, users are limited to a mere 100 monthly unique visitors on a single domain. After hitting that limit, the banner will stop collecting consent records. The next level up costs $15 per month if paid annually.

Free and pro plans shown in the Termly pricing options for the Cookie Consent plugin.
New pricing options for the Termly service.

As Pattaya Web Services pointed out via Twitter, “GDPR/CCPA Cookie Consent Banner for #Wordpress has been purchased by #Termly and will now cost most website owners $180 per year.”

Termly must get a return on its investment. The company has developers to pay, and they have families to feed. But, I suspect the average user will not warm up to the so-limiting-that-it-is-free-in-name-only introduction level. Having to pay for features that have been free for years will not sit well with many.

Of course, there is always the option of using the old version, but Termly has no plans of maintaining it or ensuring that it meets compliance. The only alternative for small site owners who cannot afford to pay is to opt for another solution.

“I guess GDPR Cookie Consent banner, now operated by @Termly_io didn’t learn anything from [the] fiasco with WP User Avatar plugin reported by @wptavern earlier this year,” wrote user Gennady Kurushin on Twitter.

I believe they did. There are differences, and Termly’s handling of this showed a willingness to be transparent.

And, I cannot stress this enough: the new plugin is not an entirely different one unrelated to its core purpose. It was overhauled and turned into a SaaS product. At the end of the day, it is still a cookie consent management plugin — just different and costs a lot more for most users.

Unlike Dark Mode and ProfilePress, Termly did not make the changes in the dead of night. At least the company was upfront about everything. The team included an announcement in a point release two weeks before sending out the overhauled version. It disabled automatic updates so that users would not accidentally upgrade without being aware of what was coming. It even published a public blog post detailing what was happening.

Admin notice from the GDPR Cookie Consent Plugin before upgrading to 3.0.
Prior notice of upcoming changes in 3.0 and disabled auto-updates.

If anything, Termly took just about all the necessary steps it could have taken to prepare its user base. If a “right” way existed for a complete and utter makeover of a plugin, the company did as much.

That level of honesty is a bit more than we have seen in the past. The changes may still leave a bitter taste in the mouths of many users, but Termly should at least get a few points for making them in the light of day.

The result may be the same: fundamental changes in how the plugin operates, but users had a chance to ditch it or continue using the old version before anything went into effect. For some users, it may not be much, but that’s worth something.

I won’t be breaking out my pitchfork today, but I do not use the plugin. As more and more users upgrade to 3.0+ and realize they are essentially on the line for $180 per year, the reviews could get ugly.


14 responses to “Termly Acquires GDPR/CCPA Cookie Consent Banner, Turns Free Plugin Into a Commercial SaaS Product”

  1. Seeing what is happening in the repo lately, I think that taking over plugins/themes should not be allowed. Period. If anyone wants to fork a plugin or a theme from the repo, go ahead, but please don’t hijack accounts to take advantage of their existing userbase. Just open a new one.

  2. I think the underlying problem here is that the WordPress.org plugin repository has always made it easy to publish plugins but much hard to monetize them. That has distorted the economics of developing and maintaining plugins such that users have an expectation — nay, dare I say an entitlement — regarding the ability to use plugins for free ad-infinitum where “free” is not a viable business model for the developer of the plugin.

    Had Matt been willing to embrace a model where plugins on WordPress.org could monetize is some form this would not be the problem it is today.

    Think of these plugins as 1990’s era web startups all looking for eyeballs. Many of those startups learned that just eyeballs didn’t pay the bills, and most of them went under. Same is going on here, the difference is that many plugins just get abandoned.

    People can complain all they want — and they will — but those complaints ignore the real-world economics at play.

    So what is one to to do? 🤷‍♂️

    • Agreed. there are quite a few comments about “how dare the developers sell their plugin”, “make Matt stop takeovers” which as a plugin developer I don’t understand at all. Work should be rewarded and nice reviews and a “I owe you man” don’t pay the bills.

      IMO it will diminish the plugin directory. This leaves us with a plethora of different plugin websites, some sold directly from the developer, some via marketplaces but with no central place like we have eg with Apple Apps. Selling via an individual website means considerable cost in marketing. If there was a low cost central WP plugin marketplace, it would open up the possibility of selling plugins at a lower subscription price, possibley also tiers, making it profitable for the developer and good value for the website owner.

      • I would NEVER support adding ads on the plugins. I am sorry. But no. There is enough abuse of my admin dashboard with “rate my plugin” “subscribe to my newsletter” and so forth.

        I think the model of paying for support instead of the plugin itself is better than plugin authors abusing my admin dashboard with the pro version of the plugin or their other plugins. I don’t even want to see the 40% sale you are holding in your site for the pro version of the plugin.

        • I would NEVER support adding ads on the plugins. I am sorry. But no.

          Hi Miroslav,

          To be fair to Edith Allison, I don’t think anything they wrote mentioned adding ads on the plugins.

          Having a plugin marketplace is orthogonal to ads, albeit one often sadly begets the other. But even then, ads wouldn’t need to appear in inappropriate places.

          There is enough abuse of my admin dashboard with “rate my plugin” “subscribe to my newsletter” and so forth.

          I could be wrong, but I do not think you would get any argument from anyone who wanting to run a legitimate business where they strive to meet the needs of their customers and/or users. I certainly would not want that.

          But having a marketplace where both free and paid options are in-fact options mean that more people could participate in providing well-supported plugins vs. much of the abandonware that the current plugin repository houses.

          I think the model of paying for support instead of the plugin itself is better…

          Forcing all plugin developers to use only one (1) monetization model means you end up with only plugins that are developed by companies that are good at executing that model, but not plugins that leverage different core competencies.

          Some people are good at writing software and support their software on a one-on-one basis, but not good at recruiting, hiring and managing a staff of enough people to support a support business.

          Also, one of the goals of a developer IMO is to write such great plugins that support needs are minimized. But if they way they make money is through support then they are going to look for insidious ways to make you need support. And IMO that’s a really bad incentive to promote.

          Forcing only paid support as a model is basically like a planned economy rather than a free market, where a free market is much better a producing innovation than a planned economy and I’d rather have the innovation (but let’s not stretch this analogy too far lest we start debating things unrelated to WordPress.)

          …is better than plugin authors abusing my admin dashboard with the pro version of the plugin or their other plugins.

          That turns out to be a false binary. There is no reason authors of plugin are destined to abuse your admin dashboard if a marketplace existed. Again I think most (all?) of us agree that such abuse is a bad thing.

          Instead, if there were accepted ways in which plugin authors were allowed to promote their plugins in a marketplace there would be far fewer plugin authors who would feel the need to resort to bugging you constantly in your admin dashboard. And especially if WordPress.org cracked down on the practice.

          Take a look at Apple’s iPhone/iPad and the AppStore. When I go to the AppStore I see lots of ads. But when I use my iPhone or iPad I do not see any ads. And that is how it really should be in WordPress. But in WordPress there is no store to run the ads so authors end up putting ads where they should not be.

          I think you would ironically be happier if there were an official WordPress PluginStore because then you’d only need to see ads when you visited their store.


          • Correct, I wasn’t talking about ads but about selling a plugin as exit strategy or offering it on a paid subscription plan for ongoing revenue. Ads are a symptom of what’s wrong, not a solution.

  3. With plugins having very similar names it’s worth pointing out that “Cookie Notice & Compliance for GDPR / CCPA” by Hu-manity.co is a different (and free) plugin to the one which is subject of this article.

  4. Several former plugin authors leave WordPress, due to various reasons.

    If plugin repository does allow these kind of takeovers and authors can make a quick buck in the process, why not, understandable.

    This won’t be the last such disruption in plugins land, and probably some themes will follow this route in near future.

  5. One of the bigger issues here is that this isn’t a plugin that provides site functionality or utility, it’s a legal protection for individuals and mom-and-pops who are rightfully mad that they woke up one morning and were shaken down: a “free” option that doesn’t really add value isn’t an option.

    Perhaps a larger learning is that monetizing a previously free plugin that users deem crucial (right or wrong) for EU consent isn’t a good acquisition unless the math really works out.

    Developers deserve to feed their families. And at the same time, no one forced Termly to a) buy this plugin or b) agree to terms of the acquisition or a product roadmap that required them to make major updates to this plugin.

    If your “free” option doesn’t really provide any real solution, it looks like a shakedown. If the average small business website gets ~500 visitors per month, it might be better to use that as the “premium” threshold.

  6. We appreciate all the insights, feedback, and comments from the WordPress community. Termly acquired the GDPR/CCPA Cookie Consent Banner plugin for WordPress with the intent to update, improve, and expand the functionality of the plugin to fulfill its intended purpose: to ensure users of the plugin comply with General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) requirements.

    Our goal was to make the transition to compliance a seamless one, but we did receive feedback from some frustrated customers, specifically in regard to the 100 visitor limit. As of August 10, 2021, we have updated the plugin to address this issue by increasing our free account limit to 10,000 monthly visitors.

    Additionally, our team is dedicating more support to WordPress forums and continuing to look for ways to provide a better product. You can read the full press release here:



Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.