Hooks & Filters
Complete reference for DPOKit's WordPress action and filter hook system. Use these hooks to extend the plugin from your own plugin or theme without modifying core files.
Hooks & Filters
Version: 1.9.0
DPOKit exposes an extensive action and filter hook system so third-party plugin authors can register data sources, gate scripts behind consent, and extend the vendor library — all without modifying core plugin files.
Quick Start: Registering Extensions
The recommended way to register DSAR data sources, consent-gated scripts, and custom vendors is through the dpo_kit_register_extensions action:
add_action( 'dpo_kit_register_extensions', function() {
// Register a DSAR data source
DPO_Kit_Hooks::register_dsar_source( array(
'id' => 'my-crm',
'label' => 'CRM Records',
'collect_callback' => 'my_crm_collect_data', // fn( string $email, int $case_id ): array
'delete_callback' => 'my_crm_delete_data', // fn( string $email, int $case_id ): bool
) );
// Register a consent-gated script
DPO_Kit_Hooks::register_consent_script( array(
'handle' => 'my-tracker',
'label' => 'My Analytics Tracker',
'category' => 'analytics',
'src' => 'https://cdn.example.com/tracker.js',
) );
// Register a custom vendor
DPO_Kit_Hooks::register_vendor( array(
'name' => 'My Analytics',
'slug' => 'my-analytics',
'purpose' => 'Website analytics and performance measurement',
'data_categories' => array( 'IP address', 'Page views', 'Browser info' ),
'default_retention' => '26 months',
'detection_patterns' => array( 'cdn.myanalytics.com', 'tracker.js' ),
) );
} );Actions
dpo_kit_register_extensions
Fired on init (priority 20). Use this action to register DSAR sources, consent scripts, and vendors using the DPO_Kit_Hooks PHP API.
Parameters: none
Example:
add_action( 'dpo_kit_register_extensions', function() {
DPO_Kit_Hooks::register_dsar_source( array(
'id' => 'my-plugin',
'label' => 'My Plugin Data',
'collect_callback' => 'my_plugin_collect_dsar_data',
'delete_callback' => 'my_plugin_delete_dsar_data',
) );
} );dpo_kit_scan_complete
Fired when a site scan completes, either from the admin UI, REST API, or WP-CLI.
Parameters:
int $scan_id— The ID of the completed scan record.int $items_found— Total number of third-party resources detected.
Example:
add_action( 'dpo_kit_scan_complete', function( $scan_id, $items_found ) {
// Notify a Slack channel
wp_remote_post( SLACK_WEBHOOK_URL, array(
'body' => wp_json_encode( array(
'text' => "DPO Kit scan #{$scan_id} completed — {$items_found} items found.",
) ),
) );
}, 10, 2 );dpo_kit_dsar_case_created
Fired immediately after a new DSAR case is created.
Parameters:
int $case_id— The new case ID.array $case_data— The data array used to create the case (request_type, email, etc.).
Example:
add_action( 'dpo_kit_dsar_case_created', function( $case_id, $case_data ) {
// Notify your DPO
wp_mail(
'dpo@example.com',
'New DSAR received',
"A {$case_data['request_type']} request has been received from {$case_data['email']}."
);
}, 10, 2 );dpo_kit_dsar_status_changed
Fired when a DSAR case status changes.
Parameters:
int $case_id— The DSAR case ID.string $old_status— Previous status (received,verified,in_progress,completed,rejected).string $new_status— New status.
Example:
add_action( 'dpo_kit_dsar_status_changed', function( $case_id, $old_status, $new_status ) {
if ( 'completed' === $new_status ) {
// Update your CRM
my_crm_mark_dsar_complete( $case_id );
}
}, 10, 3 );dpo_kit_retention_policy_enforced
Fired after each retention policy is enforced (both dry-run and live runs).
Parameters:
object $policy— The policy database row.int $records_affected— Number of records affected.bool $dry_run— Whether this was a dry run (no data modified).
Example:
add_action( 'dpo_kit_retention_policy_enforced', function( $policy, $count, $dry_run ) {
if ( ! $dry_run && $count > 0 ) {
error_log( "Policy {$policy->name}: {$count} records processed." );
}
}, 10, 3 );dpo_kit_consent_recorded
Fired after a consent decision is recorded.
Parameters:
int $record_id— The new consent record ID.array $consent_data— The consent data array (visitor_id, categories_accepted, etc.).
Example:
add_action( 'dpo_kit_consent_recorded', function( $record_id, $data ) {
// Push consent signal to your analytics platform
my_analytics_set_consent( $data['visitor_id'], $data['categories_accepted'] );
}, 10, 2 );Filters
dpo_kit_dsar_collect_sources
Filter the array of data collection results during a DSAR collection run. Use this to add data from sources not natively supported by DPOKit.
Parameters:
array $results— Array of existing result arrays.int $case_id— DSAR case ID.string $email— Requestor email address.
Each result array must contain:
source(string) — Machine-readable source identifier.source_label(string) — Human-readable label.record_count(int) — Number of records found.data(array) — The actual data collected.
Example:
add_filter( 'dpo_kit_dsar_collect_sources', function( $results, $case_id, $email ) {
global $wpdb;
$records = $wpdb->get_results( $wpdb->prepare(
"SELECT * FROM {$wpdb->prefix}my_plugin_data WHERE user_email = %s",
$email
) );
if ( $records ) {
$results[] = array(
'source' => 'my-plugin',
'source_label' => 'My Plugin Records',
'record_count' => count( $records ),
'data' => $records,
);
}
return $results;
}, 10, 3 );dpo_kit_dsar_delete_sources
Filter the deletion results during a DSAR deletion execution. Perform deletion of data from custom sources and return confirmation.
Parameters:
array $results— Existing deletion result arrays.int $case_id— DSAR case ID.string $email— Requestor email address.
Example:
add_filter( 'dpo_kit_dsar_delete_sources', function( $results, $case_id, $email ) {
global $wpdb;
$deleted = $wpdb->delete(
$wpdb->prefix . 'my_plugin_data',
array( 'user_email' => $email ),
array( '%s' )
);
$results[] = array(
'source' => 'my-plugin',
'deleted' => (bool) $deleted,
'count' => $deleted ?: 0,
);
return $results;
}, 10, 3 );dpo_kit_runtime_scripts
Filter the list of consent-gated scripts at runtime. Useful for registering scripts programmatically without the admin UI.
Parameters:
array $scripts— Existing runtime script arrays.
Each script array must contain:
handle(string) — Unique script handle.label(string) — Human-readable label shown to visitors.category(string) —functional,analytics,marketing, orpersonalisation.script_url(string) — Script URL (optional if using inline).inline_script(string) — Inline script content (optional).
Example:
add_filter( 'dpo_kit_runtime_scripts', function( $scripts ) {
$scripts[] = array(
'handle' => 'my-chat-widget',
'label' => 'Live Chat Widget',
'category' => 'functional',
'script_url' => 'https://chat.example.com/widget.js',
);
return $scripts;
} );dpo_kit_vendors_list
Filter the complete list of vendors returned by the vendor library. Use this to inject additional vendors without touching the database.
Parameters:
array $vendors— Existing vendor arrays.
Example:
add_filter( 'dpo_kit_vendors_list', function( $vendors ) {
$vendors[] = array(
'name' => 'My Analytics',
'slug' => 'my-analytics',
'purpose' => 'Page view analytics',
);
return $vendors;
} );dpo_kit_consent_categories
Filter the available consent categories displayed in the banner and preference centre.
Parameters:
array $categories— Existing consent category arrays.
Each category must contain:
id(string)label(string)description(string)required(bool)
Example:
add_filter( 'dpo_kit_consent_categories', function( $cats ) {
$cats['ai_personalisation'] = array(
'id' => 'ai_personalisation',
'label' => 'AI Personalisation',
'description' => 'Uses AI to personalise your experience.',
'required' => false,
);
return $cats;
} );dpo_kit_scan_urls
Filter the list of URLs included in the next site scan. Add custom URLs or remove pages from scanning.
Parameters:
array $urls— Existing list of URLs to scan.
Example:
add_filter( 'dpo_kit_scan_urls', function( $urls ) {
// Add a custom app page not discoverable via sitemap.
$urls[] = home_url( '/app/dashboard/' );
// Remove the checkout page (often triggers false positives).
$urls = array_filter( $urls, fn( $u ) => strpos( $u, '/checkout/' ) === false );
return $urls;
} );dpo_kit_report_types
Filter the available report types. Add custom report types.
Parameters:
array $types— Existing report type arrays.
Example:
add_filter( 'dpo_kit_report_types', function( $types ) {
$types['custom_summary'] = array(
'label' => 'Custom Compliance Summary',
'description' => 'A custom report for our internal audit team.',
'format' => 'csv',
'mime' => 'text/csv',
'has_dates' => true,
'params' => array( 'date_from', 'date_to' ),
);
return $types;
} );dpo_kit_retention_categories
Filter the list of data categories available when creating retention policies. Add custom categories for your plugin's data.
Parameters:
array $categories— Existing category slug => label pairs.
Example:
add_filter( 'dpo_kit_retention_categories', function( $cats ) {
$cats['my_plugin_logs'] = 'My Plugin Activity Logs';
return $cats;
} );dpo_kit_dsar_export_data
Filter the data included in a DSAR export package. Add or modify sections before the export is compiled.
Parameters:
array $export_data— Existing export data sections.int $case_id— DSAR case ID.
Example:
add_filter( 'dpo_kit_dsar_export_data', function( $data, $case_id ) {
$case = DPO_Kit_DSAR::get_case( $case_id );
$email = $case ? $case->email : '';
$data['crm_records'] = array(
'label' => 'CRM Records',
'records' => my_crm_get_contact( $email ),
);
return $data;
}, 10, 2 );dpo_kit_consent_banner_html
Filter the rendered consent banner HTML before it is injected into the page.
Parameters:
string $html— The fully rendered banner HTML.array $settings— Current consent settings.
Example:
add_filter( 'dpo_kit_consent_banner_html', function( $html, $settings ) {
// Append a custom accessibility skip link.
return $html . '<a class="sr-only" href="#main">Skip to content</a>';
}, 10, 2 );DPO_Kit_Hooks API Reference
DPO_Kit_Hooks::register_dsar_source( array $args )
Register a custom DSAR data source.
| Parameter | Type | Required | Description |
|---|---|---|---|
id | string | Yes | Unique machine-readable identifier |
label | string | Yes | Human-readable label |
collect_callback | callable | Yes | fn( string $email, int $case_id ): array |
delete_callback | callable | No | fn( string $email, int $case_id ): bool |
DPO_Kit_Hooks::register_consent_script( array $args )
Register a consent-gated script at runtime.
| Parameter | Type | Required | Description |
|---|---|---|---|
handle | string | Yes | Unique script handle |
label | string | Yes | Human-readable label |
category | string | Yes | functional, analytics, marketing, personalisation |
src | string | No | Script URL |
inline | string | No | Inline script content |
vendor | string | No | Vendor name |
DPO_Kit_Hooks::register_vendor( array $args )
Register a custom vendor at runtime.
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Vendor name |
slug | string | Yes | Unique vendor slug |
description | string | No | Short description |
purpose | string | No | Data processing purpose |
website | string | No | Vendor website URL |
privacy_policy_url | string | No | Privacy policy URL |
data_categories | array | No | Data categories processed |
default_retention | string | No | Default retention period (e.g. "26 months") |
detection_patterns | array | No | URL/domain patterns for auto-detection |