Google Analytics and WordPress: correct setup in 2026

Google Analytics is the most widely used web analytics tool in the world. Over 28 million websites use it, with a large majority being WordPress sites. Yet a poorly configured installation can not only skew your data but also expose your site to GDPR compliance and security risks.

This article guides you step by step to correctly install and configure Google Analytics 4 (GA4) on your WordPress site in 2026, while respecting privacy and performance requirements.

1. Google Analytics 4: What's Changed

Google Analytics 4 (GA4) replaced Universal Analytics (UA) on July 1, 2023. In 2026, GA4 is the only version available — Universal Analytics no longer collects data.

Key Differences Between UA and GA4

• Data model: GA4 uses an event-based model (instead of sessions/pageviews)
• Cross-platform tracking: GA4 tracks users across web and mobile apps
• Artificial intelligence: GA4 includes predictions and automated insights
• Data retention: 2 or 14 months (configurable)
• Privacy protection: IP anonymization by default, built-in consent mode

Moving to GA4 is not optional — it's necessary to continue measuring your WordPress site's audience.

2. Installation Methods: gtag.js vs GTM

There are two main methods for installing Google Analytics on WordPress:

Method 1: gtag.js (Google Tag)

Code to place in the header of every page:

<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'G-XXXXXXXXXX');
</script>

Advantages:

• Simple and fast installation
• No additional tools required
• Ideal for individual sites

Disadvantages:

• Difficult to manage if using other tracking tools
• No granular tag control
• Source code modification needed for each change

Method 2: Google Tag Manager (GTM)

GTM is a centralized tag manager that lets you deploy Google Analytics and other tracking tools without modifying source code.

Advantages:

• Centralized management of all tags (GA, Facebook, Hotjar, etc.)
• User interface to add/modify tags
• Versioning and gradual deployment
• Built-in native consent mode
• Easier GDPR compliance

Disadvantages:

• Initial learning curve
• Additional third-party tag to load
• Potential conflicts with other plugins

Which Method to Choose?

Recommendation: for a professional WordPress site, Google Tag Manager is the recommended method in 2026. It offers more flexibility and facilitates GDPR compliance.

3. Step-by-Step Installation

Create a Google Analytics Account

1. Go to analytics.google.com
2. Sign in with your Google account
3. Click "Admin" (gear icon in bottom left)
4. Click "+ Create Account"
5. Name your account (company or site name)
6. Create a GA4 property
7. Configure property settings (timezone, currency)

Create a Web Data Stream

1. In your GA4 property, go to "Data Streams"
2. Click "Add stream" → "Web"
3. Enter your WordPress site URL
4. Enable "Enhanced Measurement" (recommended)
5. Click "Create stream"
6. Note your Measurement ID (format G-XXXXXXXXXX)

Installation on WordPress

gtag.js Method

1. Install the Insert Headers and Footers or WPCode plugin
2. In the plugin settings, paste the gtag.js code in the "Header" section
3. Save
4. Activate the plugin on all pages

GTM Method

1. Create an account at tagmanager.google.com
2. Create a container for your website
3. Install the GTM4WP or WordPress Google Tag Manager plugin
4. Configure the plugin with your GTM container ID (GTM-XXXXXXX)
5. In GTM, create a "Google Analytics: GA4 Configuration" tag
6. Set the "All Pages" trigger
7. Test and publish your container

4. Consent Mode and Privacy Compliance

Google's Consent Mode is essential for GDPR compliance. It allows Google Analytics to work even without consent, while respecting the user's choices.

How Consent Mode Works

With Consent Mode, Google Analytics adapts to user consent:

• Consent granted: GA4 collects complete data (pageviews, events, conversions)
• Consent denied: GA4 collects only anonymized data (no cookies, no identification)

Consent Mode code:

<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}

  // Set default consent
  gtag('consent', 'default', {
    'analytics_storage': 'denied',
    'ad_storage': 'denied',
    'wait_for_update': 500
  });

  // Update consent when user accepts
  gtag('consent', 'update', {
    'analytics_storage': 'granted',
    'ad_storage': 'granted'
  });
</script>

Configuration with GTM

1. In GTM, go to "Variables" → "Consent Configuration"
2. Add consent variables:
3. analytics_storage: denied by default
4. ad_storage: denied by default
5. Create a consent trigger to update when user accepts
6. Associate this trigger with your GA4 tags

GDPR Best Practices

• IP anonymization: enabled by default in GA4 (no action required)
• Data retention: configure to maximum 14 months (or 2 months for more privacy)
• Disable sharing: disable data sharing with Google
• Data deletion: implement a mechanism for deletion on request

Consent mode is a GDPR requirement for any site using Google Analytics. If you haven't configured consent mode yet, WpDefender can help you achieve compliance.

5. Advanced GA4 Configuration

Beyond basic installation, certain advanced configurations improve data quality and compliance.

Goals and Conversions

• Contacts: create a custom event for form submissions
• Purchases: configure e-commerce tracking (if using WooCommerce)
• Signups: track newsletter subscriptions
• Downloads: track file downloads

Custom Events

To track specific actions, create custom events:

// Example: tracking a button click
<script>
document.querySelector('#contact-button').addEventListener('click', function() {
  gtag('event', 'contact_button_click', {
    'event_category': 'engagement',
    'event_label': 'homepage'
  });
});
</script>

Explorations and Custom Reports

• User journey analysis: identify drop-off points
• Cohort analysis: compare behavior of user groups
• Conversion report: track the conversion funnel
• Predictive analysis: use GA4 predictions (purchase probability, churn)

6. Verifying the Installation

After installation, verify that Google Analytics is correctly collecting data:

Real-Time Verification

1. Open your WordPress site in a browser
2. In GA4, go to "Realtime" in the left menu
3. Verify that activity appears (at least 1 user currently)
4. Navigate to multiple pages and verify that pages are being recorded

Verification with Google Tag Assistant

1. Install the Tag Assistant extension for Chrome
2. Visit your WordPress site
3. Verify that the GA4 tag is detected and configured correctly
4. Check the events being sent

Verification with GTM (if used)

1. In GTM, go to "Preview"
2. Enter your site URL
3. Verify that the GA4 tag fires on all pages
4. Inspect variables and triggers

Verification Tools

• GA4 DebugView: in debug mode, visualize each event in real time
• Google Analytics Debugger: Chrome extension to enable debug mode
• Redirect Path: check redirects that might prevent tracking

7. Common Mistakes to Avoid

Here are the most frequent mistakes when installing Google Analytics on WordPress:

Technical Errors

• Code misplaced: the code must be in the header (<head>), not the footer
• Wrong ID: verify that your Measurement ID (G-XXXXXXXXXX) is correct
• Double counting: don't install GA via both gtag.js AND GTM
• Blocked by plugin: some security plugins block third-party scripts
• Caching: browser cache can mask errors — test in incognito mode

Configuration Errors

• No consent mode: consent mode is mandatory in 2026 for GDPR
• No IP anonymization: enabled by default in GA4, but verify
• Double filtering: don't filter data both in GA4 and in a plugin
• Test data: exclude your own traffic from reports (filter by IP or opt-out)

Tracking Errors

• Missing events: configure essential conversion events
• Retention settings: configure data retention (2 or 14 months)
• No filters: use filters to exclude bots and internal traffic
• Enhanced Measurement disabled: enable for automatic click and scroll tracking

8. Alternatives to Google Analytics

For sites concerned with privacy or data sovereignty, there are alternatives to Google Analytics:

Matomo

• Open source — hosted on your own servers
• No data transfer to Google
• GDPR compliant by design
• Official WordPress plugin available

Plausible Analytics

• Lightweight — script under 1 KB
• Cookie-free — privacy-respecting by default
• GDPR compliant — no consent required
• WordPress plugin available

Fathom Analytics

• Simple — clean and intuitive dashboard
• Privacy-respecting
• GDPR compliant
• Lightweight and fast script

When to Choose an Alternative?

• Your audience is primarily European (data sovereignty)
• You want to avoid the complexity of consent mode
• You're looking for a simple and lightweight tool
• Your site doesn't need GA4's advanced features

The choice between Google Analytics and an alternative depends on your specific needs. WpDefender can advise you on the best solution for your site and compliance requirements.

Installation Checklist

Conclusion

A correct installation of Google Analytics 4 on WordPress is essential for measuring your site's effectiveness while respecting visitor privacy. In 2026, consent mode and GDPR compliance are no longer optional.

Take the time to properly configure GA4, or get professional help to avoid common mistakes.

Need help installing Google Analytics on your WordPress site? Contact WpDefender — we configure GA4 with consent mode, conversions, and GDPR compliance. Guaranteed 30-minute response, 7 days a week.

Related Articles

• WordPress Security Checklist: 25 Points to Check
• WordPress and GDPR: Legal Obligations
• Preparing Your WordPress Site Before Black Friday