外掛標籤
開發者團隊
原文外掛簡介
Self-hosted website analytics for WordPress. All data is stored in your WordPress database and never sent to third-party services. The tracker is cookieless and loads no external resources, making the plugin GDPR, CCPA, and PECR friendly by default — no consent banner required.
Once activated, the plugin starts collecting anonymous visitor data and displays a full analytics dashboard inside WP Admin.
Features
Real-time visitor counter
Pageviews, unique visitors, bounce rate, and average session duration
Interactive SVG world map with zoom, pan, and country/city drill-down
UTM campaign tracking with automatic URL cleanup
Event tracking — outbound links, file downloads, mailto and tel clicks, 404 pages
Custom events via data attributes or JavaScript API
Smart insights — exit pages, dead pages, user journeys
24-hour peak activity chart
New vs returning visitor breakdown
Device, browser, and operating system detection (server-side)
Weekly or monthly email reports
CSV export on every dashboard tab
Date range selector with custom ranges
Role-based dashboard access control
Configurable data retention (7–365 days)
IP exclusion list and admin traffic filtering
Bot traffic analysis
Privacy by design
No cookies, no localStorage, no sessionStorage
IP addresses are never stored — only an irreversible SHA-256 hash is used internally
Geolocation is resolved locally on your server (optional) — only country and city names are stored
No personal identifiers — no names, emails, or login state tracked
GDPR, CCPA, and PECR friendly by default
Zero external resources
The admin dashboard loads no fonts from third-party CDNs, no remote scripts, and no external stylesheets. Every byte is served from your own server, so the admin’s IP address is never leaked to third parties while viewing analytics.
Compatibility
The tracking script is async, non-blocking, and under 5KB. It works with common caching and optimization plugins by using admin-ajax.php for data collection, which bypasses page caching.
Who is it for?
Site owners who want analytics without a consent banner
GDPR-regulated businesses that need compliant analytics out of the box
Agencies managing multiple WordPress sites
Developers who prefer self-hosted, zero-dependency tooling
Built by ZenMarkup.
External services
This plugin connects to a single third-party service under the conditions described below. The connection can be fully disabled by toggling “Geolocation” off in Analytics → Settings → General. Visitor data is never sent to any third party.
jsDelivr CDN (cdn.jsdelivr.net)
When the geolocation feature is enabled, the plugin downloads a static IP geolocation database file from jsDelivr CDN about once per month. The database is hosted as a public npm package (dbip-city-lite) and contains no user-specific data — it is the same file served to every site that requests it.
What is sent: a standard HTTPS GET request from your server. No visitor data, site identifiers, or telemetry are included.
What is received: a gzipped database file, approximately 19 MB (dbip-city-lite.mmdb.gz).
When: shortly after the geolocation feature is first enabled, then approximately once per month via WP-Cron, and whenever an admin clicks the “Update database now” button on the Settings page.
Where it is stored: wp-content/uploads/zenmarkup-pa/dbip-city-lite.mmdb (after extraction).
Source URL: https://cdn.jsdelivr.net/npm/dbip-city-lite/dbip-city-lite.mmdb.gz
Service provider: jsDelivr — https://www.jsdelivr.com/ — Privacy policy: https://www.jsdelivr.com/terms/privacy-policy
Database provider: DB-IP — https://db-ip.com/ — License: CC-BY 4.0 (https://creativecommons.org/licenses/by/4.0/)
No per-visitor external requests
After the database has been downloaded, ALL geolocation lookups happen locally on your own server using the bundled MaxMind GeoIP2 PHP reader. Visitor IP addresses are NEVER transmitted to any external service.
To stop all external requests entirely, set “Geolocation” to OFF in Analytics → Settings → General. The plugin continues to work without country and city data.
Development
The plugin ships with both minified production bundles and their unminified sources, so every byte of JavaScript and CSS can be reviewed, studied, and modified without any external tooling. No remote repository or compilation step is required to inspect the code.
Shipped sources:
admin/assets/js/src/ — ES module sources that esbuild bundles into admin/assets/js/dashboard.min.js (the single file loaded on the admin dashboard). A source map is also shipped as dashboard.min.js.map.
admin/assets/css/dashboard.css — unminified source for admin/assets/css/dashboard.min.css.
public/tracker.js — unminified source for public/tracker.min.js (the frontend beacon, <5KB).
Rebuilding the minified bundles (optional):
Install Node.js 18 or newer.
From the plugin directory run: npm install
Then run: npm run build
The build script uses esbuild (a pure Node dependency declared in package.json) — no remote downloads at runtime, no other build tooling, no framework.
Third Party Notices
This plugin includes the following third-party assets.
SVG World Map
File: admin/assets/svg/world-map.min.svg
Source: Simplemaps.com (https://simplemaps.com/resources/svg-maps), via sirLisko/world-map-country-shapes on GitHub (https://github.com/sirLisko/world-map-country-shapes)
License: MIT
Copyright: 2015 Pareto Software, LLC DBA Simplemaps.com
MIT License text:
The MIT License (MIT)
Copyright (c) 2015 Pareto Software, LLC DBA Simplemaps.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
DB-IP City Lite
File: downloaded into wp-content/uploads/zenmarkup-pa/dbip-city-lite.mmdb at runtime (not bundled in the plugin .zip)
Source: https://db-ip.com/db/lite.php (distributed via the dbip-city-lite npm package on jsDelivr CDN)
License: Creative Commons Attribution 4.0 International (CC-BY 4.0) — https://creativecommons.org/licenses/by/4.0/
Attribution: IP Geolocation by DB-IP — https://db-ip.com
GeoIP2 PHP API
Files: includes/vendor-scoped/GeoIp2/
Source: https://github.com/maxmind/GeoIP2-php
License: Apache License 2.0 — https://www.apache.org/licenses/LICENSE-2.0
Copyright: 2013-2024 MaxMind, Inc.
Bundled with a prefixed namespace (ZMPA\Vendor\GeoIp2) so it cannot collide with other plugins shipping the same library.
MaxMind DB Reader
Files: includes/vendor-scoped/MaxMind/
Source: https://github.com/maxmind/MaxMind-DB-Reader-php
License: Apache License 2.0 — https://www.apache.org/licenses/LICENSE-2.0
Copyright: 2014-2024 MaxMind, Inc.
Bundled with a prefixed namespace (ZMPA\Vendor\MaxMind) so it cannot collide with other plugins shipping the same library.
