WordPress.org
Get WordPress
WordPress.org

Plugin Directory

No Cookie Analytics – By Arfa

No Cookie Analytics – By Arfa

By arfarehman
Download

Description

No Cookie Analytics – By Arfa tracks visits server-side without setting cookies in visitors’
browsers. Data stays in your WordPress database with an admin dashboard, reports, and optional
CSV export.

Privacy

This plugin stores analytics records in your WordPress database (wp_ncaba_hits), including:

  • Page URL/path
  • Referrer host
  • Browser/OS/device type
  • Anonymized IP hash
  • Session key
  • Country code
  • Timestamp

No raw IP address is stored in the plugin database.

Country detection behavior:

  1. Uses server-provided geolocation headers when available (for example Cloudflare or GeoIP
    headers).
  2. Optional external IP geolocation lookup can be enabled by admin consent in plugin settings.

When external geolocation is enabled, visitor IP is sent to:

  • Service: ipapi.co
  • Purpose: country lookup only

Site owners must disclose this in their privacy policy before enabling external lookup.

External services

This plugin can optionally use the third-party service ipapi.co for country lookup. The lookup
is disabled by default and only runs after a site administrator explicitly enables the
“Allow External Geo Lookup” option in plugin settings.

  • Service: ipapi.co (https://ipapi.co/)
  • What is sent: the visitor’s IP address (only when the option is enabled and no server-provided
    geo headers are available).
  • When: at most once per visitor IP per day; the resolved country code is then cached locally.
  • Why: to determine the visitor’s country code for the analytics dashboard.
  • Terms of Service: https://ipapi.co/terms/
  • Privacy Policy: https://ipapi.co/privacy/

If the option is left disabled, the plugin never contacts ipapi.co.

Features

  • Server-side tracking
  • GDPR-aware design (configure to your legal requirements)
  • No frontend cookies
  • Admin dashboard and home screen widget
  • Pages, Referrers, and Users reports
  • CSV export and settings import/export
  • Local bundled frontend assets (no CDN required)

Installation

  1. Upload the no-cookie-analytics-by-arfa folder to /wp-content/plugins/ (or install through the
    WordPress plugin installer).
  2. Activate the plugin through the Plugins screen.
  3. Open the Analytics menu in the admin area.

FAQ

Does this plugin set cookies?

No. Tracking is performed on the server when pages are requested.

Where is data stored?

In a custom table in your WordPress database (wp_ncaba_hits by default).

Reviews

There are no reviews for this plugin.

Contributors & Developers

“No Cookie Analytics – By Arfa” is open source software. The following people have contributed to this plugin.

Contributors

Translate “No Cookie Analytics – By Arfa” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.7

  • Removed UTF-8 byte order marks (BOM) from PHP sources so activation no longer sends accidental
    output to the browser.
  • Uninstall: reliable table drop, clear all related and legacy cron hooks, and remove cached
    geo lookup transients.
  • Deactivation: clear legacy cleanup cron hook names in addition to the canonical event.

1.0.6

  • Renamed plugin to “No Cookie Analytics – By Arfa”; text domain and translation template are
    no-cookie-analytics-by-arfa (Domain Path: /languages).
  • Main bootstrap file is no-cookie-analytics-by-arfa.php; directory slug no-cookie-analytics-by-arfa.
  • PHP class and constant prefix NCABA_* (e.g. NCABA_VERSION, NCABA_Activator); runtime
    identifiers use lowercase ncaba_* / ncaba- (database table {prefix}ncaba_hits, options,
    hooks, AJAX, and asset handles). Legacy cfaba_*, cfba_*, and mistaken NCABA_* option keys
    or table names migrate automatically on upgrade.
  • Plugin URI points to a reliable HTTPS profile page; localized admin strings and dashboard JS
    escaping improvements.
  • Bumped tested-up-to header for current WordPress.

1.0.5

  • Previous branding and slug iteration; see older releases for detail.

1.0.4

  • Raised minimum WordPress version to 6.2 for safe %i identifier placeholders in
    $wpdb->prepare().
  • Hardened admin and cron SQL (prepared statements, esc_like() for LIKE patterns).
  • Replaced parse_url() with wp_parse_url(); removed redundant fclose() on export stream.
  • Settings import notices use per-user transients; validated upload temp files with
    is_uploaded_file().
  • Added readme short description; direct-access guard on settings view template.

1.0.3

  • Bundled Chart.js and Poppins assets locally (removed CDN dependency).
  • Added explicit admin consent toggle for external geolocation lookup.
  • Updated privacy disclosure and reviewer-oriented readme details.

1.0.2

  • Improved admin UI and tooltip behavior.

1.0.1

  • Added richer visitor identity and dashboard/report improvements.

1.0.0

  • Initial release.

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum