Swirv

Description

Share a link once, then change where it points — without resending anything.

Swirv is a personal link manager for WordPress. Every link lives on your own domain (such as yoursite.com/swirv/download), and its destination is yours to change at any time. Send a link to 200 people today, swap its target tomorrow, and all 200 land in the new place — no third-party shortener, no resending, and never that “sorry, use this link instead” message.

Passes: a private link for every recipient

A Pass is a personalised version of a link — its own unguessable URL and a reference label (a supporter, a customer, a newsletter). Issue everyone their own Pass and they all inherit the parent link’s target. Change the link once and every Pass follows. Emailed a track download to your supporters, then need to make a tweak? Edit the target once, and every one of them now gets the fix.

What you can do

• Redirect links on your own domain, e.g. yoursite.com/swirv/download
• Re-point any link after it has been shared — no dead links, no resending
• Issue personalised Passes under any link, each with its own private URL
• Group links into Campaigns, with optional public campaign pages
• Track clicks with daily analytics charts — privacy-first, no visitor IPs stored
• Generate QR codes for any link or campaign
• Run Health Scans to catch dead, redirecting, or slow target URLs
• Import and export everything as JSON/ZIP for backups and migrations
• Optional prefixless links (yoursite.com/download), with clash-checking against existing pages

A companion plugin, Swirv Pro, adds advanced Pass controls — access limits, expiry, self-destruct — and more, for larger libraries and tighter workflows.

Privacy-first by design

Swirv keeps your link and click data on your own site. It never stores visitor IP addresses — a click records only a 2-letter country code — and Swirv URLs are served noindex, nofollow with a no-referrer policy. Detailed click tracking is optional and can be switched off entirely under Swirv → Settings → Data. Full disclosure of the minimal, opt-in external services Swirv can use is in the External services section below.

External services

Swirv stores a 2-letter ISO country code per click, for visitor-country analytics. It derives that code from Cloudflare’s CF-IPCountry request header when present, or otherwise by looking the visitor’s IP up against a local MaxMind GeoLite2-Country database if one has been installed. The raw IP is read only to derive the country code and is never written to the database in any form, hashed or otherwise. With neither source available, the country code is stored empty.

Requests to your target URLs

Swirv makes server-side HTTP requests to the target URLs you have added, in three situations: (1) when you save a Link, Swirv sends a HEAD request to learn the target’s MIME type, used to drive per-link image-target download behaviour; (2) Health scans send HEAD requests when you run them; (3) when a visitor clicks an image-typed Link that has the force-download behaviour active, Swirv fetches the image body server-side and streams it back to the visitor. In all three cases the destination server receives a request from your WordPress site. The save-time HEAD probe sends a User-Agent of Swirv Target Probe/{version} (+{your_site_url}; content-type sniffer); the Health-scan and inline-download paths use the default WordPress HTTP API User-Agent. No visitor data, click data, or WordPress account information is sent in the body of these requests.

Cloudflare

Swirv reads Cloudflare’s HTTP_CF_IPCOUNTRY request header when your site is fronted by Cloudflare. Swirv does not send any data to Cloudflare; the header is set by Cloudflare’s edge on incoming requests as part of your site’s existing Cloudflare relationship. The only data Swirv extracts is the 2-letter ISO country code, used for visitor-country analytics on this install. If your site is not on Cloudflare, this code path is inert.

Service: Cloudflare (https://www.cloudflare.com)
Terms of service: https://www.cloudflare.com/terms/
Privacy policy: https://www.cloudflare.com/privacypolicy/

MaxMind GeoLite2

Swirv can connect to MaxMind, Inc. to download the GeoLite2-Country database, used to map visitor IP addresses to a 2-letter country code for analytics. The database is stored locally on your server under wp-content/uploads/swirv/geoip/ and every country lookup happens on your server against that local copy; Swirv never sends visitor IP addresses to MaxMind.

Swirv contacts MaxMind only after a site administrator has added their own MaxMind licence key under Swirv → Settings → Analytics → Geography and either (a) clicked the Download / update database now button, or (b) the monthly refresh cron has fired since the key was saved. Without a saved licence key, the cron fires but takes no action and Swirv makes no outbound request to MaxMind.

The licence key you enter is stored on your own server in the WordPress options table (as the swirv_maxmind_license_key option), in the same plain-text form WordPress core uses for other site credentials and API keys; Swirv applies no separate encryption to it. It is never transmitted anywhere except to MaxMind as the license_key parameter of the download request described below. Anyone with read access to your WordPress database (including other plugins running on the site) can read it, so treat your MaxMind key like any other site secret. You can clear it at any time by emptying the field and saving.

When downloading the database, Swirv issues a single HTTPS GET request to https://download.maxmind.com/app/geoip_download with three query-string parameters: edition_id=GeoLite2-Country, license_key={your key}, and suffix=tar.gz. The request uses the default WordPress HTTP API User-Agent (which includes your site URL, per WordPress core). No visitor data, click data, or WordPress account information is sent by Swirv as part of this download request.

Service: MaxMind GeoLite country database (https://www.maxmind.com)
Terms of use: https://www.maxmind.com/en/terms-of-use
Privacy policy: https://www.maxmind.com/en/privacy-policy
GeoLite end-user licence agreement: https://www.maxmind.com/en/geolite/eula

swirv.org

Swirv links the admin to swirv.org (the Swirv project’s marketing and documentation site, operated by Matt Steady) in three places:

• The About ↗ submenu item under Swirv in the WordPress admin sidebar opens https://swirv.org in a new tab. This is the Swirv project’s home page — project information, contact details, and links to documentation.
• The Swirv Pro ↗ submenu item — visible only when the Swirv Pro companion plugin is not active — opens https://swirv.org/swirvfree/upgrade.html in a new tab. This is the page describing the Swirv Pro companion plugin.
• The ★ Swirv Pro badges next to Pro-only features in the admin (the Settings → Analytics tab, the Passes and Analytics admin pages, and the Health Scan page) also open https://swirv.org/swirvfree/upgrade.html in a new tab.

These are user-initiated browser links, not server-side calls. Swirv does not send any visitor data, click data, site URL, or WordPress account information to swirv.org as part of these links — the connection happens in the user’s browser when they click the link. Standard web-server access logs on swirv.org (the visitor’s IP address, user-agent, referer) apply the same as any browser navigation to any site.

Service: swirv.org (the Swirv project’s marketing and documentation site)
Terms of use: https://swirv.org/terms.html
Privacy policy: https://swirv.org/privacy

A note on uptime-monitor names

Swirv ships a default “exclude monitor traffic” list (Settings → Analytics) containing names such as Pulsetic, UptimeRobot, Better Stack, Hyperping, StatusCake, and Pingdom. These are not external services Swirv connects to. They are text substrings Swirv matches against the User-Agent header of incoming requests to your own site, so that clicks from those uptime monitors are not counted in your analytics. No data is sent to any of these services, and no network connection is made.

Source Code and Bundled Libraries

Swirv ships two minified third-party JavaScript libraries and keeps all custom Swirv JavaScript readable and unminified.

• admin/js/chart.umd.min.js is Chart.js 4.5.1. Readable source is available at https://www.npmjs.com/package/chart.js/v/4.5.1 and https://github.com/chartjs/Chart.js/tree/v4.5.1.
• admin/js/qrcode.min.js is node-qrcode 1.5.4, bundled from the browser entry point as an IIFE that exposes window.QRCode. Readable source is available at https://www.npmjs.com/package/qrcode/v/1.5.4 and https://github.com/soldair/node-qrcode/tree/v1.5.4.