Tinker Stats for Rybbit

Changelog

1.4.1.3

• Fixed: postmeta sync was overwriting _tinker_stats_views with current-calendar-month-only data on each hourly run, causing values to collapse at month boundaries. The cron now queries lifetime cumulative metrics — start date is auto-detected from your Rybbit instance’s site creation date and cached, with sanity bounds and re-detection when connection details change.
• Refactored: filesystem operations across the proxy cache manager, MU-plugin deployer, and uninstall cleanup migrated to the WP_Filesystem API for WordPress.org coding-standards compliance.
• Refactored: MU-plugin tracking forwarder migrated from raw cURL to wp_remote_request(). Same timeout, SSL verification, and request shape as before; this is a coding-standards refactor, not a behavior change.
• Hardened: $_SERVER reads in the deployed MU-plugin now properly unslashed and sanitized.
• Note: removed the redundant Network: false plugin header line — single-site is the implicit default and only Network: true is a valid value per WordPress.org spec.

1.4.1.1

• Added: MU-plugin fast path for proxy requests. When the proxy is enabled, the plugin auto-deploys a small MU-plugin to wp-content/mu-plugins/tinker-stats-proxy.php that handles forwarded /track and /site/tracking-config/ requests directly, bypassing the full WordPress bootstrap. Works on single-site and WordPress Multisite (each subsite gets its own per-host config sidecar). Falls back automatically to the existing PHP handler if the mu-plugins directory isn’t writable; the proxy works in either mode.
• Added: Fast path status row in the proxy fieldset on the Settings page so you can see at a glance whether the MU-plugin path is active or PHP fallback is in use.
• Added: optional proxy debug logger for diagnosing visitor-IP attribution issues. Enable by adding define( 'TINKER_STATS_PROXY_DEBUG', true ); to wp-config.php. When enabled, each forwarded tracking request writes one line to the PHP error log capturing the inbound IP-related $_SERVER values, the IP the proxy resolved as the visitor’s, and the exact X-Real-IP / X-Forwarded-* headers sent to Rybbit. Off by default; safe to leave in production.
• Added: page title metadata to the home_view event — homepage hits now carry the page title alongside other custom-event metadata.
• Added: pre-flight check in the proxy enable flow that verifies WordPress root is writable by PHP. If it isn’t (some hosts lock the document root), enable surfaces a clear error and points to Rybbit’s external proxy guide as the alternative.
• Fixed: PHP warnings (“Attempt to read property on false”) on archive pages where get_queried_object() failed to resolve — most commonly bot or invalid URL hits to /author/{slug}/ for slugs that don’t match any user. The tracking script now defensively type-checks the queried object on singular, term, and author archive branches before reading properties. Unresolvable archives no longer fire tracking events with garbage metadata.
• Fixed: visitor IP attribution through the built-in proxy. The plugin now injects the resolved visitor IP into the request body of forwarded /track events. Rybbit’s track endpoint honors this body field directly, bypassing any Cloudflare or nginx layer between the WordPress server and the Rybbit backend that may otherwise overwrite reverse-proxy headers like X-Real-IP. Pageviews, custom events, errors, and outbound clicks now record the real visitor IP regardless of the Rybbit deployment topology. (Note: Rybbit’s /identify and session-replay endpoints don’t currently support this override pattern; an upstream Rybbit change would close that gap.)
• Fixed: contradicting positioning language. Plugin description and readme requirements now consistently describe Tinker Stats for Rybbit as integration with self-hosted Rybbit instances.
• Fixed: built-in proxy was forwarding tracking events with only X-Forwarded-For, causing Rybbit to record the WordPress server’s IP instead of the real visitor IP on setups that use X-Real-IP for client identification. Proxy now sets X-Forwarded-For, X-Real-IP, X-Forwarded-Proto, and X-Forwarded-Host, matching the standard reverse-proxy header pattern.
• Fixed: homepage events with custom event tracking enabled were silently dropped on some self-hosted Rybbit instances. The home_view event was sending an empty properties array ([]) instead of an empty object ({}), which Rybbit’s analytics database rejects. Some setups dropped only the home_view row; others dropped the homepage pageview alongside it.
• Fixed: built-in proxy returned 404 on managed hosts (xCloud, WP Engine, Kinsta, etc.) where nginx has a static-asset location block that returns 404 directly for missing .js files instead of falling through to PHP. Cached tracking script files now live at WordPress root in a tsr-{hash}/ directory so nginx serves them from disk as static assets. Non-static endpoints (/track, /site/tracking-config/..., etc.) continue to route through PHP under the same prefix.
• Refactored: outbound request logic factored into a shared helpers class so the MU-plugin fast path and PHP fallback produce byte-identical requests to Rybbit. Same visitor IP attribution, same headers, same body-field injection in both paths.
• Hardened: event property serialization now forces JSON object output (JSON_FORCE_OBJECT) so any future event with empty metadata can’t reproduce the same failure mode.
• Note: if you had v1.4.0’s proxy enabled, disable and re-enable after upgrading — the cache directory has moved.

1.4.0

• Added: built-in proxy feature — bypass ad blockers with one toggle. Plugin serves the Rybbit tracking script and forwards tracking events through your own domain via a randomized first-party path (e.g. /k3p9m2qr/script.js).
• Added: Settings → Tracking → “Bypass Ad Blockers” fieldset with proxy enable/disable, paths display, copy-to-clipboard, Refresh Now, Regenerate Paths, and Test Proxy actions.
• Added: daily cron refresh of cached script.js, replay.js, and metrics.js from your Rybbit instance. Filterable via tinker_stats_proxy_refresh_interval.
• Added: tracking POST forwarding (/[hash]/track) preserves real visitor IP via X-Forwarded-For (Cloudflare-aware).
• Added: catch-all forwarder for any future Rybbit endpoint under /api/* — proxy keeps working without plugin update if Rybbit adds new endpoints.
• Added: cache directory at /wp-content/uploads/tinker-stats-proxy-cache/ survives plugin updates.
• Added: hash regeneration via Regenerate Paths button — cache files preserved (URL-independent shared dir).
• Note: this version uses WordPress’s parse_request for routing, which works on all single-site and multisite installs. A faster MU-plugin path for single-site installs is planned for a future release.

1.3.2

• Added: multisite compatibility — network activation now installs defaults and schedules cron on every existing subsite. New subsites added to a network where the plugin is network-active automatically get defaults and cron set up.
• Added: lazy cron-schedule fallback ensures the postmeta sync runs on every subsite even if the activation hook missed it.
• Added: multisite-aware uninstall — cleanup runs on every subsite, no more orphaned options or postmeta.
• Added: activation redirect — after activating on a single site or per-subsite, you’re sent straight to the Settings page.
• Added: Settings moved to a top-level menu (Tinker Stats) in preparation for future Events and Stats submenu pages.
• Added: contextual hint next to Site ID field on multisite subsites, explaining how Rybbit’s domain-based site organization maps to subdirectory/subdomain/mapped subsites.
• Added: contextual hint next to Script URL field about ad blockers, with a link to Rybbit’s proxy guide.
• Fixed: “Settings saved” notice not appearing after saving — top-level menus require an explicit notice render call.
• Fixed: top-level menu position moved into the plugin group (below the separator after Settings) instead of squeezed between Settings and Tools.
• Documentation: expanded Multisite section in readme with explicit Rybbit URL pattern compatibility.
• Documentation: new FAQ entry for “My visits aren’t being counted” addressing ad blockers.

1.3.0

• Initial release.