Documentation
Tracking Pipeline
Tracking Pipeline
The plugin uses two complementary tracking pipelines: classic behavior analytics and BH click heatmaps. Both pipelines skip administrators, respect excluded IPs, and guard post type scope on the server.
Classic behavior pipeline
extended/tracking.phpenqueuesassets/js/tracking-core.jsfor non-admin frontend visitors.- The script ignores iframes, administrators, and likely bot user agents.
- A view is sent only after the tab has been visible for the configured active-time gate. Default is 900 ms through
wpmc_min_active_ms. wpmc_extended_save_viewstores the view and creates or updates the session.wpmc_extended_save_view_scrollstores scroll depth thresholds after the view exists.wpmc_track_durationupdates duration and session end time when the visitor leaves the page.
BH click pipeline
heatclick-BH/bootstrap.phpenqueuesheatclick-BH/build/tracker.jsas a module.- The tracker detects device bucket, click coordinates, best selector, text hash, CTA pattern, fixed/sticky context, and navigation destination.
- Navigation clicks are sent immediately with beacon/keepalive behavior to reduce loss during page navigation.
- Non-navigation clicks are queued and flushed by batch size, max delay, pagehide, visibilitychange, or beforeunload.
- The tracker first tries the REST ingest endpoint and falls back to AJAX ingest.
wpmc_bh_insert_click_batch()validates post type scope before inserting each row.
Cookies
wpmc_user_id: anonymous visitor identifier, generated as UUID, expires after two years, HTTP-only.wpmc_sessionandwpmc_session_ts: classic behavior session cookies managed by the frontend script, with a 30-minute timeout.wpmc_bh_session: BH session UUID cookie, generated by PHP and valid for one day.
Server-side guards
- Administrators are ignored by classic view, duration, scroll, REST ingest, and AJAX ingest handlers.
- Excluded IPs are ignored before script enqueue and again before server writes.
- Classic behavior requests validate
wpmc_extended_nonce. - Logged-in REST ingest requests require a valid
wp_restnonce. - REST and AJAX ingest reject requests from a different origin host.
