DOCUMENTATION

Documentation

Tracking Pipeline

Tracking Pipeline

The plugin uses two complementary tracking pipelines: classic behavior analytics and BH click heatmaps. Both pipelines skip administrators, respect excluded IPs, and guard post type scope on the server.

Classic behavior pipeline

  1. extended/tracking.php enqueues assets/js/tracking-core.js for non-admin frontend visitors.
  2. The script ignores iframes, administrators, and likely bot user agents.
  3. A view is sent only after the tab has been visible for the configured active-time gate. Default is 900 ms through wpmc_min_active_ms.
  4. wpmc_extended_save_view stores the view and creates or updates the session.
  5. wpmc_extended_save_view_scroll stores scroll depth thresholds after the view exists.
  6. wpmc_track_duration updates duration and session end time when the visitor leaves the page.

BH click pipeline

  1. heatclick-BH/bootstrap.php enqueues heatclick-BH/build/tracker.js as a module.
  2. The tracker detects device bucket, click coordinates, best selector, text hash, CTA pattern, fixed/sticky context, and navigation destination.
  3. Navigation clicks are sent immediately with beacon/keepalive behavior to reduce loss during page navigation.
  4. Non-navigation clicks are queued and flushed by batch size, max delay, pagehide, visibilitychange, or beforeunload.
  5. The tracker first tries the REST ingest endpoint and falls back to AJAX ingest.
  6. wpmc_bh_insert_click_batch() validates post type scope before inserting each row.

Cookies

  • wpmc_user_id: anonymous visitor identifier, generated as UUID, expires after two years, HTTP-only.
  • wpmc_session and wpmc_session_ts: classic behavior session cookies managed by the frontend script, with a 30-minute timeout.
  • wpmc_bh_session: BH session UUID cookie, generated by PHP and valid for one day.

Server-side guards

  • Administrators are ignored by classic view, duration, scroll, REST ingest, and AJAX ingest handlers.
  • Excluded IPs are ignored before script enqueue and again before server writes.
  • Classic behavior requests validate wpmc_extended_nonce.
  • Logged-in REST ingest requests require a valid wp_rest nonce.
  • REST and AJAX ingest reject requests from a different origin host.