Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3463996

Timestamp:

02/18/2026 07:07:10 AM (6 weeks ago)

Author:

supportfromrichard

Message:

Release v0.6.0 — Referral spam filtering, IP tracking, dashboard icons, and Hub API endpoints.

Built-in blocklist of 30+ ghost referrer domains with auto-cleanup
Manual referrer domain blocking in Settings
IP address tracking with anonymisation support
Self-referral filtering for Top Referring Sites
Country flag emoji and full country names
Dashicons for traffic sources and referring domains
Last 24 Hours date preset
REST API /bulk and /daily endpoints for Hub integration
Human traffic percentage in summary stats

Location:

sfr-analytics

Files:

: 29 added
: 8 edited

tags/0.6.0 (added)
tags/0.6.0/admin (added)
tags/0.6.0/admin/views (added)
tags/0.6.0/admin/views/campaigns.php (added)
tags/0.6.0/admin/views/dashboard.php (added)
tags/0.6.0/admin/views/settings.php (added)
tags/0.6.0/assets (added)
tags/0.6.0/assets/css (added)
tags/0.6.0/assets/css/admin.css (added)
tags/0.6.0/assets/js (added)
tags/0.6.0/assets/js/admin.js (added)
tags/0.6.0/assets/js/campaigns.js (added)
tags/0.6.0/assets/vendor (added)
tags/0.6.0/assets/vendor/chart-js (added)
tags/0.6.0/assets/vendor/chart-js/chart.min.js (added)
tags/0.6.0/docs (added)
tags/0.6.0/docs/SETTINGS_GUIDE.md (added)
tags/0.6.0/includes (added)
tags/0.6.0/includes/class-sfran-admin.php (added)
tags/0.6.0/includes/class-sfran-assets.php (added)
tags/0.6.0/includes/class-sfran-conflict-check.php (added)
tags/0.6.0/includes/class-sfran-rest-api.php (added)
tags/0.6.0/includes/class-sfran-session.php (added)
tags/0.6.0/includes/class-sfran-tracker.php (added)
tags/0.6.0/includes/functions.php (added)
tags/0.6.0/languages (added)
tags/0.6.0/readme.txt (added)
tags/0.6.0/sfr-analytics.php (added)
tags/0.6.0/uninstall.php (added)
trunk/admin/views/dashboard.php (modified) (5 diffs)
trunk/admin/views/settings.php (modified) (2 diffs)
trunk/assets/js/admin.js (modified) (1 diff)
trunk/includes/class-sfran-rest-api.php (modified) (2 diffs)
trunk/includes/class-sfran-tracker.php (modified) (10 diffs)
trunk/includes/functions.php (modified) (4 diffs)
trunk/readme.txt (modified) (2 diffs)
trunk/sfr-analytics.php (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

sfr-analytics/trunk/admin/views/dashboard.php

-                      r3463796
+                      r3463996
         <div class="sfran-date-presets">
             <button type="button" class="button sfran-preset-btn" data-preset="today"><?php esc_html_e('Today', 'sfr-analytics'); ?></button>
+            <button type="button" class="button sfran-preset-btn" data-preset="last24h"><?php esc_html_e('Last 24 Hours', 'sfr-analytics'); ?></button>
             <button type="button" class="button sfran-preset-btn" data-preset="last7"><?php esc_html_e('Last 7 Days', 'sfr-analytics'); ?></button>
             <button type="button" class="button sfran-preset-btn" data-preset="last30"><?php esc_html_e('Last 30 Days', 'sfr-analytics'); ?></button>
 …
                         foreach ($sfran_traffic_sources as $sfran_source):
                             $sfran_percentage = $sfran_total_visits > 0 ? round(($sfran_source['visits'] / $sfran_total_visits) * 100, 1) : 0;
+                            $sfran_src_icon = sfran_traffic_source_icon( $sfran_source['type'] );
                         ?>
                             <tr>
                                 <td><strong><?php echo esc_html($sfran_source['type']); ?></strong></td>
+                                <td><span class="dashicons <?php echo esc_attr( $sfran_src_icon ); ?>" style="font-size: 16px; width: 16px; height: 16px; margin-right: 6px; vertical-align: middle; color: #2271b1;"></span><strong><?php echo esc_html($sfran_source['type']); ?></strong></td>
                                 <td><?php echo number_format($sfran_source['visits']); ?></td>
                                 <td><?php echo number_format($sfran_source['visitors']); ?></td>
 …
             echo $sfran_is_hidden ? 'display: none;' : '';
         ?>">
             <p class="description" style="margin-bottom: 10px;"><?php esc_html_e('Individual websites that sent traffic to your site.', 'sfr-analytics'); ?></p>
+            <p class="description" style="margin-bottom: 10px;"><?php esc_html_e('Individual websites that sent traffic to your site. Direct visitors (no referrer) are not listed here — see Traffic Sources above for the full breakdown.', 'sfr-analytics'); ?></p>
             <table class="wp-list-table widefat fixed striped">
                 <thead>
 …
                     foreach ($sfran_top_referrers as $sfran_ref):
                         $sfran_bar_width = $sfran_max_ref_views > 0 ? round(($sfran_ref['views'] / $sfran_max_ref_views) * 100) : 0;
+                        $sfran_ref_icon = 'dashicons-admin-site-alt3';
+                        $sfran_ref_domain_lower = strtolower( $sfran_ref['domain'] );
+                        if ( false !== strpos( $sfran_ref_domain_lower, 'google' ) ) {
+                            $sfran_ref_icon = 'dashicons-google';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'facebook' ) || false !== strpos( $sfran_ref_domain_lower, 'fb.com' ) ) {
+                            $sfran_ref_icon = 'dashicons-facebook-alt';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'twitter' ) || false !== strpos( $sfran_ref_domain_lower, 'x.com' ) || false !== strpos( $sfran_ref_domain_lower, 't.co' ) ) {
+                            $sfran_ref_icon = 'dashicons-twitter';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'instagram' ) ) {
+                            $sfran_ref_icon = 'dashicons-instagram';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'youtube' ) ) {
+                            $sfran_ref_icon = 'dashicons-video-alt3';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'linkedin' ) ) {
+                            $sfran_ref_icon = 'dashicons-linkedin';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'reddit' ) ) {
+                            $sfran_ref_icon = 'dashicons-reddit';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'pinterest' ) ) {
+                            $sfran_ref_icon = 'dashicons-pinterest';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'bing' ) ) {
+                            $sfran_ref_icon = 'dashicons-search';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'yahoo' ) ) {
+                            $sfran_ref_icon = 'dashicons-search';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'duckduckgo' ) ) {
+                            $sfran_ref_icon = 'dashicons-search';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'mail' ) || false !== strpos( $sfran_ref_domain_lower, 'outlook' ) ) {
+                            $sfran_ref_icon = 'dashicons-email-alt';
+                        } elseif ( false !== strpos( $sfran_ref_domain_lower, 'wordpress' ) ) {
+                            $sfran_ref_icon = 'dashicons-wordpress';
+                        }
                     ?>
                         <tr>
                             <td><strong><?php echo esc_html($sfran_ref['domain']); ?></strong></td>
+                            <td><span class="dashicons <?php echo esc_attr( $sfran_ref_icon ); ?>" style="font-size: 16px; width: 16px; height: 16px; margin-right: 6px; vertical-align: middle; color: #2271b1;"></span><strong><?php echo esc_html($sfran_ref['domain']); ?></strong></td>
                             <td><?php echo esc_html(number_format($sfran_ref['views'])); ?></td>
                             <td><?php echo esc_html(number_format($sfran_ref['visitors'])); ?></td>
                             <td><?php echo esc_html($sfran_ref['percentage']); ?>%</td>
+                            <td><?php echo esc_html(number_format($sfran_ref['percentage'], 1)); ?>%</td>
                             <td>
                                 <div style="background: #e8f0fe; border-radius: 3px; height: 20px; width: 100%;">
 …
                     foreach ($sfran_geographic_data as $sfran_geo):
                         $sfran_percentage = $sfran_total_geo_views > 0 ? round(($sfran_geo->views / $sfran_total_geo_views) * 100, 1) : 0;
+                        $sfran_country_name = $sfran_geo->country_code === 'Unknown' ? __('Unknown', 'sfr-analytics') : $sfran_geo->country_code;
+                        $sfran_flag = sfran_country_flag_emoji( $sfran_geo->country_code );
+                        $sfran_country_label = $sfran_geo->country_code === 'Unknown'
+                            ? __('Unknown', 'sfr-analytics')
+                            : sfran_country_name( $sfran_geo->country_code );
                     ?>
                         <tr>
                             <td><strong><?php echo esc_html($sfran_country_name); ?></strong></td>
+                            <td><strong><?php if ( $sfran_flag ) { echo '<span style="font-size: 1.2em; margin-right: 6px;">' . esc_html( $sfran_flag ) . '</span>'; } echo esc_html( $sfran_country_label ); ?></strong></td>
                             <td><?php echo number_format($sfran_geo->views); ?></td>
                             <td><?php echo number_format($sfran_geo->visitors); ?></td>

sfr-analytics/trunk/admin/views/settings.php

-                      r3463796
+                      r3463996
+}
+// Handle referrer exclusion actions
+if (isset($_POST['sfran_add_referrer']) && check_admin_referer('sfran_add_referrer')) {
+    if (current_user_can('manage_options')) {
+        $sfran_new_referrer = isset($_POST['sfran_new_referrer_domain']) ? strtolower(sanitize_text_field(wp_unslash($_POST['sfran_new_referrer_domain']))) : '';
+        // Strip protocol and trailing slashes
+        $sfran_new_referrer = preg_replace('#^https?://#', '', $sfran_new_referrer);
+        $sfran_new_referrer = preg_replace('#^www\.#', '', $sfran_new_referrer);
+        $sfran_new_referrer = rtrim($sfran_new_referrer, '/');
+        if (!empty($sfran_new_referrer) && preg_match('/^[a-z0-9]([a-z0-9\-\.]*[a-z0-9])?(\.[a-z]{2,})+$/i', $sfran_new_referrer)) {
+            $sfran_exclude_referrers_list = get_option('sfran_exclude_referrers', []);
+            if (!in_array($sfran_new_referrer, $sfran_exclude_referrers_list, true)) {
+                $sfran_exclude_referrers_list[] = $sfran_new_referrer;
+                update_option('sfran_exclude_referrers', array_values(array_unique($sfran_exclude_referrers_list)));
+                $sfran_cleaned = function_exists('sfran_cleanup_referrer_spam') ? sfran_cleanup_referrer_spam(array($sfran_new_referrer)) : 0;
+                echo '<div class="notice notice-success"><p>';
+                echo esc_html(sprintf(
+                    /* translators: 1: domain name, 2: number of records cleaned */
+                    __('%1$s added to referrer blocklist. %2$d existing record(s) cleaned from the database.', 'sfr-analytics'),
+                    $sfran_new_referrer,
+                    $sfran_cleaned
+                ));
+                echo '</p></div>';
+            } else {
+                echo '<div class="notice notice-warning"><p>' . esc_html__('That domain is already in the blocklist.', 'sfr-analytics') . '</p></div>';
+            }
+        } else {
+            echo '<div class="notice notice-error"><p>' . esc_html__('Please enter a valid domain name (e.g. ghost-rider.site, semalt.com).', 'sfr-analytics') . '</p></div>';
+        }
+    }
+}
+if (isset($_POST['sfran_remove_referrer']) && check_admin_referer('sfran_remove_referrer')) {
+    if (current_user_can('manage_options')) {
+        $sfran_remove_referrer_domain = isset($_POST['sfran_remove_referrer_domain']) ? sanitize_text_field(wp_unslash($_POST['sfran_remove_referrer_domain'])) : '';
+        $sfran_exclude_referrers_list = get_option('sfran_exclude_referrers', []);
+        $sfran_exclude_referrers_list = array_values(array_diff($sfran_exclude_referrers_list, [$sfran_remove_referrer_domain]));
+        update_option('sfran_exclude_referrers', $sfran_exclude_referrers_list);
+        echo '<div class="notice notice-success"><p>' . esc_html(sprintf(
+            /* translators: %s is the domain name */
+            __('%s removed from referrer blocklist. Note: existing data was already cleaned when the domain was added.', 'sfr-analytics'),
+            $sfran_remove_referrer_domain
+        )) . '</p></div>';
+    }
+}
 // Re-read after actions
 $sfran_exclude_ips = get_option('sfran_exclude_ips', []);
 $sfran_exclude_countries = get_option('sfran_exclude_countries', []);
+$sfran_exclude_referrers = get_option('sfran_exclude_referrers', []);
+$sfran_builtin_spam_domains = function_exists('sfran_get_builtin_spam_referrers') ? sfran_get_builtin_spam_referrers() : [];
 ?>
 …
     <div class="sfran-content-section" style="margin-top: 30px;">
+        <h2><?php esc_html_e('Referrer Spam Filtering', 'sfr-analytics'); ?></h2>
+        <div style="background: #f0f6fc; border: 1px solid #c3d4e5; border-radius: 4px; padding: 15px; margin-bottom: 20px;">
+            <p style="margin-top: 0;"><strong><?php esc_html_e('What is referrer spam?', 'sfr-analytics'); ?></strong></p>
+            <p><?php esc_html_e('Referrer spam (also called "ghost referrals") are fake visits from bots that never actually load your site. They send fake referrer headers to pollute your analytics data, hoping you\'ll visit their URLs out of curiosity. Common examples include ghost-rider, semalt, and buttons-for-website.', 'sfr-analytics'); ?></p>
+            <p style="margin-bottom: 0;"><strong><?php esc_html_e('How to identify spam referrers:', 'sfr-analytics'); ?></strong></p>
+            <ul style="list-style: disc; margin-left: 20px; margin-top: 5px;">
+                <li><?php esc_html_e('Go to your Dashboard and check the "Top Referring Sites" section.', 'sfr-analytics'); ?></li>
+                <li><?php esc_html_e('Look for domains you don\'t recognise and that have never genuinely linked to your site.', 'sfr-analytics'); ?></li>
+                <li><?php esc_html_e('Spam referrers often have odd or promotional-sounding domain names.', 'sfr-analytics'); ?></li>
+            </ul>
+            <p style="margin-bottom: 0;"><strong><?php esc_html_e('What happens when you block a domain:', 'sfr-analytics'); ?></strong></p>
+            <ul style="list-style: disc; margin-left: 20px; margin-top: 5px;">
+                <li><?php esc_html_e('All existing records with that referrer are immediately cleaned from your database.', 'sfr-analytics'); ?></li>
+                <li><?php esc_html_e('Future visits from that domain will still be counted as pageviews, but the referrer will not appear in your reports.', 'sfr-analytics'); ?></li>
+                <li><?php esc_html_e('Your pageview, visitor, and session counts are preserved — only the referrer field is cleared.', 'sfr-analytics'); ?></li>
+            </ul>
+        </div>
+        <h3><?php esc_html_e('Built-in Spam Domains', 'sfr-analytics'); ?></h3>
+        <p class="description"><?php esc_html_e('These known spam domains are automatically blocked. No action needed — this list is maintained with each plugin update.', 'sfr-analytics'); ?></p>
+        <div style="background: #f1f1f1; padding: 10px 15px; border-radius: 4px; margin: 10px 0 20px; font-family: monospace; font-size: 12px; max-height: 120px; overflow-y: auto;">
+            <?php echo esc_html(implode(', ', $sfran_builtin_spam_domains)); ?>
+        </div>
+        <h3><?php esc_html_e('Add Custom Blocked Domain', 'sfr-analytics'); ?></h3>
+        <form method="post" action="" style="display: flex; gap: 10px; align-items: flex-start; flex-wrap: wrap;">
+            <?php wp_nonce_field('sfran_add_referrer'); ?>
+            <input type="hidden" name="sfran_add_referrer" value="1">
+            <div>
+                <input type="text" name="sfran_new_referrer_domain" placeholder="<?php esc_attr_e('e.g. spam-domain.com', 'sfr-analytics'); ?>" class="regular-text" style="width: 300px;" />
+                <p class="description"><?php esc_html_e('Enter the domain name only (no https:// or paths). Copy it from your Top Referring Sites list.', 'sfr-analytics'); ?></p>
+            </div>
+            <button type="submit" class="button button-primary"><?php esc_html_e('Block Domain', 'sfr-analytics'); ?></button>
+        </form>
+        <h3 style="margin-top: 20px;"><?php esc_html_e('Custom Blocked Domains', 'sfr-analytics'); ?></h3>
+        <?php if (!empty($sfran_exclude_referrers)): ?>
+            <table class="wp-list-table widefat fixed striped" style="max-width: 500px;">
+                <thead>
+                    <tr>
+                        <th style="width: 70%;"><?php esc_html_e('Domain', 'sfr-analytics'); ?></th>
+                        <th style="width: 30%;"><?php esc_html_e('Actions', 'sfr-analytics'); ?></th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php foreach ($sfran_exclude_referrers as $sfran_blocked_domain): ?>
+                        <tr>
+                            <td><code><?php echo esc_html($sfran_blocked_domain); ?></code></td>
+                            <td>
+                                <form method="post" action="" style="display: inline;" onsubmit="return confirm('<?php esc_attr_e('Remove this domain from the blocklist? Note: this will not restore previously cleaned referrer data.', 'sfr-analytics'); ?>');">
+                                    <?php wp_nonce_field('sfran_remove_referrer'); ?>
+                                    <input type="hidden" name="sfran_remove_referrer" value="1">
+                                    <input type="hidden" name="sfran_remove_referrer_domain" value="<?php echo esc_attr($sfran_blocked_domain); ?>">
+                                    <button type="submit" class="button button-small" style="color: #d63638;"><?php esc_html_e('Remove', 'sfr-analytics'); ?></button>
+                                </form>
+                            </td>
+                        </tr>
+                    <?php endforeach; ?>
+                </tbody>
+            </table>
+        <?php else: ?>
+            <p><em><?php esc_html_e('No custom blocked domains. The built-in list above is still active.', 'sfr-analytics'); ?></em></p>
+        <?php endif; ?>
+    </div>
+    <div class="sfran-content-section" style="margin-top: 30px;">
         <h2><?php esc_html_e('Data Management', 'sfr-analytics'); ?></h2>

sfr-analytics/trunk/assets/js/admin.js

-                      r3463796
+                      r3463996
             case 'today':
                 start = formatDate(today);
+                break;
+            case 'last24h':
+                var d1 = new Date(today);
+                d1.setDate(d1.getDate() - 1);
+                start = formatDate(d1);
                 break;
             case 'last7':

sfr-analytics/trunk/includes/class-sfran-rest-api.php

-                      r3463796
+                      r3463996
             'permission_callback' => [__CLASS__, 'check_permission'],
             'args' => self::get_date_limit_args()
+        ]);
+        // Bulk endpoint — returns all data types in a single request (used by Hub)
+        register_rest_route('sfran/v1', '/bulk', [
+            'methods' => 'GET',
+            'callback' => [__CLASS__, 'get_bulk'],
+            'permission_callback' => [__CLASS__, 'check_permission'],
+            'args' => self::get_date_limit_args()
+        ]);
+        // Daily endpoint — returns per-day snapshots for Hub permanent storage
+        register_rest_route('sfran/v1', '/daily', [
+            'methods' => 'GET',
+            'callback' => [__CLASS__, 'get_daily'],
+            'permission_callback' => [__CLASS__, 'check_permission'],
+            'args' => self::get_date_range_args()
         ]);
+    }
 …
         ]);
+    }
+    /**
+     * Bulk endpoint — returns all analytics data types in a single request.
+     * Used by SFR Analytics Hub to avoid 13 sequential HTTP calls.
+     */
+    public static function get_bulk($request) {
+        $start_date = $request->get_param('start_date');
+        $end_date   = $request->get_param('end_date');
+        $limit      = $request->get_param('limit') ?: 10;
+        // Validate date range
+        if (strtotime($end_date) < strtotime($start_date)) {
+            return new WP_Error('invalid_date_range', __('End date must be after start date.', 'sfr-analytics'), ['status' => 400]);
+        }
+        $days_diff = (strtotime($end_date) - strtotime($start_date)) / 86400;
+        if ($days_diff > 365) {
+            return new WP_Error('date_range_too_large', __('Date range cannot exceed 365 days.', 'sfr-analytics'), ['status' => 400]);
+        }
+        $result = [];
+        // 1. Summary
+        $result['summary'] = sfran_calculate_summary_stats($start_date, $end_date, false);
+        // 2. Top content
+        $top_content_raw = sfran_get_top_content($start_date, $end_date, $limit, 0, '');
+        $top_content = [];
+        foreach ($top_content_raw as $post) {
+            $top_content[] = [
+                'post_id'  => intval($post->post_id),
+                'title'    => $post->post_title ?: __('(No Title)', 'sfr-analytics'),
+                'views'    => intval($post->views),
+                'visitors' => intval($post->visitors),
+                'url'      => get_permalink($post->post_id),
+            ];
+        }
+        $result['top_content'] = ['posts' => $top_content, 'total' => count($top_content)];
+        // 3. Traffic sources (both limit=10 for table and limit=15 for chart)
+        $sources_10 = sfran_get_traffic_sources($start_date, $end_date, $limit);
+        $sources_15 = sfran_get_traffic_sources($start_date, $end_date, 15);
+        $fmt_sources = function ($sources) {
+            $total = array_sum(wp_list_pluck($sources, 'visits'));
+            $out = [];
+            foreach ($sources as $s) {
+                $out[] = [
+                    'referrer'   => $s->referrer,
+                    'visits'     => intval($s->visits),
+                    'visitors'   => intval($s->visitors),
+                    'percentage' => $total > 0 ? round(($s->visits / $total) * 100, 2) : 0,
+                ];
+            }
+            return ['sources' => $out, 'total_visits' => $total];
+        };
+        $result['traffic_sources']    = $fmt_sources($sources_10);
+        $result['traffic_sources_15'] = $fmt_sources($sources_15);
+        // 4. Time series
+        $ts_rows = function_exists('sfran_get_time_series') ? sfran_get_time_series($start_date, $end_date) : [];
+        $ts_formatted = [];
+        foreach ($ts_rows as $row) {
+            $ts_formatted[] = [
+                'date'     => $row->date,
+                'views'    => intval($row->views),
+                'visitors' => intval($row->visitors),
+                'sessions' => intval($row->sessions),
+            ];
+        }
+        $result['time_series'] = ['series' => $ts_formatted];
+        // 5. Campaigns
+        $result['campaigns'] = ['campaigns' => function_exists('sfran_get_campaign_stats') ? sfran_get_campaign_stats($start_date, $end_date) : []];
+        // 6. Entry pages
+        $entry_raw = function_exists('sfran_get_entry_pages') ? sfran_get_entry_pages($start_date, $end_date, $limit) : [];
+        $entry_fmt = [];
+        foreach ($entry_raw as $page) {
+            $post = get_post($page->post_id);
+            $entry_fmt[] = [
+                'post_id'  => intval($page->post_id),
+                'title'    => $post ? $post->post_title : __('(Deleted Post)', 'sfr-analytics'),
+                'url'      => get_permalink($page->post_id),
+                'entries'  => intval($page->entries),
+                'visitors' => intval($page->unique_visitors),
+            ];
+        }
+        $result['entry_pages'] = ['pages' => $entry_fmt];
+        // 7. Exit pages
+        $exit_raw = function_exists('sfran_get_exit_pages') ? sfran_get_exit_pages($start_date, $end_date, $limit) : [];
+        $exit_fmt = [];
+        foreach ($exit_raw as $page) {
+            $post = get_post($page->post_id);
+            $exit_fmt[] = [
+                'post_id'  => intval($page->post_id),
+                'title'    => $post ? $post->post_title : __('(Deleted Post)', 'sfr-analytics'),
+                'url'      => get_permalink($page->post_id),
+                'exits'    => intval($page->exits),
+                'visitors' => intval($page->unique_visitors),
+            ];
+        }
+        $result['exit_pages'] = ['pages' => $exit_fmt];
+        // 8. Referrers
+        $result['referrers'] = ['referrers' => function_exists('sfran_get_top_referrers') ? sfran_get_top_referrers($start_date, $end_date, 20) : []];
+        // 9. Devices
+        $devices_raw = function_exists('sfran_get_device_breakdown') ? sfran_get_device_breakdown($start_date, $end_date) : [];
+        $devices_fmt = [];
+        foreach ($devices_raw as $d) {
+            $devices_fmt[] = [
+                'device_type' => $d->device_type,
+                'views'       => intval($d->views),
+                'visitors'    => intval($d->visitors),
+            ];
+        }
+        $result['devices'] = ['devices' => $devices_fmt];
+        // 10. Browsers & OS
+        $browsers_raw = function_exists('sfran_get_browser_breakdown') ? sfran_get_browser_breakdown($start_date, $end_date, $limit) : [];
+        $os_raw       = function_exists('sfran_get_os_breakdown') ? sfran_get_os_breakdown($start_date, $end_date, $limit) : [];
+        $browsers_fmt = [];
+        foreach ($browsers_raw as $b) {
+            $browsers_fmt[] = ['browser' => $b->browser, 'views' => intval($b->views), 'visitors' => intval($b->visitors)];
+        }
+        $os_fmt = [];
+        foreach ($os_raw as $o) {
+            $os_fmt[] = ['os' => $o->os, 'views' => intval($o->views), 'visitors' => intval($o->visitors)];
+        }
+        $result['browsers'] = ['browsers' => $browsers_fmt, 'operating_systems' => $os_fmt];
+        // 11. Geographic
+        $geo_raw = function_exists('sfran_get_geographic_breakdown') ? sfran_get_geographic_breakdown($start_date, $end_date, 15) : [];
+        $geo_fmt = [];
+        foreach ($geo_raw as $c) {
+            $geo_fmt[] = ['country_code' => $c->country_code, 'views' => intval($c->views), 'visitors' => intval($c->visitors)];
+        }
+        $result['geographic'] = ['countries' => $geo_fmt];
+        return rest_ensure_response([
+            'success'   => true,
+            'data'      => $result,
+            'timestamp' => current_time('c'),
+        ]);
+    }
+    /**
+     * Daily endpoint — returns per-day snapshots for Hub permanent storage.
+     *
+     * Runs ~10 GROUP BY DATE queries (efficient) and returns all data types per day.
+     * Used by the Hub sync engine to fetch and store daily data incrementally.
+     *
+     * @param WP_REST_Request $request Request object
+     * @return WP_REST_Response|WP_Error Response
+     */
+    public static function get_daily( $request ) {
+        $start_date = $request->get_param( 'start_date' );
+        $end_date   = $request->get_param( 'end_date' );
+        // Validate date range
+        if ( strtotime( $end_date ) < strtotime( $start_date ) ) {
+            return new WP_Error( 'invalid_date_range', __( 'End date must be after start date.', 'sfr-analytics' ), [ 'status' => 400 ] );
+        }
+        $days_diff = ( strtotime( $end_date ) - strtotime( $start_date ) ) / 86400;
+        if ( $days_diff > 365 ) {
+            return new WP_Error( 'date_range_too_large', __( 'Date range cannot exceed 365 days.', 'sfr-analytics' ), [ 'status' => 400 ] );
+        }
+        $data = sfran_get_daily_breakdown( $start_date, $end_date );
+        return rest_ensure_response( [
+            'success'    => true,
+            'days'       => $data,
+            'start_date' => $start_date,
+            'end_date'   => $end_date,
+            'timestamp'  => current_time( 'c' ),
+        ] );
+    }
+}

sfr-analytics/trunk/includes/class-sfran-tracker.php

-                      r3463796
+                      r3463996
             'os' => $device_info['os'],
             'user_agent_hash' => hash('sha256', $user_agent),
+            'ip_address' => self::get_tracking_ip(),
             'is_bot' => $is_bot ? 1 : 0,
             'is_entry' => $is_entry_page ? 1 : 0,
 …
             $browser_placeholder = ($data['browser'] === null || $data['browser'] === '') ? 'NULL' : '%s';
             $os_placeholder = ($data['os'] === null || $data['os'] === '') ? 'NULL' : '%s';
+            $placeholders[] = "(%d, %s, %s, %s, %s, %s, %s, %s, %s, {$country_placeholder}, %s, {$browser_placeholder}, {$os_placeholder}, %s, %d, %d, %d, %d)";
+            $ip_placeholder = (isset($data['ip_address']) && $data['ip_address'] !== null && $data['ip_address'] !== '') ? '%s' : 'NULL';
+            $placeholders[] = "(%d, %s, %s, %s, %s, %s, %s, %s, %s, {$country_placeholder}, %s, {$browser_placeholder}, {$os_placeholder}, %s, {$ip_placeholder}, %d, %d, %d, %d)";
             $values[] = $data['post_id'];
 …
+            }
             $values[] = $data['user_agent_hash'];
+            // Only add ip_address to values if it's not null
+            if (isset($data['ip_address']) && $data['ip_address'] !== null && $data['ip_address'] !== '') {
+                $values[] = $data['ip_address'];
+            }
             $values[] = $data['is_bot'];
             $values[] = $data['is_entry'];
 …
         // Build query - table name is safe (from $wpdb->prefix)
         // Column names are hardcoded, so safe
         $column_list = 'post_id, post_type, viewed_at, visitor_hash, session_hash, referrer, utm_source, utm_medium, utm_campaign, country_code, device_type, browser, os, user_agent_hash, is_bot, is_entry, is_exit, is_verified';
+        $column_list = 'post_id, post_type, viewed_at, visitor_hash, session_hash, referrer, utm_source, utm_medium, utm_campaign, country_code, device_type, browser, os, user_agent_hash, ip_address, is_bot, is_entry, is_exit, is_verified';
         $query = "INSERT INTO {$table} ({$column_list}) VALUES " . implode(', ', $placeholders);
 …
             return null;
+        }
+        // Don't track excluded referrer domains (spam filtering)
+        $excluded_referrers = get_option('sfran_exclude_referrers', array());
+        $builtin_referrers = sfran_get_builtin_spam_referrers();
+        $all_excluded = array_merge($builtin_referrers, $excluded_referrers);
+        $ref_domain = isset($ref_url_parsed['host']) ? strtolower($ref_url_parsed['host']) : '';
+        // Remove www. prefix for matching
+        $ref_domain = preg_replace('/^www\./', '', $ref_domain);
+        foreach ($all_excluded as $blocked) {
+            $blocked = strtolower(trim($blocked));
+            if (empty($blocked)) {
+                continue;
+            }
+            if ($ref_domain === $blocked || substr($ref_domain, -(strlen($blocked) + 1)) === '.' . $blocked) {
+                return null;
+            }
+        }
         return $referrer;
 …
+    }
+    /**
+     * Get IP address for storage — respects the anonymize-IP setting.
+     *
+     * @return string|null IP address (anonymised if setting enabled), or null on failure.
+     */
+    private static function get_tracking_ip() {
+        $ip = sfran_get_client_ip();
+        if (empty($ip)) {
+            return null;
+        }
+        if (get_option('sfran_anonymize_ip', false)) {
+            // Zero the last octet for IPv4, last 80 bits for IPv6
+            if (strpos($ip, ':') !== false) {
+                // IPv6 — mask to /48
+                $packed = inet_pton($ip);
+                if ($packed !== false) {
+                    $ip = inet_ntop(substr($packed, 0, 6) . str_repeat("\0", 10));
+                }
+            } else {
+                // IPv4 — mask to /24 (e.g. 1.2.3.4 → 1.2.3.0)
+                $ip = preg_replace('/\.\d+$/', '.0', $ip);
+            }
+        }
+        return sanitize_text_field($ip);
+    }
     /**
      * Get country code from available sources
 …
             os VARCHAR(50),
             user_agent_hash VARCHAR(64),
+            ip_address VARCHAR(45) DEFAULT NULL,
             is_bot TINYINT(1) DEFAULT 0,
             is_entry TINYINT(1) DEFAULT 0,
 …
      * Schema version: bump when adding new columns/indexes so upgrade runs again.
      */
     const SCHEMA_VERSION = 2;
+    const SCHEMA_VERSION = 3;
     /**
 …
             'is_exit' => "ALTER TABLE {$table} ADD COLUMN is_exit TINYINT(1) DEFAULT 0 AFTER is_entry",
             'is_verified' => "ALTER TABLE {$table} ADD COLUMN is_verified TINYINT(1) DEFAULT 0 AFTER is_exit",
+            'ip_address' => "ALTER TABLE {$table} ADD COLUMN ip_address VARCHAR(45) DEFAULT NULL AFTER user_agent_hash",
         ];
 …
             'idx_device_type' => "ALTER TABLE {$table} ADD INDEX idx_device_type (device_type)",
             'idx_verified' => "ALTER TABLE {$table} ADD INDEX idx_verified (is_verified, viewed_at)",
+            'idx_ip_address' => "ALTER TABLE {$table} ADD INDEX idx_ip_address (ip_address)",
         ];

sfr-analytics/trunk/includes/functions.php

-                      r3463796
+                      r3463996
         'visitors' => intval($stats->visitors ?? 0),
         'sessions' => intval($stats->sessions ?? 0),
+        'human_percentage' => round(floatval($stats->human_percentage ?? 0), 1),
         'verified_percentage' => 100
     ];
 …
     // Get the site's own domain to exclude self-referrals
     $site_host = wp_parse_url(home_url(), PHP_URL_HOST);
+    $site_host_normalised = preg_replace('/^www\./', '', $site_host);
     // Get all non-empty referrers in the date range
 …
     foreach ($referrers as $row) {
         $host = wp_parse_url($row->referrer, PHP_URL_HOST);
         if (empty($host) || $host === $site_host) {
+        if (empty($host)) {
             continue;
+        }
         // Remove www. prefix for grouping
         $host = preg_replace('/^www\./', '', $host);
+        // Skip self-referrals (compare after www. stripping)
+        if ($host === $site_host_normalised) {
+            continue;
+        }
         if (!isset($domains[$host])) {
 …
     return $results;
+}
+/**
+ * Get built-in list of known referral spam domains.
+ *
+ * These are ghost referrers and spam bots that send fake referrer headers.
+ * They never actually visit your site but pollute analytics data.
+ *
+ * @return array List of spam domain strings.
+ */
+function sfran_get_builtin_spam_referrers() {
+    return array(
+        'ghost-rider.site',
+        'semalt.com',
+        'buttons-for-website.com',
+        'buttons-for-your-website.com',
+        'darodar.com',
+        'ilovevitaly.com',
+        'priceg.com',
+        'hulfingtonpost.com',
+        'best-seo-offer.com',
+        'best-seo-solution.com',
+        'get-free-traffic-now.com',
+        'buy-cheap-online.info',
+        'free-social-buttons.com',
+        'free-share-buttons.com',
+        'event-tracking.com',
+        'trafficmonetize.org',
+        'traffic2money.com',
+        'success-seo.com',
+        'webmonetizer.net',
+        'seo-platform.com',
+        'ranksonic.info',
+        'rankings-analytics.com',
+        'floating-share-buttons.com',
+        'o-o-8-o-o.com',
+        '4webmasters.org',
+        'cenoval.ru',
+        'savetubevideo.com',
+        'descargar-musica-gratis.net',
+        'kambasoft.com',
+        'screentoolkit.com',
+    );
+}
+/**
+ * Clean referrer spam entries from the database.
+ *
+ * Sets the referrer field to NULL for any pageview records where the
+ * referrer domain matches one of the provided spam domains. This preserves
+ * the pageview data itself (views, visitors, sessions still count).
+ *
+ * @param array $domains List of domain strings to clean.
+ * @return int Number of records cleaned.
+ */
+function sfran_cleanup_referrer_spam( $domains ) {
+    if ( empty( $domains ) ) {
+        return 0;
+    }
+    global $wpdb;
+    $table = $wpdb->prefix . 'sfran_analytics';
+    $cleaned = 0;
+    foreach ( $domains as $domain ) {
+        $domain = strtolower( trim( $domain ) );
+        if ( empty( $domain ) ) {
+            continue;
+        }
+        // Match referrer URLs containing this domain (e.g. https://ghost-rider.site/anything or https://sub.ghost-rider.site/...)
+        $like_pattern = '%://' . $wpdb->esc_like( $domain ) . '%';
+        $like_pattern_sub = '%://%.'. $wpdb->esc_like( $domain ) . '%';
+        // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Custom table with prepared LIKE patterns
+        $result = $wpdb->query( $wpdb->prepare(
+            "UPDATE {$table} SET referrer = NULL WHERE referrer IS NOT NULL AND (referrer LIKE %s OR referrer LIKE %s)",
+            $like_pattern,
+            $like_pattern_sub
+        ) );
+        // phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+        if ( $result !== false ) {
+            $cleaned += $result;
+        }
+    }
+    return $cleaned;
+}
+/**
+ * Get daily breakdown of all analytics data for a date range.
+ *
+ * Returns per-day snapshots suitable for permanent storage by the Hub.
+ * Runs a small number of GROUP BY DATE queries (not per-day loops) for efficiency.
+ *
+ * @param string $start_date Start date (Y-m-d)
+ * @param string $end_date   End date (Y-m-d)
+ * @return array Keyed by date (Y-m-d), each containing all data types
+ */
+function sfran_get_daily_breakdown( $start_date, $end_date ) {
+    global $wpdb;
+    $start_date = sanitize_text_field( $start_date );
+    $end_date   = sanitize_text_field( $end_date );
+    $table      = $wpdb->prefix . 'sfran_analytics';
+    $start_dt   = $start_date . ' 00:00:00';
+    $end_dt     = $end_date . ' 23:59:59';
+    $days         = [];
+    $all_post_ids = [];
+    // 1. Summary per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter -- Custom table
+    $summary_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT
+            DATE(viewed_at) AS date,
+            COUNT(*) AS views,
+            COUNT(DISTINCT visitor_hash) AS visitors,
+            COUNT(DISTINCT session_hash) AS sessions,
+            COUNT(CASE WHEN is_bot = 0 THEN 1 END) * 100.0 / GREATEST(COUNT(*), 1) AS human_percentage
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1
+        GROUP BY DATE(viewed_at)
+        ORDER BY date ASC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    foreach ( $summary_rows as $row ) {
+        $days[ $row->date ]['summary'] = [
+            'views'            => intval( $row->views ),
+            'visitors'         => intval( $row->visitors ),
+            'sessions'         => intval( $row->sessions ),
+            'human_percentage' => round( floatval( $row->human_percentage ), 1 ),
+        ];
+    }
+    // 2. Top content per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $content_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT DATE(viewed_at) AS date, post_id, COUNT(*) AS views, COUNT(DISTINCT visitor_hash) AS visitors
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1
+        GROUP BY DATE(viewed_at), post_id
+        ORDER BY date ASC, views DESC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    $content_by_date = [];
+    foreach ( $content_rows as $row ) {
+        $all_post_ids[]                   = intval( $row->post_id );
+        $content_by_date[ $row->date ][] = [
+            'post_id'  => intval( $row->post_id ),
+            'views'    => intval( $row->views ),
+            'visitors' => intval( $row->visitors ),
+        ];
+    }
+    foreach ( $content_by_date as $date => $items ) {
+        $days[ $date ]['top_content'] = array_slice( $items, 0, 20 );
+    }
+    // 3. Traffic sources per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $sources_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT DATE(viewed_at) AS date, COALESCE(NULLIF(referrer, ''), 'Direct') AS referrer, COUNT(*) AS visits, COUNT(DISTINCT visitor_hash) AS visitors
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1
+        GROUP BY DATE(viewed_at), referrer
+        ORDER BY date ASC, visits DESC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    $sources_by_date = [];
+    foreach ( $sources_rows as $row ) {
+        $sources_by_date[ $row->date ][] = [
+            'referrer' => $row->referrer,
+            'visits'   => intval( $row->visits ),
+            'visitors' => intval( $row->visitors ),
+        ];
+    }
+    foreach ( $sources_by_date as $date => $items ) {
+        $days[ $date ]['traffic_sources'] = array_slice( $items, 0, 50 );
+    }
+    // 4. Entry pages per day (column may not exist on older versions)
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $entry_col_exists = $wpdb->get_results( $wpdb->prepare( "SHOW COLUMNS FROM {$table} LIKE %s", 'is_entry' ) );
+    // phpcs:enable
+    if ( ! empty( $entry_col_exists ) ) {
+        // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+        $entry_rows = $wpdb->get_results( $wpdb->prepare(
+            "SELECT DATE(viewed_at) AS date, post_id, COUNT(*) AS entries, COUNT(DISTINCT visitor_hash) AS visitors
+            FROM {$table}
+            WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1 AND is_entry = 1
+            GROUP BY DATE(viewed_at), post_id
+            ORDER BY date ASC, entries DESC",
+            $start_dt,
+            $end_dt
+        ) );
+        // phpcs:enable
+        $entry_by_date = [];
+        foreach ( $entry_rows as $row ) {
+            $all_post_ids[]                 = intval( $row->post_id );
+            $entry_by_date[ $row->date ][] = [
+                'post_id'  => intval( $row->post_id ),
+                'entries'  => intval( $row->entries ),
+                'visitors' => intval( $row->visitors ),
+            ];
+        }
+        foreach ( $entry_by_date as $date => $items ) {
+            $days[ $date ]['entry_pages'] = array_slice( $items, 0, 20 );
+        }
+    }
+    // 5. Exit pages per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $exit_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT DATE(viewed_at) AS date, post_id, COUNT(*) AS exits, COUNT(DISTINCT visitor_hash) AS visitors
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1 AND is_exit = 1
+        GROUP BY DATE(viewed_at), post_id
+        ORDER BY date ASC, exits DESC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    $exit_by_date = [];
+    foreach ( $exit_rows as $row ) {
+        $all_post_ids[]                = intval( $row->post_id );
+        $exit_by_date[ $row->date ][] = [
+            'post_id'  => intval( $row->post_id ),
+            'exits'    => intval( $row->exits ),
+            'visitors' => intval( $row->visitors ),
+        ];
+    }
+    foreach ( $exit_by_date as $date => $items ) {
+        $days[ $date ]['exit_pages'] = array_slice( $items, 0, 20 );
+    }
+    // 6. Devices per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $device_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT DATE(viewed_at) AS date, device_type, COUNT(*) AS views, COUNT(DISTINCT visitor_hash) AS visitors
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1
+        GROUP BY DATE(viewed_at), device_type
+        ORDER BY date ASC, views DESC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    foreach ( $device_rows as $row ) {
+        $days[ $row->date ]['devices'][] = [
+            'device_type' => $row->device_type,
+            'views'       => intval( $row->views ),
+            'visitors'    => intval( $row->visitors ),
+        ];
+    }
+    // 7. Browsers per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $browser_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT DATE(viewed_at) AS date, COALESCE(NULLIF(browser, ''), 'Unknown') AS browser,
+            COUNT(*) AS views, COUNT(DISTINCT visitor_hash) AS visitors
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1
+        GROUP BY DATE(viewed_at), COALESCE(NULLIF(browser, ''), 'Unknown')
+        ORDER BY date ASC, views DESC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    $browsers_by_date = [];
+    foreach ( $browser_rows as $row ) {
+        $browsers_by_date[ $row->date ][] = [
+            'browser'  => $row->browser,
+            'views'    => intval( $row->views ),
+            'visitors' => intval( $row->visitors ),
+        ];
+    }
+    foreach ( $browsers_by_date as $date => $items ) {
+        $days[ $date ]['browsers'] = array_slice( $items, 0, 20 );
+    }
+    // 8. OS per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $os_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT DATE(viewed_at) AS date, COALESCE(NULLIF(os, ''), 'Unknown') AS os,
+            COUNT(*) AS views, COUNT(DISTINCT visitor_hash) AS visitors
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1
+        GROUP BY DATE(viewed_at), COALESCE(NULLIF(os, ''), 'Unknown')
+        ORDER BY date ASC, views DESC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    $os_by_date = [];
+    foreach ( $os_rows as $row ) {
+        $os_by_date[ $row->date ][] = [
+            'os'       => $row->os,
+            'views'    => intval( $row->views ),
+            'visitors' => intval( $row->visitors ),
+        ];
+    }
+    foreach ( $os_by_date as $date => $items ) {
+        $days[ $date ]['os'] = array_slice( $items, 0, 20 );
+    }
+    // 9. Geographic per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $geo_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT DATE(viewed_at) AS date, COALESCE(NULLIF(country_code, ''), 'Unknown') AS country_code,
+            COUNT(*) AS views, COUNT(DISTINCT visitor_hash) AS visitors
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1
+        GROUP BY DATE(viewed_at), COALESCE(NULLIF(country_code, ''), 'Unknown')
+        ORDER BY date ASC, views DESC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    $geo_by_date = [];
+    foreach ( $geo_rows as $row ) {
+        $geo_by_date[ $row->date ][] = [
+            'country_code' => $row->country_code,
+            'views'        => intval( $row->views ),
+            'visitors'     => intval( $row->visitors ),
+        ];
+    }
+    foreach ( $geo_by_date as $date => $items ) {
+        $days[ $date ]['geographic'] = array_slice( $items, 0, 30 );
+    }
+    // 10. Campaigns per day
+    // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,PluginCheck.Security.DirectDB.UnescapedDBParameter
+    $campaign_rows = $wpdb->get_results( $wpdb->prepare(
+        "SELECT DATE(viewed_at) AS date, utm_campaign,
+            COUNT(*) AS views, COUNT(DISTINCT visitor_hash) AS visitors, COUNT(DISTINCT session_hash) AS sessions
+        FROM {$table}
+        WHERE viewed_at BETWEEN %s AND %s AND is_verified = 1
+            AND utm_campaign IS NOT NULL AND utm_campaign != ''
+        GROUP BY DATE(viewed_at), utm_campaign
+        ORDER BY date ASC, views DESC",
+        $start_dt,
+        $end_dt
+    ) );
+    // phpcs:enable
+    $campaign_by_date = [];
+    foreach ( $campaign_rows as $row ) {
+        $campaign_by_date[ $row->date ][] = [
+            'campaign' => $row->utm_campaign,
+            'views'    => intval( $row->views ),
+            'visitors' => intval( $row->visitors ),
+            'sessions' => intval( $row->sessions ),
+        ];
+    }
+    foreach ( $campaign_by_date as $date => $items ) {
+        $days[ $date ]['campaigns'] = array_slice( $items, 0, 20 );
+    }
+    // Batch lookup post titles and URLs
+    $all_post_ids = array_unique( $all_post_ids );
+    $post_map     = [];
+    foreach ( $all_post_ids as $pid ) {
+        $post             = get_post( $pid );
+        $post_map[ $pid ] = [
+            'title' => $post ? $post->post_title : __( '(Deleted Post)', 'sfr-analytics' ),
+            'url'   => get_permalink( $pid ),
+        ];
+    }
+    // Compute referrers (domain-level) per day from traffic_sources
+    $site_host = wp_parse_url( home_url(), PHP_URL_HOST );
+    if ( $site_host && strpos( $site_host, 'www.' ) === 0 ) {
+        $site_host = substr( $site_host, 4 );
+    }
+    $custom_domains  = get_option( 'sfran_custom_spam_referrers', [] );
+    $builtin_domains = function_exists( 'sfran_get_builtin_spam_referrers' ) ? sfran_get_builtin_spam_referrers() : [];
+    $excluded        = array_merge( $builtin_domains, is_array( $custom_domains ) ? $custom_domains : [] );
+    // Enrich and finalise each day
+    foreach ( $days as $date => &$day_data ) {
+        // Enrich top_content with titles/urls
+        if ( ! empty( $day_data['top_content'] ) ) {
+            foreach ( $day_data['top_content'] as &$item ) {
+                $item['title'] = $post_map[ $item['post_id'] ]['title'] ?? __( '(Unknown)', 'sfr-analytics' );
+                $item['url']   = $post_map[ $item['post_id'] ]['url'] ?? '';
+            }
+            unset( $item );
+        }
+        if ( ! empty( $day_data['entry_pages'] ) ) {
+            foreach ( $day_data['entry_pages'] as &$item ) {
+                $item['title'] = $post_map[ $item['post_id'] ]['title'] ?? __( '(Unknown)', 'sfr-analytics' );
+                $item['url']   = $post_map[ $item['post_id'] ]['url'] ?? '';
+            }
+            unset( $item );
+        }
+        if ( ! empty( $day_data['exit_pages'] ) ) {
+            foreach ( $day_data['exit_pages'] as &$item ) {
+                $item['title'] = $post_map[ $item['post_id'] ]['title'] ?? __( '(Unknown)', 'sfr-analytics' );
+                $item['url']   = $post_map[ $item['post_id'] ]['url'] ?? '';
+            }
+            unset( $item );
+        }
+        // Build referrers (domain-level) from traffic_sources
+        $domain_map          = [];
+        $total_referrer_views = 0;
+        foreach ( $day_data['traffic_sources'] ?? [] as $src ) {
+            $parsed = wp_parse_url( $src['referrer'] );
+            $host   = isset( $parsed['host'] ) ? strtolower( $parsed['host'] ) : '';
+            if ( strpos( $host, 'www.' ) === 0 ) {
+                $host = substr( $host, 4 );
+            }
+            if ( empty( $host ) || $host === $site_host ) {
+                continue;
+            }
+            // Skip spam domains
+            $is_spam = false;
+            foreach ( $excluded as $spam ) {
+                if ( $host === $spam || substr( $host, -( strlen( $spam ) + 1 ) ) === '.' . $spam ) {
+                    $is_spam = true;
+                    break;
+                }
+            }
+            if ( $is_spam ) {
+                continue;
+            }
+            if ( ! isset( $domain_map[ $host ] ) ) {
+                $domain_map[ $host ] = [ 'domain' => $host, 'views' => 0, 'visitors' => 0 ];
+            }
+            $domain_map[ $host ]['views']    += $src['visits'];
+            $domain_map[ $host ]['visitors'] += $src['visitors'];
+            $total_referrer_views            += $src['visits'];
+        }
+        foreach ( $domain_map as &$ref ) {
+            $ref['percentage'] = $total_referrer_views > 0 ? round( ( $ref['views'] / $total_referrer_views ) * 100, 1 ) : 0;
+        }
+        unset( $ref );
+        usort( $domain_map, function ( $a, $b ) {
+            return $b['views'] - $a['views'];
+        } );
+        $day_data['referrers'] = array_slice( array_values( $domain_map ), 0, 30 );
+        // Ensure defaults for all data types
+        $day_data = array_merge( [
+            'summary'         => [ 'views' => 0, 'visitors' => 0, 'sessions' => 0, 'human_percentage' => 0 ],
+            'top_content'     => [],
+            'traffic_sources' => [],
+            'referrers'       => [],
+            'entry_pages'     => [],
+            'exit_pages'      => [],
+            'devices'         => [],
+            'browsers'        => [],
+            'os'              => [],
+            'geographic'      => [],
+            'campaigns'       => [],
+        ], $day_data );
+    }
+    unset( $day_data );
+    return $days;
+}
+/**
+ * Convert a 2-letter ISO country code to a flag emoji.
+ *
+ * Each letter is offset to the Regional Indicator Symbol range (U+1F1E6).
+ *
+ * @param string $code 2-letter ISO 3166-1 alpha-2 code (e.g. 'GB', 'US')
+ * @return string Flag emoji, or empty string for unknown/invalid codes
+ */
+function sfran_country_flag_emoji( $code ) {
+    $code = strtoupper( trim( $code ) );
+    if ( strlen( $code ) !== 2 || 'UNKNOWN' === strtoupper( $code ) ) {
+        return '';
+    }
+    $first  = mb_chr( 0x1F1E6 + ord( $code[0] ) - ord( 'A' ) );
+    $second = mb_chr( 0x1F1E6 + ord( $code[1] ) - ord( 'A' ) );
+    return $first . $second;
+}
+/**
+ * Get a human-readable country name from a 2-letter ISO code.
+ *
+ * @param string $code 2-letter ISO 3166-1 alpha-2 code
+ * @return string Country name, or the code itself if not found
+ */
+function sfran_country_name( $code ) {
+    static $names = null;
+    if ( null === $names ) {
+        $names = [
+            'AD' => 'Andorra', 'AE' => 'United Arab Emirates', 'AF' => 'Afghanistan', 'AG' => 'Antigua and Barbuda', 'AL' => 'Albania',
+            'AM' => 'Armenia', 'AO' => 'Angola', 'AR' => 'Argentina', 'AT' => 'Austria', 'AU' => 'Australia',
+            'AZ' => 'Azerbaijan', 'BA' => 'Bosnia and Herzegovina', 'BB' => 'Barbados', 'BD' => 'Bangladesh', 'BE' => 'Belgium',
+            'BF' => 'Burkina Faso', 'BG' => 'Bulgaria', 'BH' => 'Bahrain', 'BI' => 'Burundi', 'BJ' => 'Benin',
+            'BN' => 'Brunei', 'BO' => 'Bolivia', 'BR' => 'Brazil', 'BS' => 'Bahamas', 'BT' => 'Bhutan',
+            'BW' => 'Botswana', 'BY' => 'Belarus', 'BZ' => 'Belize', 'CA' => 'Canada', 'CD' => 'DR Congo',
+            'CF' => 'Central African Republic', 'CG' => 'Congo', 'CH' => 'Switzerland', 'CI' => 'Ivory Coast', 'CL' => 'Chile',
+            'CM' => 'Cameroon', 'CN' => 'China', 'CO' => 'Colombia', 'CR' => 'Costa Rica', 'CU' => 'Cuba',
+            'CY' => 'Cyprus', 'CZ' => 'Czech Republic', 'DE' => 'Germany', 'DJ' => 'Djibouti', 'DK' => 'Denmark',
+            'DM' => 'Dominica', 'DO' => 'Dominican Republic', 'DZ' => 'Algeria', 'EC' => 'Ecuador', 'EE' => 'Estonia',
+            'EG' => 'Egypt', 'ES' => 'Spain', 'ET' => 'Ethiopia', 'FI' => 'Finland', 'FJ' => 'Fiji',
+            'FR' => 'France', 'GA' => 'Gabon', 'GB' => 'United Kingdom', 'GE' => 'Georgia', 'GH' => 'Ghana',
+            'GR' => 'Greece', 'GT' => 'Guatemala', 'GN' => 'Guinea', 'GY' => 'Guyana', 'HK' => 'Hong Kong',
+            'HN' => 'Honduras', 'HR' => 'Croatia', 'HT' => 'Haiti', 'HU' => 'Hungary', 'ID' => 'Indonesia',
+            'IE' => 'Ireland', 'IL' => 'Israel', 'IN' => 'India', 'IQ' => 'Iraq', 'IR' => 'Iran',
+            'IS' => 'Iceland', 'IT' => 'Italy', 'JM' => 'Jamaica', 'JO' => 'Jordan', 'JP' => 'Japan',
+            'KE' => 'Kenya', 'KG' => 'Kyrgyzstan', 'KH' => 'Cambodia', 'KR' => 'South Korea', 'KW' => 'Kuwait',
+            'KZ' => 'Kazakhstan', 'LA' => 'Laos', 'LB' => 'Lebanon', 'LK' => 'Sri Lanka', 'LR' => 'Liberia',
+            'LT' => 'Lithuania', 'LU' => 'Luxembourg', 'LV' => 'Latvia', 'LY' => 'Libya', 'MA' => 'Morocco',
+            'MD' => 'Moldova', 'ME' => 'Montenegro', 'MG' => 'Madagascar', 'MK' => 'North Macedonia', 'ML' => 'Mali',
+            'MM' => 'Myanmar', 'MN' => 'Mongolia', 'MX' => 'Mexico', 'MY' => 'Malaysia', 'MZ' => 'Mozambique',
+            'NA' => 'Namibia', 'NE' => 'Niger', 'NG' => 'Nigeria', 'NI' => 'Nicaragua', 'NL' => 'Netherlands',
+            'NO' => 'Norway', 'NP' => 'Nepal', 'NZ' => 'New Zealand', 'OM' => 'Oman', 'PA' => 'Panama',
+            'PE' => 'Peru', 'PG' => 'Papua New Guinea', 'PH' => 'Philippines', 'PK' => 'Pakistan', 'PL' => 'Poland',
+            'PR' => 'Puerto Rico', 'PS' => 'Palestine', 'PT' => 'Portugal', 'PY' => 'Paraguay', 'QA' => 'Qatar',
+            'RO' => 'Romania', 'RS' => 'Serbia', 'RU' => 'Russia', 'RW' => 'Rwanda', 'SA' => 'Saudi Arabia',
+            'SD' => 'Sudan', 'SE' => 'Sweden', 'SG' => 'Singapore', 'SI' => 'Slovenia', 'SK' => 'Slovakia',
+            'SL' => 'Sierra Leone', 'SN' => 'Senegal', 'SO' => 'Somalia', 'SS' => 'South Sudan', 'SV' => 'El Salvador',
+            'SY' => 'Syria', 'TG' => 'Togo', 'TH' => 'Thailand', 'TJ' => 'Tajikistan', 'TM' => 'Turkmenistan',
+            'TN' => 'Tunisia', 'TR' => 'Turkey', 'TT' => 'Trinidad and Tobago', 'TW' => 'Taiwan', 'TZ' => 'Tanzania',
+            'UA' => 'Ukraine', 'UG' => 'Uganda', 'US' => 'United States', 'UY' => 'Uruguay', 'UZ' => 'Uzbekistan',
+            'VE' => 'Venezuela', 'VN' => 'Vietnam', 'YE' => 'Yemen', 'ZA' => 'South Africa', 'ZM' => 'Zambia',
+            'ZW' => 'Zimbabwe',
+        ];
+    }
+    $code = strtoupper( trim( $code ) );
+    return isset( $names[ $code ] ) ? $names[ $code ] : $code;
+}
+/**
+ * Get a dashicon class for a traffic source type.
+ *
+ * @param string $type Traffic source type (Direct, Search Engines, Social Media, Referral Sites, Email, Campaign)
+ * @return string Dashicon CSS class
+ */
+function sfran_traffic_source_icon( $type ) {
+    $map = [
+        'Direct'         => 'dashicons-admin-home',
+        'Search Engines' => 'dashicons-search',
+        'Social Media'   => 'dashicons-share',
+        'Referral Sites' => 'dashicons-admin-links',
+        'Email'          => 'dashicons-email-alt',
+        'Campaign'       => 'dashicons-megaphone',
+    ];
+    return isset( $map[ $type ] ) ? $map[ $type ] : 'dashicons-admin-site-alt3';
+}

sfr-analytics/trunk/readme.txt

-                      r3463796
+                      r3463996
 Requires at least: 6.0
 Tested up to: 6.9
 Stable tag: 0.5.0
+Stable tag: 0.6.0
 Requires PHP: 7.4
 License: GPLv2 or later
 …
 == Changelog ==
+= 0.6.0 =
+* Added referral spam filtering — built-in blocklist of 30+ known ghost referrer domains, auto-cleanup on upgrade
+* Added manual referrer domain blocking via Settings with one-click add/remove
+* Added IP address tracking with anonymisation support (respects existing anonymize-IP setting)
+* Added IP address column to database schema with automatic migration
+* Added self-referral filtering — own domain no longer appears in Top Referring Sites
+* Added "Last 24 Hours" date preset button on the dashboard
+* Added country flag emoji and full country names in the Geographic Distribution table
+* Added icons for traffic source types (Direct, Search Engines, Social Media, Referral Sites)
+* Added recognisable icons for popular referring domains (Google, Facebook, Twitter/X, YouTube, LinkedIn, Reddit, Pinterest, Bing, etc.)
+* Added REST API `/bulk` endpoint — returns all data types in a single request
+* Added REST API `/daily` endpoint — returns per-day snapshots for external integrations
+* Added human traffic percentage to summary stats API response
+* Improved referral percentage display to 1 decimal place
+* Improved Top Referring Sites description text
 = 0.5.0 =
 * Improved page picker filtering for UTM Link Builder — excludes password-protected pages, functional pages, and non-content post types

sfr-analytics/trunk/sfr-analytics.php

-                      r3463796
+                      r3463996
  * Plugin URI:        https://supportfromrichard.co.uk/sfr-analytics/
  * Description:       Lightweight WordPress analytics tracking plugin that stores data locally on your site.
  * Version:           0.5.0
+ * Version:           0.6.0
  * Author:            Support From Richard
  * Author URI:        https://supportfromrichard.co.uk
 …
 // Define plugin constants
 if (!defined('SFRAN_VERSION')) {
     define('SFRAN_VERSION', '0.5.0');
+    define('SFRAN_VERSION', '0.6.0');
+}
 …
     SFRAN_Admin::init();
     SFRAN_Assets::init();
+    // Run spam cleanup on upgrade (plugin updates don't trigger activation hook)
+    sfran_maybe_run_spam_cleanup();
+}
 add_action('plugins_loaded', 'sfran_init');
+/**
+ * Run built-in spam referrer cleanup if not yet done for the current version.
+ *
+ * Tracked via the sfran_spam_cleanup_version option so it only runs once
+ * per plugin version that updates the built-in list.
+ */
+function sfran_maybe_run_spam_cleanup() {
+    $cleanup_version = get_option('sfran_spam_cleanup_version', '');
+    if ($cleanup_version !== SFRAN_VERSION) {
+        $builtin = sfran_get_builtin_spam_referrers();
+        sfran_cleanup_referrer_spam($builtin);
+        update_option('sfran_spam_cleanup_version', SFRAN_VERSION);
+    }
+}
 /**
 …
     add_option('sfran_exclude_ips', []);
     add_option('sfran_exclude_countries', []);
+    add_option('sfran_exclude_referrers', []);
     add_option('sfran_session_timeout', 1800); // 30 minutes
     add_option('sfran_anonymize_ip', false);
     add_option('sfran_respect_dnt', true);
+    // Run built-in spam referrer cleanup on activation
+    sfran_maybe_run_spam_cleanup();
     // Schedule buffer processing

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory