extreme differences with google analytics. I might understand a few missed users, but g-analytics gives me 37 for yesterday, while wp-stats gives 158 users. Page views for g-analytics 52 ,and for wp-stats 429. please help - https://pornhy.com

Output

<!-- Analytics by WP-Statistics v1.1.1 - https://wp-statistics.com/ -->

https://github.com/AliasIO/Wappalyzer

To show bold feature after many changes in the plugin, it's better we have a custom dashboard.
http://www.wpexplorer.com/how-to-wordpress-custom-dashboard/

Check the issue on:
https://wordpress.org/support/topic/hit-statistics-values-keep-changing-depending-on-date-range/

We need this option in the plugin for show visits in the posts/pages like WP-PostViews

The link of the reffering site is relative:
www.mysite.com/wp-admin/www.google.com

It should be absolute, as it appears in filtered results:
https://www.google.com

https://3v4l.org/Apf12

Counting non-changing collections in each iteration of a loop is not the fastest and best solution.

We should cache the value in a separate variable like in the example.

Should be used on both sides.
cc @DediData

For example:

[wpstatistics stat=referrer time=today top=10]

cc @dedi-data

When I use wp-super-cache and enable html cache, wp-statistics won't count again.
Can it support a ajax way to statistics？

Related Posts is a feature of Jetpack, which will send an ajax to get related posts of current post.

Their ajax request to the API will be count as hits incorrectly.

Please add an option to exclude it.

API Url: http://example.com/2018/01/my-post/?relatedposts=1

Describe the bug
PHP.Generic.BadPattern.5
This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.

file: Middleware.php

232
return function ($request, array $options) use ($handler, $fn) {
233
return $handler($fn($request), $options);
234
};

the hightlighted code was flagged by VaultPress and a security threat by allowing potential remote shell execution.

Hi,
I just wanted to inform you about an annoying bug in your awesome wp-statistics add-on which has not fixed in your recent updates. It seems you have missed a ":" in hyperlinks of (last visitors) and (last searched keywords) which makes the hyperlink unreadable for the web browser (something like "https//www.google.com"). Please see the attached image. I'm not sure if this bug is on other parts of your code too or not.

Kind regards,
Saeed

This is a really wonderful plugin, except for the fact that it uses an interpolated line chart to show discretized statistics.

From a visualization standpoint, this makes no sense. We are looking at discretized (daily, weekly, monthly) data, drawing smooth curves from point to point adds no value whatsoever.

Please consider adding a bar chart option to view all time-based stats.

For hits use a grouped bar chart (visits, hits) and for search engine referrals use a stacked bar chart.

To re-iterate: Line charts are not the right chart type for this type of data, bar charts are.

(If you made this a paid add-on, I would buy it in a flash, and my eyes would be grateful.)

The stats panels are collapsable but the indicator arrow is missing.

The WordPress core dashboard panels have the following code pattern:

<button type="button" class="handlediv" aria-expanded="true">
    <span class="screen-reader-text">Toggle panel: Summary</span>
    <span class="toggle-indicator" aria-hidden="true"></span>
</button>
<h2 class='hndle'><span>Summary</span></h2>

Instead, the plugin have only:

<div class="handlediv" title="Click to toggle"><br/></div>
<h3 class="hndle"><span>Browsers</span></h3>

Suggested code pattern:

<button class="handlediv" type="button" title="<?php printf( __( 'Toggle panel: %s', 'wp_statistics' ), __( 'Hits Statistics Chart', 'wp_statistics' ) ); ?>">
    <span class="screen-reader-text"><?php printf( __( 'Toggle panel: %s', 'wp_statistics' ), __( 'Hits Statistics Chart', 'wp_statistics' ) ); ?></span>
    <span class="toggle-indicator" aria-hidden="true"></span>
</button>
<h2 class="hndle"><span><?php _e( 'Hits Statistics Chart', 'wp_statistics' ); ?></span></h2>

These changes are according to WP core and add the following:

• screen reader text
• toggle indicator arrow
• key navigation
• UI and Translation strings consistent with core

Duplicate entry '2018-02-24-/mysiteurl/?gclid=E' for key 'date_2' INSERT INTO wp_statistics_pages (uri, date, count, id) VALUES ('/mysiteurl/?gclid=EAIaIQpbChMIj8v_lqW-2QIVjpztCh0-0QhVEAEYASAAEgJdz_D_BwE', '2018-02-24', 1, '14') Comming from require('wp-blog-header.php'), wp, WP->main, do_action_ref_array, WP_Hook->do_action, WP_Hook->apply_filters, WP_Statistics_Frontend::init, WP_Statistics_Hits->Pages

i used google adwords sign for url attribute.

Describe the bug

Vaultpress is reporting a potential security threat in guzzlehttp plugin.

Generic.Hidden.Code.2
This file contains suspicious hidden code, and should be checked for recent changes, or malicious code. Often hackers try to hide their hack attempts by obfuscating their attack code, to make it harder to detect. VaultPress has detected a string of suspicious characters in this file. Please check your backup history for recent changes to this file, or contact a Safekeeper if you are unsure.

file: SetCookie.php

if (preg_match(
380
'/[\x00-\x20\x22\x28-\x29\x2c\x2f\x3a-\x40\x5c\x7b\x7d\x7f]/',
381
$name)

the scanner is flagging the highlighted text as a potential security threat

Hi, I've set up wp statistics 12.3.1 on latest wp, but it shows "PHP IPv6 Enabled: No", and my client IP turns 127.0.0.1.
I'm sure my IPv6 support is enable in my PHP 7.0.25, you can check here to find my configurations.
What's wrong with it? Or what can I do to fix it?

Wordpress installation on CentOS 6.9 is failing to start after plugin updates.

[Wed Aug 30 22:19:14 2017] [error] [client 202.46.54.24] PHP Parse error: syntax error, unexpected '[' in /var/www/html/wp/wp-content/plugins/wp-statistics/wp-statistics.php on line 707

The issue is that on that line there is statement:

$plugins = [];

which is fine on PHP 5.4 and after, but CentOS 6 has PHP 5.3.
Working syntax is:

$plugins = array();

Please keep the trailing edge alive too.

Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips

It's better to use a library for parse user-agent and detect bots Instead Browscap & PHP User Agent Parser

Suggest libraries:

• Parser-PHP
• Crawler-Detect

@DediData

rand is not a CSPRNG, just random_bytes

There is a problem when the PHP version is 5.4. Because doesn't support this syntax for the namespace.

<?php
namespace {

}

WP support link:
https://wordpress.org/support/topic/unexpected-after-upgrade-to-12-2-1/

It's better to remove.

Should be improved.

Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 88 bytes) in /home/wp-content/plugins/wp-statistics/includes/vendor/browscap/browscap-php/src/phpbrowscap/Browscap.php on line 1007

CC @dedi-data

I've tried to translate widget to Bosnian ( Serbian) language, but without success. There wasn't strings form widget.php in .po file. Can you help me please.

P.S. I've downloaded .po from https://translate.wordpress.org/projects/wp-plugins/wp-statistics

When using Visual Composer's frontend is basically not usable when WP Statistics plugin is active. The issue is the same with any colorpicker field - it might be in some other places as well - just color picker issue is the easiest to notice.
Issue disappeared when WP Statistics plugin was disabled.

I noticed this issue in version 12.3.6.1.

To Reproduce
Steps to reproduce the behavior:

1. Install and activate Statistics
2. Try to edit a page with Visual Composer
3. Add any element on the page
4. While editing that element go to Design options tab
5. See colorpicker state (attached)
6. Also cannot save any change.
7. Following error found in the console log:

Uncaught TypeError: (intermediate value).setHSpace is not a function
    at a.(/wp-admin/anonymous function).(anonymous function)._create (http://test.local/wp-admin/js/iris.min.js?ver=1.0.7:4:7910)
    at a.(/wp-admin/anonymous function).(anonymous function)._create (http://test.local/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-position,underscore,backbone,wp-util,moxiejs,plupload,jquery-ui-core&load%5B%5D=,jquery-ui-mouse,jquery-ui-sortable&ver=4.9.6:21:1032)
    at a.(/wp-admin/anonymous function).(anonymous function).a (http://test.local/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-position,underscore,backbone,wp-util,moxiejs,plupload,jquery-ui-core&load%5B%5D=,jquery-ui-mouse,jquery-ui-sortable&ver=4.9.6:21:857)
    at a.(/wp-admin/anonymous function).(anonymous function)._create (http://test.local/wp-content/themes/publisher/includes/libs/better-framework/assets/js/admin-plugins.js?ver=3.5.1:108:4143)
    at a.(/wp-admin/anonymous function).(anonymous function)._create (http://test.local/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-position,underscore,backbone,wp-util,moxiejs,plupload,jquery-ui-core&load%5B%5D=,jquery-ui-mouse,jquery-ui-sortable&ver=4.9.6:21:1032)
    at a.(/wp-admin/anonymous function).(anonymous function)._createWidget (http://test.local/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-position,underscore,backbone,wp-util,moxiejs,plupload,jquery-ui-core&load%5B%5D=,jquery-ui-mouse,jquery-ui-sortable&ver=4.9.6:21:3093)
    at new a.(/wp-admin/anonymous function).(anonymous function) (http://test.local/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-position,underscore,backbone,wp-util,moxiejs,plupload,jquery-ui-core&load%5B%5D=,jquery-ui-mouse,jquery-ui-sortable&ver=4.9.6:21:593)
    at HTMLInputElement.<anonymous> (load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-position,underscore,backbone,wp-util,moxiejs,plupload,jquery-ui-core&load[]=,jquery-ui-mouse,jquery-ui-sortable&ver=4.9.6:21)
    at Function.each (load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-position,underscore,backbone,wp-util,moxiejs,plupload,jquery-ui-core&load[]=,jquery-ui-mouse,jquery-ui-sortable&ver=4.9.6:2)
    at a.fn.init.each (load-scripts.php?c=1&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-position,underscore,backbone,wp-util,moxiejs,plupload,jquery-ui-core&load[]=,jquery-ui-mouse,jquery-ui-sortable&ver=4.9.6:2)

Screenshots

Desktop (please complete the following information):

• OS: Win 10
• Browser: Chrome (v66.0.3359.181), Firefox (v52.5.0 (ESR - 64-bit))

Hi. My problem:

No any related words for my site

Add an option to prefer REMOTE_ADDR over X FORWARD
https://wordpress.org/support/topic/only-local-ip-is-recorded/
https://wordpress.org/support/topic/bluehost-ip-always/

We should be adding a conditional for check the memory limit to skip below error:

Fatal Error: Allowed Memory Size

Any idea? @DediData

The file /includes/classes/pagination.class.php didn't use in codes,
Should we remove that?
Or it includes somehow else?

Superglobal variables should replace

Only REMOTE_ADDR is safe against changes by users.
The others can be easily spoofed.

Should be using esc_url for cleaning urls on the bellow functions:

wp_statistics_date_range_selector

The check_php_compatibility() method should be check in the Front-end & Admin and skip to running next process. e.g. Admin menu...

CC @DediData

At the moment we've got a way to allow users to "opt-out" (398), according to the standard Text this is supposed to affect "any future tracking".

As far as I can see the Cookie however only hashes the users IP but doesn't prevent any other information to be recorded - right? So the plugin is still tracking the user, just not recording the unhashed IP (which results in no change if hashing is enabled globally). Shouldn't at least things like Referrer, User-Agent, etc also be stripped if a no-track-cookie is present?

Add shortcodes Buttons
to add shortcodes in editor

https://wp-statistics.com/2017/05/26/shortcodes/

Current situation:
Datepicker default date format is "m/d/Y", the last day of the last year would be displayed: 12/31/2017
here is a example with of last year displayed correct:

The problem:
We are using this custom date format "F j, Y", the last day of the last year would be displayed; Dezember 31, 2018
As soon as the date is picked with the datepicker calender, the default format will be overriden with our custom format and looks like in this screenshot:

When I send the request for the "wrong" date above this response will appear.

Looks like the the parameter will be transformed to our (german) format and can't be processed.

I hope my explantation can help,

The current IP anonymization feature is not really secure or anonymous.

sha1 is already broken / insecure and not recommended at all.

To be GDPR compliant IPs have to be shortened (last bytes are zeroed, IPv4 and IPv6).

I know that wp-statistics aims at being a very privacy oriented analytics tool and I suppose this is a big selling point for most of its users. It would therefore be great if issues related to privacy were better documented. I couldn't find any page in the documentation that summarizes precisely which data is up-/downloaded by the plugin to/from which services and whether any settings (apart from the hashing of ip addresses) have any privacy implications.

From skim reading the code and the discussions on the forum, I get the impression that wp-statistics does a great job in terms of privacy. Then why not brag about it on a documentation page? :-)

As an example: I asked myself (and still do not understand this fully) what the consequences of activating or disabling search engines in the settings are and why one is not allowed to disable all search engines. If this setting really just controls which search engines are displayed in the chart, then why is one not allowed to disabled all of them? Also it would be interesting to have information on where and how the plugin stores information, in which format and how this can be accessed by other plugins in a central place. Please consider explaining such things better. Thank you!

When I get the opt-out-message printed on my website, there is also printed a mystic number under that DIV element. The number seems to be something like an ID because it does only change depending on the requested url. See my screenshot from html code:

After the message was confirmed or denied, the number disappeared. Where does it come from or is this a bug? My research in the source code was not successful.

The GeoIP server sometimes blocked request to download the database. It's better we have an alternative server for download this database.

Suggestion server:
https://ps.w.org/wp-statistics/assets/

CC @DediData

Describe the bug
The "opt-out" banner is not displayed (in fact it is not even included in the html code). Neither on the mobile, nor on the desktop version. I am experiencing this problem with the OnePress theme but there are several other users reporting the same in the forum:
https://wordpress.org/support/topic/opt-out-message-not-displayed/
https://wordpress.org/support/topic/how-to-use-opt-out/
https://wordpress.org/support/topic/opt-out-dont-work/
https://wordpress.org/support/topic/wp-statistics-opt-out-not-working-on-mobile-devices/

To Reproduce
Steps to reproduce the behavior:

1. Install the plugin.
2. Activate the opt-out option in settings.
3. Observe that no opt-out bar is shown.

Expected behavior
The bar at the bottom of the screen is shown and user can opt-out of tracking.

Desktop (please complete the following information):

• OS: irrelevant as the html code is not even generated
• Browser: irrelevant as the html code is not even generated
• Version: 12.3.6.1 (the problem was introduced with this version as far as I can tell)

Smartphone (please complete the following information):

• Device: irrelevant as the html code is not even generated
• OS: irrelevant as the html code is not even generated
• Browser irrelevant as the html code is not even generated
• Version: 12.3.6.1 (the problem was introduced with this version as far as I can tell)

Additional context

• This is a critical issue as it can have legal repercussions for your users.
• In addition the opt-out should be an actual opt-out: #125

Describe the bug
The confirmation message for the Opt-out is not shown on internet explorer.
I've looked into the source code of the page and I cannot see 'div class="wp-statistics-opt-out"' at all.

To Reproduce

1. Activate Opt-out
2. Use Internet Explorer

Expected behavior
Seeing the Opt-out message.

Desktop:

• OS: Windows 10
• Browser Internet Explorer 11.165.17134.0
• Version 12.3.6.4

Additional context
This is serious because I'm pretty sure the GDPR law still applies even when you visit a website with Internet Explorer.

If I read your code correctly, %accept_url% will let the user opt-out of the tracking.
However, first time I read the default text

This website stores some user agent data. These data are used to provide a more personalized experience and to track your whereabouts around our website in compliance with the European General Data Protection Regulation. If you decide to opt-out of any future tracking, a cookie will be set up in your browser to remember this choice for one year. <a href="%accept_url%">I Agree</a>, <a href="%cancel_url%">Deny</a>

I assumed that agree would refer to being tracked. Especially since this is the way these "we will track you with cookies" overlays worked on the vast majority of pages before. Thus, I would either clarify (in front- and backend) which link does what and/or swap the meaning.