Opti-Behavior – Self-Hosted Heatmaps, Session Recording & Analytics (Hotjar Alternative)

Changelog

1.2.4.1 – 2026-04-03

• Fix: Resolve PHP 8.2 null deprecations + wpdb prepare mismatch

1.2.4 – 2026-04-03

• Fix: Resolved all WordPress Plugin Check errors and warnings (escape output, nonce verification, readme compliance)
• Fix: GDPR consent banner not displaying — admin-notices CSS/JS no longer hides plugin’s own ob-* elements
• Enhancement: Default auto-cleanup on fresh install (weekly, 90-day retention, bot/bounce session removal)
• Enhancement: Moved Pro trial offer above feature list on welcome page for better visibility
• Fix: Consent banner logic simplified — removed obsolete checkbox, uses Consent Banner Source radios only

1.2.3 – 2026-03-29

• Feature: Frontend Stats Bar — admin-only analytics overlay on every frontend page with 6 color themes and per-stat visibility settings
• Feature: Custom SMTP email configuration for scheduled reports with WP Mail fallback, and Cron Monitor for scheduled task health
• Enhancement: Full cache plugin compatibility (Autoptimize, LiteSpeed, WP Rocket, SG Optimizer) — nonce refresh, client-side cookie IDs, script tag protection, and visibilitychange flush
• Enhancement: Optimized live visitors query, esc_sql() hardening, admin submenu reorder, and PHPCS compliance fixes
• Fix: 10 Smart Data Cleanup bugs (recording file deletion, cascade orphans, scheduling), debug log download fatal error, and auto-cleanup via daily cron

1.2.2 – 2026-03-22

• Feature: Rich banner styles — info, warning, success, promo, custom with configurable colors, images, and CTA buttons
• Enhancement: Dismiss tracking stores timestamps for duration-based re-show logic with automatic migration from old format
• Fix: Self-referral bug — site’s own domain no longer appears as referrer in analytics, user journey, and form analytics views

1.2.1 – 2026-03-17

• Feature: Server-side proxy for heatmap iframe loading — bypasses CDN-level X-Frame-Options restrictions (e.g., Hostinger) that block iframe embedding
• Enhancement: Heatmap iframe now uses srcdoc with proxied HTML content, injecting <base href> for correct relative URL resolution
• Enhancement: Generic JS scan to detect and cap elements with inflated inline heights from unknown/custom slider frameworks
• Fix: Heatmap iframe blank/error on sites with CDN-level X-Frame-Options: deny (e.g., Hostinger-hosted sites)
• Fix: Server-side proxy added to both Free and Pro AJAX classes to prevent action not registered error when Pro overrides Free
• Fix: Removed broken CDN Lucide CSS (cdn.jsdelivr.net) from Pro detail page that caused MIME type error
• Security: Proxy endpoint restricted to same-site URLs only, with nonce verification and manage_options capability check

1.2.0 – 2026-03-11

• Feature: „Try Pro FREE for 6 Months” admin banner with trial countdown, dismiss, and expired state variants
• Feature: ipwho.is secondary geolocation API fallback when ip-api.com is rate-limited (free, HTTPS, no rate limit)
• Enhancement: License-aware trial banner visibility using Manifest Manager (hidden for valid Pro license, shown for expired trial)
• Enhancement: Geolocation fallback chain expanded: CloudFlare → Cache → ip-api.com → ipwho.is → Timezone → Browser Language
• Enhancement: Added ipwho.is to External Services disclosure, FAQ, and Privacy Policy sections in readme.txt
• Fix: Trial banner dismiss button now removes element from DOM instead of CSS hide (fixes specificity conflict with admin-notices.css)
• Fix: Trial banner no longer appears when Pro plugin is active with a valid license
• Fix: „Unknown” country in Real-time Visitors resolved for high-traffic sites exceeding ip-api.com 45 req/min rate limit
• Fix: Stable tag mismatch between readme.txt and main plugin file header
• Fix: Short description trimmed to 150-character WordPress.org maximum

1.1.1 – 2026-03-10

• Fix: PHP version compatibility check was comparing against non-existent PHP 7.6 instead of 7.4, preventing activation on PHP 7.4.x servers
• Enhancement: Added OptiUser API (api.optiuser.com) and OptiUser Website (optiuser.com) to External Services disclosure for WordPress.org compliance
• Enhancement: Expanded FAQ „Does this plugin call any external services?” with detailed list of all 4 external services
• Enhancement: Added „Try Pro FREE for 6 months” call-to-action in Pro Features section with direct download link
• Enhancement: Updated upgrade pages with 6-month free Pro trial messaging and hidden download page URL

1.1.0 – 2026-03-09

• Feature: Plugin install tracker with 24-hour heartbeat mechanism for anonymous usage statistics
• Feature: Automatic plugin type detection (Free/Pro) in tracker heartbeat data
• Feature: Deactivation notification to API for immediate status updates
• Enhancement: Autoloader class conflict prevention for shared Free/Pro classes (Ajax, Detail Page, Parser, Cache)
• Enhancement: Heatmaps sessions column now uses file-based device counts (Desktop + Mobile) for accurate sorting
• Enhancement: Heatmap table column widths rebalanced to accommodate tooltip icons and translations
• Enhancement: Table headers no longer truncated — always fully readable with nowrap styling
• Enhancement: Title truncation moved from PHP to CSS text-overflow for cleaner hover tooltips
• Fix: Autoloader excluding shared Pro/Free classes to prevent Free overriding Pro AJAX handler
• Fix: Heatmap detail page duplicate rendering caused by auto-instantiation
• Fix: SQL prepared statement parameter mismatch when date filters were active on heatmaps
• Fix: Sessions ORDER BY alias referencing non-existent table alias
• Fix: Plugin re-activation now triggers immediate heartbeat to update API status
• Fix: Removed unexpected ARCHITECTURE.md file from plugin root (Plugin Check compliance)
• Fix: Wrapped all error_log() calls in WP_DEBUG guards for production safety
• Fix: Synced Stable tag and Plugin Name between readme.txt and main plugin header
• Fix: Removed localhost/development URL from tracker API endpoint
• Code Quality: Clean uninstall with tracker options and cron job cleanup

1.0.9 – 2026-02-10

• Feature: Smart Data Cleanup system with bot/spam removal, quality thresholds, and scheduled auto-cleanup via WordPress cron
• Feature: Comprehensive tooltip system across all pages (Dashboard, Heatmaps, Funnels, Settings, Form Analytics, Error Tracking)
• Feature: Form Analytics upgrade page with menu integration, database table handlers, and scheduled report support
• Feature: Danger Zone redesign with horizontal sub-tabs (Full Reset, Date Range, Smart Cleanup, Auto Schedule)
• Feature: German (de_DE) language support with complete translations
• Feature: Italian (it_IT) language support with complete translations
• Feature: Spanish (es_ES) complete translation files
• Feature: Portuguese (pt_BR) complete translation files
• Enhancement: Replaced all emoji icons with Lucide SVG icons throughout the plugin for professional UI
• Enhancement: Unified page header style across all pages (Dashboard, Heatmaps, Funnels, Settings, Recordings, Errors)
• Enhancement: Country flag icons in language dropdown selector
• Enhancement: Funnel step cards made more compact with improved layout and per-funnel country filter with flag icons
• Enhancement: Heatmaps page search functionality and mobile preview mode for heatmap iframe
• Enhancement: Guest preview mode for accurate non-logged-in heatmap display
• Enhancement: Replaced Data Protection tab with Storage Stats page with improved tooltips
• Enhancement: Standardized button styles with Lucide icons and btn-danger class for destructive actions
• Enhancement: Added User Journeys and Form Analytics data to scheduled email reports
• Enhancement: Improved browser/OS detection with HarmonyOS support and better bot detection
• Enhancement: PRO feature gating with badges on menu items, heatmap tooltips, and blocked PRO heatmap types for free users
• Enhancement: Admin menu icon updated to 35×35 PNG with hover states
• Enhancement: French translations extensively improved with shortened menu labels
• Enhancement: AI Insights panel with Lucide icon styling and default message
• Fix: Move Heatmap trajectory rendering with proper coordinate scaling and adaptive colors based on website background
• Fix: Scroll Heatmap legend positioning and visibility
• Fix: Attention Heatmap legend positioning moved outside iframe with smooth gradients and base color coverage
• Fix: Bounce rate KPI mismatch with daily history chart
• Fix: Heatmaps page Mobile Traffic showing 0% – Device Split now uses sessions data
• Fix: Session count mismatch between total and device split
• Fix: Time period filter icon and dropdown functionality with correct default selection
• Fix: Traffic Overview chart layout with reduced empty space
• Fix: Funnel URL matching filters and string concatenation bug
• Fix: Conditional cleanup settings not persisting after page refresh
• Fix: Date range file deletion now includes uploads/opti-behavior-data/ directory
• Fix: Delete All Data not clearing storage properly
• Fix: Top Engaged Users widget column width for long country names
• Fix: Scheduled reports SQL error and instant stats update
• Fix: Heatmap download now includes page content with overlay
• Fix: Stat history bar charts display
• Fix: Stats inconsistency when Pro is active
• Code Quality: WordPress Plugin Check – 0 errors, 0 warnings (100% compliant)
• Code Quality: Renamed non-prefixed variables in HTML templates with opti_behavior_ prefix
• Code Quality: Complete uninstall cleanup with all database tables, cron jobs, transients, and legacy directories

1.0.8 – 2025-12-08

• Feature: User Intent Rules – Advanced system for analyzing and categorizing user behavior patterns
• Enhancement: Analytics Dashboard time filter now defaults to 30 Days for better data overview
• Fix: Improved favicon handling for referrer websites with proper fallback support

1.0.7 – 2025-12-02

• Enhancement: Added French language translations for improved internationalization
• Fix: Resolved sendPageView function issues for accurate page tracking
• Fix: Corrected Returning Visitors calculation and display
• Fix: Fixed Logged In Visitors detection and counting
• Feature: Display username for logged-in visitors in Top Engaged Users widget
• Enhancement: Extended device type support for all device categories (desktop, mobile, tablet, PC)
• Code Quality: WordPress coding standards compliance improvements
• Code Quality: Added debug logging controls via settings page
• Security: Fixed nonce verification warnings
• Security: Enhanced prepared SQL statements with proper phpcs annotations

1.0.6 – 2025-11-30

• Feature: New vs Returning Visitors analytics dashboard widget
• Feature: Visited Directories analytics with depth tracking and page views
• Feature: Visitor Authentication analytics showing logged-in vs guest users
• Fix: WordPress DB coding standards – SQL wildcards now use placeholders
• Enhancement: Improved prepared SQL statements compliance
• Code Quality: Full WordPress.DB.PreparedSQLPlaceholders compliance

1.0.5 – 2025-11-23

• Fix: Removed all debug error_log() calls from production code
• Fix: Replaced date() with gmdate() for timezone-safe date handling
• Fix: Added translator comments for i18n compliance
• Fix: Updated API URL from localhost to production endpoint
• Fix: Corrected stable tag version mismatch
• Enhancement: Improved readme with better descriptions and FAQ
• Enhancement: Added Plugin URI and updated Author URI
• Enhancement: Optimized WordPress.org directory submission compliance
• Compatibility: Full WordPress 6.8 compatibility verified
• Enhancement: Added COALESCE for better handling of NULL titles in Top Pages
• Enhancement: Improved country detection with browser language fallback when IP geolocation fails
• Enhancement: Top Pages widget now displays page views instead of clicks for better accuracy

1.0.4 – 2025-11-20

• Enhancement: Added file-based storage system for high-traffic sites
• Enhancement: Implemented automatic bot detection and filtering
• Enhancement: Added performance optimizer with automatic database indexing
• Enhancement: Separate mobile and desktop heatmap tracking and visualization
• Enhancement: Batch processing for improved performance
• Enhancement: Enhanced debug logging system with WordPress-compliant manager
• Enhancement: Added Lucide icon library (v0.554.0, ISC License) for modern UI
• Security: Replaced direct filesystem operations with WP_Filesystem API
• Security: Replaced unlink() with wp_delete_file() for file deletion
• Code Quality: WordPress coding standards compliance improvements
• Code Quality: Improved data sanitization and validation
• Compatibility: Tested up to WordPress 6.8

1.0.3

• Security: Fix Unsafe SQL calls
• Security: Fix files and directories locations use
• Security: Moved inline CSS to external stylesheet
• Security: Moved inline JS to external stylesheet
• Follows WordPress coding standards
• Plugin Check validation passed

1.0.2

Review and fix all the issues listed in the review email.

1.0.1

• Security: Enhanced sanitization for $_SERVER variables
• Security: Improved json_decode() data sanitization
• Security: Moved inline CSS to external stylesheet for WordPress compliance
• Code Quality: Added proper sanitization for all user inputs
• Code Quality: Enhanced data validation in AJAX handlers
• Compatibility: Verified all security checks are in place

1.0.0

• Initial release
• Visual heatmap tracking
• Real-time analytics dashboard
• Page performance metrics
• User journey tracking
• GDPR compliance features
• Data export functionality
• Multisite support
• Debug mode for troubleshooting