New: anonymous install telemetry. On activation the plugin generates a random install ID (UUID v4) and pings the SysRadar service once with: install ID, site domain, plugin version, WordPress version, PHP version, multisite flag. No admin email, no user data, no visitor data, no PII. Used to size the install base and improve compatibility with hosting/PHP combinations seen in the wild. The same identifier is sent on deactivation so we know the install is no longer active. Legal basis: legitimate interest (LGPD Art. 7 IX / GDPR Art. 6(1)(f)).
New: telemetry opt-out toggle. Settings → SysRadar → “Plugin telemetry” — one click and the activation/deactivation pings stop. No telemetry beyond those two pings is ever sent (the plugin does not phone home periodically).
Privacy disclosure: readme.txt “External services” section updated to document the new install/deactivation pings and how to disable them.
1.2.0 – 2026-05-25
New feature: Live Dashboard panel inside the plugin admin page. Shows the last 24h of request totals (humans, AI crawlers, suspected attacks) plus a real-time live counter and 24h hourly sparkline — pulled from your Radar SaaS account so you don’t have to switch tabs to check traffic health. Includes a one-click “Refresh” button. Cached locally for 5 minutes via WP transients so it doesn’t add load to your site, and the fetch fires ONLY when an administrator opens the SysRadar page (zero impact on visitor load times).
Sidebar promotion: SysRadar now lives as its own top-level entry in the WordPress admin sidebar (previously nested under Settings). With its own brand icon for one-click access from any admin screen.
UI polish: The header brand mark on the SysRadar page now has a subtle rotating radar sweep + ping animation (respects prefers-reduced-motion for accessibility).
Compatibility: Tested up to WordPress 7.0.
Performance note: the new Live Dashboard fetch fires ONLY when an administrator opens the SysRadar page — never on front-end requests, never on other admin pages. Zero impact on visitor load times.
1.1.1 – 2026-05-16
Privacy: IP anonymization now runs inside the plugin, before transmission (last octet zeroed for IPv4, last 80 bits for IPv6). Previously anonymization happened server-side at radar.syswp.com.br — now the data leaves your WordPress install already anonymized, satisfying LGPD/GDPR minimization-at-source requirements.
Settings split: the single “Tracking enabled” toggle is now two independent toggles — Front-end pixel and Server-side beacon — so you can disable either independently. Legacy enabled setting is auto-migrated 1→1 to both on first load.
Cookieless mode: new one-click toggle that disables the _rdid / _rds first-party cookies. When enabled you typically do not need a cookie consent banner for SysRadar.
Settings reference table: the admin page now shows a clear table explaining the technical effect AND the legal implication of each setting, so you know what to update in your privacy policy when toggling.
Privacy policy snippet: the readme now includes a copy-paste-ready paragraph that site owners can adapt for their own privacy policies.
Data subject rights walkthrough: new section in readme covering LGPD Art. 18 / GDPR Art. 15–17 — what to do when a visitor asks for access, deletion, portability.
External services disclosure expanded to cover both the JS pixel AND the server-side beacon (when each fires, exact data sent, legal basis).
Admin onboarding redesigned — new visitors see a clear 3-step welcome card with a prominent “Sign up free” CTA toward radar.syswp.com.br.
Brand: admin header now uses the official SysRadar mark instead of a placeholder gradient square.
FAQ additions: “Do I need a cookie banner?” and “What does Honor DNT actually do?”.
Base URL field removed from the settings page — the analytics endpoint is now pinned to the canonical SysRadar service (radar.syswp.com.br). Custom-domain routing will return later via an authenticated API. Existing custom-domain installs are migrated to the canonical endpoint automatically on first load.
Readme cleanup: removed promotional pricing details from the description (kept on the SaaS site); donate link removed; tags revised for compliance.
1.1.0 – 2026-05-11
Display name changed to “SysRadar” (per WordPress.org Plugin Review Team guidance — “WP” cannot appear in plugin display names). Plugin slug remains syswp-radar (slugs are URL identifiers, not user-facing branding, and are exempt from the “WP” restriction).
All UI strings translated from Portuguese to English with full i18n support — translations welcome via translate.wordpress.org
Added server-side beacon (captures attacks the JS pixel cannot see: /wp-json/, xmlrpc.php, admin-ajax.php unauth, wp-admin probes, wp-login.php). Fired on shutdown action; uses fastcgi_finish_request() + blocking=false for zero added latency.
Pixel injection switched from direct echo to wp_enqueue_script() + script_loader_tag filter for async attribute (matching WP.org Plugin Review best practices).
All $_SERVER reads now properly sanitized with sanitize_text_field(wp_unslash()) / esc_url_raw(wp_unslash()).
Class renamed to Syswp_Radar_Plugin to match the slug-derived prefix convention.
Removed call to load_plugin_textdomain() — no longer needed since WordPress 4.6 for plugins hosted on WordPress.org.
1.0.0 – 2026-05-06
Initial release on WordPress.org
Pixel injection via wp_head (priority 99)
Auto-detection of platforms (WooCommerce, Elementor, Yoast, Rank Math, etc.)
Settings page with privacy controls
Compatibility tested with WP Rocket, LiteSpeed Cache, W3 Total Cache
