Properly fixed the PHP 8.1+ ltrim() deprecation: the JavaScript tracker was sending referrer: null for direct visits, and WordPress’s REST sanitize callbacks ran esc_url_raw(null) before our PHP code could intercept. Now the tracker sends empty string, and we use custom null-safe sanitize callbacks server-side as defense in depth.
1.1.5
Fixed PHP 8.1+ deprecation warnings when null was passed to esc_url_raw() and ltrim() for direct visits (visitors arriving with no referrer). All URL/path/referrer values are now coerced to strings before being passed to WordPress escaping helpers.
Added explicit defaults to REST API parameter definitions so null never reaches the sanitize callback.
Hardened sanitize_path() against null and non-string input.
1.1.4
Renamed an internal rate-limit transient key to use the plugin’s visitstats_ prefix (was ip_rl_). No user-visible changes.
1.1.3
Improved phpcs annotation placement so static analysis tools (Plugin Check, WPCS) correctly recognize the documented exceptions for schema operations in uninstaller and dbDelta in activator. No functional changes.
1.1.2
Updated “Tested up to” to WordPress 7.0.
1.1.1
Polish pass before WordPress.org submission.
Softened description copy to reduce potential trademark concerns.
No functional changes.
1.1.0
Renamed from a previous name to “VisitStats” for a cleaner, more descriptive identity.
Made all features unconditionally free and fully functional, matching WordPress.org Plugin Directory guidelines.
Data retention now user-configurable from 1 to 365 days (was previously capped).
All date ranges (today, 7d, 30d, 90d, 1 year) available to everyone.
Engagement / scroll-depth tracking now works for all users.
Moved admin menu from position 3 to position 81 (under Settings) to respect WordPress core admin hierarchy.
Replaced upsell page with a Feedback & Feature Requests page.
1.0.x
Earlier iterations under previous naming. See full history in the repository.
