| 开发者 | designforonline |
|---|---|
| 更新时间 | 2026年7月11日 05:44 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
/wp-content/plugins/forerunner-ai-live-chat/You need to provide a webhook URL that processes the chat messages. This could be an endpoint from n8n (recommended), Zapier, Make, Pipedream, a custom AI service, or any other system that can respond to HTTP requests.
This plugin does not store conversation history by default. All messages are sent to your configured webhook URL. Data storage depends on your webhook implementation.
Yes, you can customize colors, messages, bot icons, and the overall appearance through the admin settings. The plugin includes comprehensive color customization options.
Yes, the chat widget is fully responsive and optimized for mobile devices, tablets, and desktop computers.
Voice chat functionality can be added through our compatible extensions (such as the optional DFO Voice plugin). The base plugin focuses on text-based conversations.
The plugin only connects to the webhook URL you specify in the settings. It's designed to work with any AI service or webhook-capable platform. No third-party connections are made without your explicit configuration.
Yes. We provide a free starter workflow for n8n which you can import and adapt. See the "Example Workflows" section for the download link.
foreaili_active_visitors / foreaili_live_chat_visitors) verified a nonce but never independently checked manage_options inside the handler itself. Low practical risk (that nonce is only ever printed on an already admin-gated page), but a leaked nonce would have been enough on its own. Now checks capability explicitly.foreaili_debug_ip_detection) had no nonce check at all. Brought in line with its sibling debug_chat_history handler, which already did this correctly./track visitor-tracking endpoint accepted requests from anywhere with no verification — a security review found it could be hit directly (e.g. with curl) without ever loading the site, and every outcome (disabled, bad params, bot, success) returned an identical 200 OK, making it impossible to tell real tracking traffic from noise in server logs. The endpoint now requires a nonce generated when the page renders (so blind requests that never loaded the site are rejected) and returns a distinct HTTP status per outcome: 403 when tracking is disabled/bot-blocked/nonce-invalid, 400 for malformed requests, 429 when a single visitor is sending requests faster than the tracking interval allows, and 200 only for a genuinely accepted beat.wp_localize_script() bakes settings straight into the cached page HTML, so a cached copy kept serving the old values until it happened to expire. Saving the Visitor Tracking toggle (and updating the plugin) now best-effort purges WP Rocket, WP Super Cache, W3 Total Cache, LiteSpeed Cache, SG Optimizer, WP Fastest Cache, and Cache Enabler so the change takes effect immediately. No effect on sites without a page cache./v1/realtime?protocol=webrtc to the GA endpoint /v1/realtime/calls.forerunner_ai_persist_visitor_tracking because $data_changed only flipped on page navigation (a 2.4.5 perf optimisation). last_activity updated in memory but never persisted, so visitors vanished after ~90 s and reappeared on their next navigation. Heartbeats now always refresh the transient cache.wp_foreaili_messages database table instead of one-hour transients, so conversation history survives object-cache evictions and server restarts.GET /wp-json/forerunner-ai/v1/conversations and /conversations/{visitor_id}) feed the Pro inbox without any admin-ajax round-trips. Both require manage_options.forerunner_ai_messages_purge) prunes old rows automatically so the table never grows unbounded.dbDelta to create the new table; existing in-flight transient chats continue to work and get added to the table from the next message onwards.forerunner_ai_live_chat_agents option, drops pending chat-request transients, and strips stale chatStatus/agentId/agentName fields from visitor records.