SysRadar

SysRadar is a server-side, privacy-first alternative to Google Analytics and Plausible — built in Brazil, hosted in Brazil, fully LGPD/GDPR-compliant. Unlike GA4 (which requires cookies and complicated LGPD setup) and Plausible (which only sees human visitors with JavaScript enabled), SysRadar captures 100% of real requests to your server: humans, AI bots (ClaudeBot, GPTBot, PerplexityBot), SEO crawlers (Ahrefs, Semrush), attackers (sqlmap, nuclei, wpscan), RSS readers, uptime monitors — all categorized in real time. Why this matters in 2026

• 30 to 60% of your traffic is bots. You never knew — because GA4 and Plausible filter bots automatically. But it's your server serving those bots, your bandwidth, your cost.
• AI crawlers (Claude, GPT, Perplexity) are indexing your content right now. If you don't know what they are reading, you can't optimize. The first sites to appear in AI answers will win the next decade of SEO.
• Attackers are continuously scanning /wp-admin/, /xmlrpc.php, /.env. Wordfence Free does not block them. Cloudflare lets them through. You don't even know they exist.
• Web Vitals (LCP, CLS, INP) — Google ranks search results by them. Lighthouse on your machine ≠ real user. SysRadar measures with RUM (Real User Monitoring) data.

What the plugin does

1. Injects the tracker (one line of JS, ~2KB minified, async) into the <head> of all front-end pages via the wp_head hook
2. Live Dashboard inside WordPress (since v1.2.0): your last 24h of traffic, AI crawlers, suspected attacks and a real-time live counter — all visible without leaving wp-admin. Cached locally for 5 min; the fetch fires ONLY when an administrator opens the SysRadar page (zero impact on visitor load times)
3. Auto-detects WooCommerce, Elementor, Yoast SEO, Rank Math, Contact Form 7, BuddyPress, LearnDash, bbPress, All-in-One SEO
4. Auto-excludes: admin pages, AJAX, REST API, cron jobs, and logged-in users with edit-posts capability (admins/editors)
5. Honors DNT: 1 (Do Not Track) optionally
6. Compatible with cache plugins (WP Rocket, W3 Total Cache, LiteSpeed Cache, Cloudflare APO)
7. Custom domain support (Pro+ plan): use analytics.yoursite.com to bypass aggressive ad-blockers
8. Zero queries to the WordPress database (settings stored in wp_options)

Who is it for

• Bloggers and content creators — discover which AI crawlers are indexing your content (ChatGPT, Claude, Perplexity)
• E-commerce (WooCommerce) — real channel attribution, price-scraper detection, per-product Web Vitals
• Agencies — manage analytics for multiple client sites in a single dashboard (Agency plan)
• Developers — Web Vitals degradation alerts, automatic JS error capture, REST API access

Privacy & compliance

• IP anonymization runs in the plugin, before transmission — last octet zeroed (IPv4) / last 80 bits zeroed (IPv6) inside your WordPress install, so SysRadar never receives identifiable IP addresses
• First-party cookies only (_rdid, _rds) — no cross-site tracking, no fingerprinting. Cookieless mode is available as a one-click toggle
• Split tracking toggles (since v1.1.1) — disable the front-end pixel and the server-side beacon independently
• GDPR/LGPD-friendly: no data brokers, no impression auctions, no persona-building
• Optional Honor DNT (Do Not Track) support
• Servers located in Brazil; data processed under LGPD
• No dependency on Google, Facebook, or any ad-tech vendor

Privacy policy snippet for site owners You are the data controller for visitors of your site. The paragraph below is a starting point you can paste (and adapt) into your own privacy policy when this plugin is active. Replace the example placeholders with your specifics.

Analytics — SysRadar. We use SysRadar (operated by SysWP, Brazil) for privacy-first server-side analytics. SysRadar receives the page URL you visit, the referrer URL, your user-agent, anonymized IP (last octet zeroed before it leaves our server), Web Vitals metrics (LCP / FCP / TTFB / CLS / INP), and security telemetry on suspicious requests. SysRadar never sets third-party cookies and is configured here in [cookieless mode / standard mode]. We process this data under [legitimate interest in security monitoring / your consent for analytics], depending on the feature. SysRadar privacy policy: https://radar.syswp.com.br/privacy/. To exercise your LGPD/GDPR rights, contact us at [your email].

If you enable cookieless mode in the plugin settings, the _rdid and _rds first-party cookies are not set and you typically do not need a cookie consent banner for SysRadar. Data subject rights walkthrough Under LGPD (Brazil) Art. 18 and GDPR (EU) Art. 15–17, your visitors can request access to, correction of, deletion of, and portability of their personal data. Because SysRadar minimizes data at source (anonymized IPs, no names, no emails, no persistent cross-site identifier), most data subject requests are quick to answer:

• Access: show the visitor the categories of data collected — see the table in the plugin's Settings → SysRadar page and the SysRadar privacy policy at https://radar.syswp.com.br/privacy/.
• Correction: SysRadar does not collect identifiable data that can be "corrected" in the LGPD/GDPR sense. If a visitor still requests correction, document the request and respond confirming the data is anonymized.
• Deletion: events are automatically purged after your plan retention window (7 to 180 days). For earlier deletion of events tied to a specific anonymized IP, the site owner can email contato@syswp.com.br with the timeframe and the IP prefix.
• Portability: the site owner can export all events for their site via the dashboard → Account → Export Data.
• Objection / withdrawal of consent: if the visitor enabled DNT in their browser and you have "Honor DNT" turned on in the plugin, they are automatically not tracked. They can also block first-party cookies in their browser.

Pricing Free permanent plan with 1 site. Automatic 7-day Pro trial on signup (no credit card). Full pricing and plan details at https://radar.syswp.com.br/pricing.

Via upload

1. Upload the syswp-radar folder to /wp-content/plugins/ or install via WP Admin → Plugins → Add New → Upload Plugin (use the .zip)
2. Activate the plugin in WP Admin → Plugins
3. Go to Settings → SysRadar
4. Paste your Site ID (12 characters) — find it at radar.syswp.com.br/sites
5. Save. Done. The pixel is now injected on all front-end pages automatically.

Via WordPress.org (after approval)

1. WP Admin → Plugins → Add New → search "SysRadar"
2. Install → Activate
3. Settings → SysRadar → paste your Site ID

Don't have an account yet? Sign up free at radar.syswp.com.br/auth/signup — 7 days of Pro free, no credit card required.

1.3.0 - 2026-05-27

• New: anonymous install telemetry. On activation the plugin generates a random install ID (UUID v4) and pings the SysRadar service once with: install ID, site domain, plugin version, WordPress version, PHP version, multisite flag. No admin email, no user data, no visitor data, no PII. Used to size the install base and improve compatibility with hosting/PHP combinations seen in the wild. The same identifier is sent on deactivation so we know the install is no longer active. Legal basis: legitimate interest (LGPD Art. 7 IX / GDPR Art. 6(1)(f)).
• New: telemetry opt-out toggle. Settings → SysRadar → "Plugin telemetry" — one click and the activation/deactivation pings stop. No telemetry beyond those two pings is ever sent (the plugin does not phone home periodically).
• Privacy disclosure: readme.txt "External services" section updated to document the new install/deactivation pings and how to disable them.

1.2.0 - 2026-05-25

• New feature: Live Dashboard panel inside the plugin admin page. Shows the last 24h of request totals (humans, AI crawlers, suspected attacks) plus a real-time live counter and 24h hourly sparkline — pulled from your Radar SaaS account so you don't have to switch tabs to check traffic health. Includes a one-click "Refresh" button. Cached locally for 5 minutes via WP transients so it doesn't add load to your site, and the fetch fires ONLY when an administrator opens the SysRadar page (zero impact on visitor load times).
• Sidebar promotion: SysRadar now lives as its own top-level entry in the WordPress admin sidebar (previously nested under Settings). With its own brand icon for one-click access from any admin screen.
• UI polish: The header brand mark on the SysRadar page now has a subtle rotating radar sweep + ping animation (respects prefers-reduced-motion for accessibility).
• Compatibility: Tested up to WordPress 7.0.
• Performance note: the new Live Dashboard fetch fires ONLY when an administrator opens the SysRadar page — never on front-end requests, never on other admin pages. Zero impact on visitor load times.

1.1.1 - 2026-05-16

• Privacy: IP anonymization now runs inside the plugin, before transmission (last octet zeroed for IPv4, last 80 bits for IPv6). Previously anonymization happened server-side at radar.syswp.com.br — now the data leaves your WordPress install already anonymized, satisfying LGPD/GDPR minimization-at-source requirements.
• Settings split: the single "Tracking enabled" toggle is now two independent toggles — Front-end pixel and Server-side beacon — so you can disable either independently. Legacy enabled setting is auto-migrated 1→1 to both on first load.
• Cookieless mode: new one-click toggle that disables the _rdid / _rds first-party cookies. When enabled you typically do not need a cookie consent banner for SysRadar.
• Settings reference table: the admin page now shows a clear table explaining the technical effect AND the legal implication of each setting, so you know what to update in your privacy policy when toggling.
• Privacy policy snippet: the readme now includes a copy-paste-ready paragraph that site owners can adapt for their own privacy policies.
• Data subject rights walkthrough: new section in readme covering LGPD Art. 18 / GDPR Art. 15–17 — what to do when a visitor asks for access, deletion, portability.
• External services disclosure expanded to cover both the JS pixel AND the server-side beacon (when each fires, exact data sent, legal basis).
• Admin onboarding redesigned — new visitors see a clear 3-step welcome card with a prominent "Sign up free" CTA toward radar.syswp.com.br.
• Brand: admin header now uses the official SysRadar mark instead of a placeholder gradient square.
• FAQ additions: "Do I need a cookie banner?" and "What does Honor DNT actually do?".
• Base URL field removed from the settings page — the analytics endpoint is now pinned to the canonical SysRadar service (radar.syswp.com.br). Custom-domain routing will return later via an authenticated API. Existing custom-domain installs are migrated to the canonical endpoint automatically on first load.
• Readme cleanup: removed promotional pricing details from the description (kept on the SaaS site); donate link removed; tags revised for compliance.

1.1.0 - 2026-05-11

• Display name changed to "SysRadar" (per WordPress.org Plugin Review Team guidance — "WP" cannot appear in plugin display names). Plugin slug remains syswp-radar (slugs are URL identifiers, not user-facing branding, and are exempt from the "WP" restriction).
• All UI strings translated from Portuguese to English with full i18n support — translations welcome via translate.wordpress.org
• Added server-side beacon (captures attacks the JS pixel cannot see: /wp-json/, xmlrpc.php, admin-ajax.php unauth, wp-admin probes, wp-login.php). Fired on shutdown action; uses fastcgi_finish_request() + blocking=false for zero added latency.
• Pixel injection switched from direct echo to wp_enqueue_script() + script_loader_tag filter for async attribute (matching WP.org Plugin Review best practices).
• All $_SERVER reads now properly sanitized with sanitize_text_field(wp_unslash()) / esc_url_raw(wp_unslash()).
• Class renamed to Syswp_Radar_Plugin to match the slug-derived prefix convention.
• Removed call to load_plugin_textdomain() — no longer needed since WordPress 4.6 for plugins hosted on WordPress.org.

1.0.0 - 2026-05-06

• Initial release on WordPress.org
• Pixel injection via wp_head (priority 99)
• Auto-detection of platforms (WooCommerce, Elementor, Yoast, Rank Math, etc.)
• Settings page with privacy controls
• Compatibility tested with WP Rocket, LiteSpeed Cache, W3 Total Cache
• Multisite support
• Optional Honor DNT
• Auto-exclusion of admins/editors