close
WordPress.org

Cymraeg

Cael WordPress
WordPress.org

Plugin Directory

CAPI Suite: Meta, Pinterest, TikTok, GTM

BERJAYA
BERJAYA

CAPI Suite: Meta, Pinterest, TikTok, GTM

Gan shan
Llwytho i lawr

Disgrifiad

Stop paying $30–150/month for a GTM Server Container. Send Conversions API events to Meta, Pinterest, and TikTok directly from your WordPress server. Free, no premium tier, no SaaS subscription.

Three CAPI platforms + Google Ads in one plugin. Most competitors handle Meta only, or sell Pinterest and TikTok as separate add-ons. This one ships Meta + Pinterest + TikTok server-side dispatch + Google Ads Enhanced Conversions + a clean GTM dataLayer in a single install. The same event_id flows everywhere, so each platform deduplicates browser + server events instead of double-counting.

Real customers aren’t filtered as bots. Behavioral bot detection + ~9,500-CIDR datacenter IP filter + AI-crawler classification (GPTBot, PerplexityBot, ClaudeBot, Google-Extended, etc.) keeps Lighthouse audits, scrapers, and ad-fraud bots out of your Events Manager — without blocking VPN shoppers, Apple iCloud Private Relay users, logged-in customers, or paid-ad clickers. Purchase events are never blocked. Pre-Purchase events that do get filtered are replayed on eventual purchase, preserving the full funnel.

What it does

  • Meta + Pinterest + TikTok CAPI — 14 event types, classic + block checkout, HPOS compatible. Per-platform retry: only the failing side is retried.
  • Google Ads Enhanced Conversions — GTM template ships Conversion Linker + Purchase Conversion tag (EC enabled). Captures gclid/gbraid/wbraid — recovers iOS Safari attribution post-ITP.
  • GTM dataLayer — Pushes for GA4, Meta Pixel, Pinterest Tag, TikTok Pixel, Google Ads.
  • Datacenter IP filter + Excluded Traffic tab — Paginated audit log (IP masked to /24), per-provider breakdown, one-click exclude on Event Log rows. By-IP grouped view surfaces worst-offender IPs at a glance; customer-protection badges prevent excluding real buyers by mistake.
  • CCPA / Limited Data Use — Honors CMP opt-out signals; tags Meta + TikTok payloads with LDU. Optional GDPR strict mode strips PII when consent is denied.
  • Cache-safe — Works with LiteSpeed, WP Rocket, Varnish, Cloudflare full-page cache. Click IDs captured client-side into 1st-party cookies; landing pages stay fully cacheable.
  • Debug log + Dashboard widget — Per-event delivery status, date/type filters, retention 1–90 days.

This plugin is free. Not “free with limits” — just free. Every feature works, no pro version behind a paywall.

If it helps your store, please leave a review — it genuinely helps other merchants find this plugin.

External Services

This plugin connects your website to external services to send event data.

  • Service Used: Meta Conversion API (graph.facebook.com)
    • Purpose: To send user interaction and e-commerce event data from your server to Meta’s servers for ad performance measurement, optimization, and audience building.
    • Data Sent: Event details (product ID, price) and user parameters (IP address, user agent, hashed email/name/phone, Facebook cookies) are sent when a user performs a key action.
  • Service Used: TikTok Events API (business-api.tiktok.com)
    • Purpose: Same as Meta CAPI, providing server-side conversion tracking for TikTok Ads optimization and attribution.
    • Data Sent: Event details (product ID, price, currency) and user parameters (IP address, user agent, hashed email/phone/external_id, ttp / ttclid cookies) are sent upon user action. Optional under the merchant’s TikTok credentials — the plugin only sends to TikTok if the credentials are configured.
  • Service Used: Pinterest Conversions API (api.pinterest.com)
    • Purpose: Same as the Meta CAPI, providing reliable tracking for ad performance and audience building on Pinterest.
    • Data Sent: Event details and hashed user parameters are sent upon user action.
  • Service Used: Google Tag Manager (googletagmanager.com)
    • Purpose: To load a JavaScript container from Google’s servers that allows you to manage and deploy marketing and analytics tags.
    • Data Sent: The plugin provides your GTM Container ID to Google to fetch the correct script. GTM itself may collect data based on how you configure your tags.
  • Service Used: Cloud-provider IP range list — raw.githubusercontent.com/rezmoss/cloud-provider-ip-addresses
    • Purpose: Used by the optional Datacenter IP filter to keep the bot blocklist current. Daily background fetch downloads CIDR ranges for AWS, Google Cloud, Azure, Cloudflare, DigitalOcean, Linode, Vultr, Oracle Cloud, and Fastly so events from those ranges can be filtered out before reaching Meta / Pinterest / TikTok.
    • Data Sent: None. The plugin only downloads public IP-range manifests; no visitor data is sent to GitHub.
    • License: Source repository is CC0-licensed.
  • Service Used: Apple iCloud Private Relay egress IP list — same raw.githubusercontent.com/rezmoss/cloud-provider-ip-addresses source (folder apple_private_relay/)
    • Purpose: Used by the optional Datacenter IP filter to whitelist real Apple visitors who exit through Apple’s relay infrastructure. Daily background fetch downloads the merged CIDR list so iOS Safari users on Private Relay aren’t mistaken for datacenter bots.
    • Data Sent: None. The plugin only downloads the public manifest; no visitor data is sent.

Shared hosting note. Some restrictive shared hosts block outbound HTTPS by default. If event delivery silently fails after install, ask your host to whitelist the following domains for outgoing connections: graph.facebook.com, business-api.tiktok.com, api.pinterest.com, and raw.githubusercontent.com (only needed if you keep “Auto-fetched” enabled on the Blocked Traffic tab — covers both the datacenter blocklist and the Apple Private Relay whitelist).

Advanced Configuration

Setup details for Consent Mode v2, the strict server-side consent mode (GDPR PII gating), CMP auto-block compatibility, and the WooCommerce Subscriptions integration. None of these are required for a basic CAPI setup — turn them on as your store needs them.

Consent Mode v2 Setup (GDPR / EU Compliance)

If you serve EU visitors, GA4 and Meta browser tags don’t fire when consent is denied — typically losing 20–50% of measured event volume. Google Consent Mode v2 recovers this: when consent is denied, GA4 / Meta tags switch to cookieless pings (anonymous beacons carrying event name, value, currency, timestamp but no client identifier). Google’s ML models the conversions from these pings and shows them mixed with observed ones in your reports. A single CMP integration repairs both GA4 and Meta attribution because the Meta Pixel template reads the same consent signals.

How to enable. Popular CMP plugins (Cookiebot, CookieYes, Complianz, Iubenda, Termly, OneTrust) all have a native Consent Mode v2 toggle in their settings — find and enable it. The CMP then calls gtag('consent', 'default', {denied}) before GTM loads and gtag('consent', 'update', {granted}) after the visitor accepts.

The bundled GTM template includes a paused “Consent Defaults (Pre-CMP)” tag. Enable it only if your CMP doesn’t set gtag('consent', 'default', ...) on its own (rare with modern CMPs).

Strict server-side consent mode (PII gating for CAPI)

Consent Mode v2 only controls browser tags. Server-side CAPI fires from PHP, never sees gtag('consent', ...) signals — so it transmits hashed PII regardless of cookie-banner choice. Fine outside the EU; a GDPR concern inside it.

The Privacy & Consent (Server-side) section has a Strict server-side consent toggle (default OFF). When enabled and the visitor has denied marketing consent in your CMP, identifying PII (em, ph, fn, ln, address, fbp, fbc …) is stripped from the CAPI payload. The event still ships with event_id, value, currency, contents — Cookiebot, CookieYes, and Complianz cookies are read automatically; other CMPs supply state via the mcapi_marketing_consent_granted filter.

Why this matters alongside Consent Mode v2. Denied-consent browser pixels switch to cookieless pings — modeled, not observed. With Strict server-side consent ON, your server-side CAPI ships alongside that ping carrying the same event_id. Meta dedupes by event_id and now has an observed server signal feeding the same conversion record the cookieless ping created — cleaner Event Match Quality than browser-only or naïve “send everything” CAPI, and GDPR-defensible because no identifying data leaves your server.

Default OFF preserves match quality for existing non-EU setups. Recommended ON once Consent Mode v2 is configured in your CMP.

CMP Auto-Blocking and the Plugin’s Inline Scripts

CMPs with “auto-blocking” (Cookiebot, CookieYes, others) scan every <script> tag on load and convert anything they suspect of tracking to type="text/plain" until consent. The plugin’s inline scripts only POST first-party events to your own REST endpoint — but a generic auto-blocker can’t tell. To avoid a silent break, every plugin-rendered inline script ships with opt-out attributes for Cookiebot (data-cookieconsent="ignore"), CookieYes (data-cookieyes="cookieyes-necessary"), and Complianz (data-cmplz-no-cookielaw="1"). For other CMPs (OneTrust, Quantcast, in-house), append your own attribute via the mcapi_inline_script_attrs filter.

WooCommerce Subscriptions Integration

By default, every WooCommerce Subscriptions auto-renewal sends a fresh Purchase to Meta CAPI — credited to the original acquisition ad. Reported ROAS keeps climbing month after month from the same conversion, polluting optimization signals.

The plugin auto-detects WooCommerce Subscriptions and exposes:

Subscription Renewal Behavior (radio):

  • Default — renewals send as regular Purchase. Existing setups unchanged.
  • Skip — renewals not sent. Cleanest ROAS hygiene; you forfeit Meta’s LTV signal from renewals.
  • Tag — renewals still send Purchase but with custom_data.customer_status = "subscription_renewal" so you can filter them in Events Manager.
  • Subscribe / SubscriptionRenewal events — Meta’s standard Subscribe for sign-ups + a SubscriptionRenewal custom event for renewals. Purchase stays clean, advertisers using LTV-bidding can opt into both.

Tag every Purchase with customer_status (checkbox): adds custom_data.customer_status (new_customer / returning_customer / subscription_renewal) to every Purchase so Meta Advantage+ can bid acquisition vs. retention differently. Guest checkouts fall back to billing-email lookup.

Disclaimer

This plugin is an independent, community-driven implementation of server-side Conversions API protocols. It is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc., TikTok Ltd., Pinterest, Inc., Google LLC, Automattic Inc., or any other trademark holder referenced herein.

“Meta”, “Facebook”, and the Meta Pixel are trademarks of Meta Platforms, Inc. “TikTok” is a trademark of TikTok Ltd. “Pinterest” is a trademark of Pinterest, Inc. “Google Tag Manager”, “Google Ads”, and “GA4” are trademarks of Google LLC. “WooCommerce” is a trademark of Automattic Inc. All trademark references are used solely for descriptive interoperability purposes — to indicate which platforms this plugin can transmit data to under the merchant’s own configured credentials.

No user data is transmitted to any external service until the merchant explicitly configures their own platform credentials in the plugin settings. The plugin does not “phone home” or contact any developer-controlled server. The only outbound HTTP calls are: (1) merchant-configured CAPI endpoints, (2) the public CIDR manifests at raw.githubusercontent.com used by the optional Datacenter IP filter — no visitor data is sent in those manifest fetches.

Gosod

Quick start (3 steps)

  1. Install and activate the plugin. WooCommerce must already be active.
  2. Open CAPI Suite Main Settings and paste your Meta Pixel ID + Access Token. Add TikTok and/or Pinterest credentials if you use them. Empty fields for platforms you don’t use are fine.
  3. (If you use GTM) Download the bundled gtm-template.json from the GTM Container ID box, import it into your GTM container in Merge mode, set the pixel-code constants to your real IDs, and publish.

Server-side events start flowing on the next page view. Send a test from Event Management Test Modes to verify credentials before going live.

Recommended GTM dedup configuration

To prevent duplicate browser+server events:

  1. In Meta Events Manager your Pixel Settings Event Setup, turn off “Track Events Automatically Without Code”. This plugin handles all event sending.
  2. In your GTM container, pause or delete any auto-created tags starting with FB_.

The bundled GTM template ships GA4 + Meta tags pre-wired to the GA4 ecommerce dataLayer, plus TikTok tags that read from a CONST - TikTok Pixel Code variable. Pinterest tags are added manually because the Community Template can fail to import inside container exports.

If you cannot import the JSON template (locked container, workspace permissions) or want to set up GTM manually, the full step-by-step walkthrough ships with the plugin at wp-content/plugins/easy-meta-capi/docs/GTM-MANUAL-SETUP.txt.

Verify

Open CAPI Suite Event Log after browsing your store. Successful dispatches show as “Success (Meta)” / “Success (TikTok)” / “Success (Pinterest)”. The Dashboard widget shows queue health at a glance.

If the log stays empty, a JS optimizer is probably deferring the plugin’s inline scripts — see the cache-plugin FAQ. Detailed GTM setup, Google Ads Enhanced Conversions, and other platform tags live in docs/GTM-MANUAL-SETUP.txt. Consent Mode v2, Strict server-side consent, CMP auto-block, and WC Subscriptions are documented under Advanced Configuration below.

Cwestiynau Cyffredin

Does this plugin replace the Meta Pixel?

No, it works alongside it. The plugin sends server-side (CAPI) events, while GTM handles the browser-side Pixel. Both use the same event_id, so Meta merges them automatically without counting anything twice.

What is the difference between this and a GTM Server Container?

A GTM Server Container runs on Google Cloud and costs money every month. This plugin does the same job directly from your WordPress server — no extra infrastructure, no extra bill.

Does it work with page caching plugins (WP Rocket, LiteSpeed, etc.)?

Yes. PageView and ViewCategory events fire from JavaScript, so they work even on fully cached pages. Cart, checkout, and purchase pages are not cached by default.

What plugins are required?

WooCommerce. That’s it. If you use other GTM plugins (like Google Site Kit), disable their e-commerce features to avoid conflicts.

Is there a pro version?

No. Everything is included.

My events aren’t showing in Meta Events Manager.

Open the Event Log tab. If events appear there with “Success (Meta)”, the plugin is sending — anything missing on Meta’s end is a Pixel ID / Access Token mismatch. If the log is empty, your JS optimizer is likely deferring the inline scripts (see next answer) or your CMP auto-blocker converted them to type="text/plain" (see the CMP question below).

JS optimizer (LiteSpeed / WP Rocket / Autoptimize) — what do I configure?

Add these four IDs to your optimizer’s “exclude from defer / combine” list: mcapi-pageview-init, mcapi-viewcontent-events, mcapi-viewcategory-events, mcapi-frontend-events. Cloudflare Rocket Loader is handled automatically via data-cfasync="false".

Does it work with a block-based theme (Twenty Twenty-Five etc.)?

Yes.

GTM Preview shows my browser tags firing, but the plugin’s Event Log is empty.

Your CMP’s auto-blocker is converting the plugin’s inline scripts to type="text/plain". The plugin already carries opt-out attributes for Cookiebot, CookieYes, and Complianz; less common CMPs (OneTrust etc.) need the mcapi_inline_script_attrs filter — see CMP Auto-Blocking in Advanced Configuration.

I sell subscriptions — Meta is over-attributing renewals to old ads.

The plugin auto-detects WooCommerce Subscriptions and offers four behavior modes (Default / Skip / Tag / Subscribe + SubscriptionRenewal). Pick Skip or the dedicated-events mode to keep Purchase clean. See WooCommerce Subscriptions in Advanced Configuration.

EU traffic — does the plugin respect cookie-banner consent for CAPI?

Not by default — server-side CAPI fires from PHP, doesn’t see your gtag('consent', ...) signals. The Privacy & Consent section has a Strict server-side consent mode toggle: when consent is denied, hashed PII is stripped from the CAPI payload but the event still ships with its event_id, so Meta’s browserCAPI dedup keeps working without identifying data. Recommended ON for EU stores. See Strict server-side consent mode in Advanced Configuration.

Will the datacenter IP filter block my real VPN customers?

Rarely. Visitors with click IDs (fbclid / gclid / ttclid), Apple Private Relay IPs, logged-in customers, or prior-visit _fbp / _ga cookies all bypass the filter. Purchase events are never blocked. A brand-new VPN visitor with no cookies has their first PageView held; if they purchase, the full funnel is replayed so Meta sees the complete journey. Every blocked request is auditable in the Excluded Traffic tab.

Why does the Excluded Traffic tab show IPs as `192.168.1.x`?

GDPR-friendly auditing — the last octet is masked at record-time, so wp-admin and DB exports never reveal raw visitor IPs.

Adolygiadau

Read all 1 review

Contributors & Developers

“CAPI Suite: Meta, Pinterest, TikTok, GTM” is open source software. The following people have contributed to this plugin.

Cyfranwyr

Translate “CAPI Suite: Meta, Pinterest, TikTok, GTM” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Cofnod Newid

3.7.0

  • Event Log: By-IP grouped view. New toggle on the Event Log tab switches between detail rows and a per-IP aggregate (IP | Events | User Agent | Event types | Action) sorted by hit count descending. Repeat-offender IPs surface immediately — bulk-exclude with one click instead of scrolling through hundreds of individual rows. Filter form preserves the active view + page anchor on submit.
  • Customer-protection badges in the Event Log. Before excluding an IP, the plugin checks for real-visitor signals: Purchase events (financial transaction — bots can’t complete a real checkout), checkout-flow events (InitiateCheckout / AddShippingInfo / AddPaymentInfo), behavioral filter graduation, and funnel-event diversity. Multi-signal scoring: a Purchase alone qualifies, otherwise 2+ signals are required. Real buyers show a 🛒 Customer badge and the Exclude button is suppressed; if a customer was previously excluded by mistake, a ⚠🛒 warning appears so you can undo it.
  • AI-crawler classification (separate from generic bots). GPTBot, ChatGPT-User, OAI-SearchBot, PerplexityBot, ClaudeBot, anthropic-ai, Google-Extended, GoogleOther, Applebot-Extended, FacebookBot, Amazonbot, CCBot, Bytespider, and other LLM training / answer-engine crawlers are now classified as ai_agent instead of bot. Requests to /.well-known/ discovery endpoints (UCP / llms.txt / ai-plugin.json) are also treated as AI agents. They are skipped from CAPI dispatch like bots, but tracked in a separate daily counter on the Dashboard widget so you can see how much LLM-driven traffic reaches your store. Never added to the IP exclusion list. Extendable via the mcapi_ai_agent_user_agents filter.
  • “Block” “Exclude” UI rename. The Blocked Traffic tab is now Excluded Traffic, the exclusion-list buttons are clearer, and a banner at the top of the tab spells out that this is a CAPI-event-level exclusion, not a firewall — your site stays accessible to everyone, only the plugin’s analytics dispatch is filtered for those IPs. Manage-list rows use Disable / Enable toggles instead of Exclude / Re-include (less terminology collision). Internal hook names and DB option keys unchanged — backward compatible.
  • Flagged-IP indicator. IPs that tripped the behavioral filter (honeypot, abnormal velocity, or no engagement after observation) now show a 🚩 indicator on the Exclude button with a confidence-aware tooltip. Mostly catches bots that disguised their User Agent to slip past the upstream filter.
  • EU consent admin notice. When a CMP plugin is detected (CookieYes / Cookiebot / Complianz / Iubenda / Termly) and Strict server-side consent mode is OFF, the settings page now shows a one-time dismissable prompt explaining the GDPR posture and pointing to the toggle.
  • Trademark disclaimer. Added a Disclaimer section to the readme covering independent / not-affiliated status for Meta, TikTok, Pinterest, Google, and Automattic — descriptive interoperability use only.
  • Schema migration: mcapi_logs.ip_hash. New salted-SHA256 column (matches mcapi_ip_state.ip_hash) lets the Event Log JOIN against the behavioral-state table for real-time customer / flagged classification. Legacy rows have ip_hash='' and fall back to event-based signals. Single dbDelta ALTER TABLE on upgrade — instant DDL on InnoDB 5.7+ / MariaDB 10.3+.
  • Readme cleanup. Cookie-plugin setup, CMP auto-block, Strict consent, and WC Subscriptions sections de-duplicated and condensed. Two-thirds shorter without losing any why-this-matters context.
  • Google Ads Enhanced Conversions. Bundled GTM template now includes a Google Ads Conversion Linker tag (All Pages) and a Google Ads Purchase Conversion tag (CE – Purchase trigger) with Enhanced Conversions enabled in AUTO mode. The plugin captures gclid, gbraid, and wbraid from ad-click URLs into 1st-party cookies (_mcapi_gclid etc.) at landing; the Conversion Linker transfers these to _gcl_aw for Google Ads attribution. Recovers conversions that iOS Safari ITP would otherwise drop. Edit two new CONST variables in GTM after importing (Google Ads Conversion ID, Google Ads Purchase Label) — see docs/GTM-MANUAL-SETUP.txt for full setup.
  • Pinterest EMQ improvements. Now captures both Pinterest’s persistent _epik cookie (set by Pinterest’s tag.js on real visitors) and the epik URL parameter. Improves Event Match Quality on Pinterest tag installs running the current (2024+) version, where the legacy pina_id flow is being phased out.
  • Stronger real-user signals in datacenter bypass. Beyond _fbp and _ga, the IP filter now also accepts _epik (Pinterest tag), __cf_bm (Cloudflare Bot Management actively-validated browsers), _gcl_au (gtag.js ran), and _ttp (TikTok Pixel) as proof of human browsing. Reduces false-positive blocking of VPN/Apple-Relay shoppers who already have one of these tag cookies set.
  • Improved bot / human differentiation. Behavioral signals (mousemove, scroll, checkout-form interaction) are now gated against the most common scripted-automation patterns. Combined with the existing datacenter IP filter and funnel-event history, this reduces false-positive bot scores from real shoppers and false-negative human scores from low-effort scrapers. Not a 100% bot block — it raises the cost for an attacker to look human, not eliminates the possibility — but it filters out the bulk of the cheap traffic that pollutes Events Manager.
  • gbraid / wbraid capture. Google Ads iOS Safari click variants are now captured into 1st-party cookies alongside gclid. Without this, post-ITP iOS Safari ad clicks lose attribution within minutes.
  • GTM template re-import recommended. The bundled template now includes Google Ads tags. Re-download gtm-template.json from Main Settings and re-import in Merge mode.

3.6.0

  • TikTok CAPI integration. Server-side dispatch alongside Meta and Pinterest. Pixel Code, Access Token, Advertiser ID, and a dedicated TikTok Test Mode. Re-import the GTM template to get TikTok Pixel tags.
  • Behavioral bot detection. Datacenter IP visitors are briefly observed before forwarding events. Real-browser activity (mouse/scroll, _fbp cookie, click IDs, Apple Private Relay, logged-in customers) graduates the visitor instantly; confirmed bots are dropped. Purchase events are never blocked.
  • Blocklist redesign. Pre-bundled ~9,500 cloud-provider CIDR ranges with daily auto-refresh. IPv4 + IPv6 support, O(log N) lookup via binary index seek. New Blocked Traffic admin tab with per-source toggle (bundled / auto-fetched / custom), paginated table, and one-click “Block this CIDR” on Event Log rows.
  • Funnel-chain recovery. Held pre-Purchase events are replayed on the next Purchase from the same visitor (PageView ViewContent AddToCart InitiateCheckout), so Meta sees the full attribution path instead of a lone Purchase.
  • Apple Private Relay whitelist. Daily-fetched egress IPs bypass the datacenter filter, preserving iOS shopper events.
  • CCPA / Limited Data Use toggle. Honors visitor opt-out via cookie or filter.
  • Synchronous / Asynchronous sending modes. Synchronous (3-second per-platform timeout) for shared hosts where cron is unreliable.
  • WP Dashboard widget. Queue health at a glance: size, oldest pending age, last successful dispatch, datacenter blocks today.
  • Per-platform retry. When Meta succeeds but Pinterest or TikTok transiently fails, only the failing platform is retried next cron tick.
  • Critical fix: queue processor no longer leaks rows when an event’s send_to targets a platform with no credentials configured. Previously such rows could accumulate indefinitely (tens of thousands over days). Now correctly dropped on the first cycle.
  • Security: REST endpoint requires an HMAC-rotated token with a 25-hour tolerance window covering HTML page caches. Checkout-funnel honeypot rejects empty-cart fake POSTs. IP hashes salted with wp_salt('auth') for GDPR/KVKK compliance. Proxy headers trusted only when REMOTE_ADDR is in a known proxy range.
  • Performance: chunked DELETE for log/queue cleanup. Composite B-tree index for binary blocklist seek. Negative cache on visitor lookups. REST rate limiter skipped on installs without a persistent object cache. Ad-click landing pages no longer force-create a WooCommerce session.
  • Plugin renamed to “CAPI Suite: Meta, Pinterest, TikTok, GTM”. Settings UI reorganized: Sending Method + Test Modes moved to Event Management tab.
  • GTM template updated to modern API schema with TikTok Pixel tags. Re-import required.

3.5.3

  • Fix: spurious AJAX add_to_cart events from WooCommerce sessionStorage fragment replay.
  • Fix: per-platform retry tracking — when one platform transiently fails, only the failing side retries.
  • New: Event Log captures User Agent, supports date-range filtering, and retention is configurable (1–90 days, default 15).
  • Hardening: third-party autoloader protection extended to all class_exists() calls.

3.5.2

  • Critical: GTM template re-import required. Full migration to modern GTM API schema (older templates rejected with “File format invalid” / “Unknown entity type” in fresh workspaces). Plugin runtime unchanged.

3.5.1

  • Critical hotfix: CMP detection helper triggered third-party autoloader fatals (CookieYes / Cookie Law Info). All detection class_exists() calls now pass false to suppress autoload.

3.5.0

  • Fix: GTM container template imports cleanly (was rejected with “Unrecognized value [customEvent]”).
  • New: Consent Mode v2 support, CMP auto-block exemption (CookieYes / Cookiebot / Complianz), and a CMP detection admin notice.
  • New: Strict server-side consent mode — strips hashed PII when consent denied; still ships event_id + non-PII context for dedup.
  • New: WooCommerce Subscriptions integration — Subscription Renewal Behavior + customer_status tagging keep Purchase ROAS clean for subscription stores.
  • Fix: _fbp / _fbc cookie domain strips leading www. to match Pixel JS.

3.4.2

  • Fix: GTM template adds two CJS variables converting GA4-schema dataLayer into the contents[] shape Meta Pixel and Pinterest Tag expect.
  • Fix: Pinterest event-name typos in manual setup; correct catalog content_ids parameter.

3.4.1

  • Fix: dataLayer items include item_id alongside id so GA4’s Items report no longer shows “(not set)” for products.

3.4.0

  • Fix: Event log timestamps stable across hosts with mismatched PHP/WordPress timezones (stored UTC, displayed via wp_date()).
  • Fix: GTM template no longer fails import with “Unrecognized value [EVENT]”.
  • New: bot/crawler UA filter before queue insert. Purchase events exempt. Filterable via mcapi_is_bot_request.
  • New: Action Scheduler used for recurring tasks when available — more reliable than WP-Cron on low-traffic sites.

3.3.0

  • New: REST API endpoint /wp-json/mcapi/v1/event for cache-safe browser tracking — no nonce needed (works behind 7-day page caches). Secured by same-origin, per-IP rate limit, body cap, event whitelist.
  • Improvement: reliable retries on transient API failures (5xx, 429, network).
  • Improvement: real client IP via CF-Connecting-IP / X-Forwarded-For / X-Real-IP (sites behind Cloudflare / LB no longer hit rate limits prematurely).
  • Improvement: Safari ITP bypass — _fbp / _fbc cookies rewritten server-side with 90-day TTL.
  • Improvement: phone numbers normalized to E.164 using billing country; external_id SHA-256 hashed; cron lock on queue processor; guest external_id is a cookie-backed UUID.

For older versions (3.2.x and below), see the SVN repository history at https://plugins.svn.wordpress.org/easy-meta-capi/tags/.

Meta

Graddau

5 out of 5 stars.

Your review

See all reviews

Cyfranwyr

Cefnogaeth

Issues resolved in last two months:

4 out of 5

Gweld y fforwm cefnogi