Rich Statistics gives you deep insight into traffic, audience, and behavior β all without IP tracking, without cookies, and without sending a single byte to a third-party server.
A complete analytics suite built into your WordPress dashboard β no external services, no monthly SaaS fees.
Live visitor counts, page views, and session activity β refreshed every 30 seconds via the WordPress REST API.
17 combined signals (10 JavaScript + 7 server-side) score each request without ever reading an IP address. Bots are filtered before their visit is ever written to the database.
Overlay real click coordinates on any page to see exactly where visitors tap and click. No screenshot required.
PremiumUnderstand how far visitors scroll on each page and which content gets the most attention.
PremiumBrowser, operating system, screen resolution, and language breakdowns β derived from request headers, never from fingerprinting.
See which sites and campaigns drive traffic. Referrers are stripped to domain-only before storage so no personal data leaks in via URL.
Scheduled weekly or monthly digests sent to any address. Includes top pages, traffic summary, and period-over-period comparison.
PremiumRun wp rsa overview, wp rsa pages, and wp rsa prune from the command line. Perfect for scripts and automated reports.
Every metric is available via a clean JSON REST API. Build custom dashboards or integrate analytics into your own tools.
Network-activate and manage tracking globally across an entire WordPress multisite network from one screen.
Install the analytics dashboard as a Progressive Web App on any device for quick offline-capable access to your stats.
PremiumSet automatic data pruning (30, 90, 180, 365 days) so your database never grows unbounded. Or disable pruning and keep everything forever.
Privacy-first is not a marketing claim. Here's exactly what the code does β and doesn't β do.
A random UUID is created in sessionStorage and used only to deduplicate rapid repeat pageviews within a single tab session. It dies when the tab closes, is never sent to a third party, and is never stored in a database column that could be queried to reconstruct a user's journey across sessions.
The JavaScript layer measures browser capabilities (does navigator.webdriver exist? did the page load in under 50ms?) and sends a compact bitmask β not raw values, not a fingerprint. The PHP layer checks only two HTTP request headers (Accept-Language, Accept) and the User-Agent string. REMOTE_ADDR is never read or passed.
Before a page URL is stored, it is scrubbed server-side. Any query parameter longer than 40 characters or resembling an email address is stripped. This prevents accidental storage of password-reset tokens, user IDs, or email addresses that sometimes appear in URLs.
Referrer URLs are reduced to domain-only before storage. The path and query string β which can contain user-identifying tokens from the referring site β are discarded immediately and never written to the database.
Operating system and browser are parsed from the User-Agent string. Screen resolution is reported directly by the browser. These are aggregated counters β no row in any table links a device spec back to a specific visit or session.
Click and scroll coordinates are stored as (page, x_pct, y_pct, element) tuples where x and y are percentage positions on the page. There is no timestamp, session ID, or any field that could link a click to a particular visitor.
grep -rn "REMOTE_ADDR\|setcookie\|_COOKIE" includes/ assets/ on the source and you'll get zero matches.
View source on GitHub β
The core plugin is free and open source forever. Premium adds power-user features for publishers who need more.
Search "Rich Statistics" in your WordPress plugin directory, or install via WP-CLI:
wp plugin install rich-statistics --activateNavigate to Analytics β Overview in your WordPress admin. The tracker begins collecting data immediately β no configuration required.
Go to Analytics β Data Settings to choose how long data is kept, configure bot score threshold, and manage historic data pruning.