Title: LayerSync – Conversion Tracking, Pixel Manager, and Server-Side API
Author: Layersync Conversion Tracking
Published: May 15, 2026
Last modified: May 25, 2026
---
Search plugins
# LayerSync – Conversion Tracking, Pixel Manager, and Server-Side API
By [Layersync Conversion Tracking](https://profiles.wordpress.org/layersync/)
[Download](https://downloads.wordpress.org/plugin/layersync-conversion-tracking.1.24.0.zip)
* [Details](https://srd.wordpress.org/plugins/layersync-conversion-tracking/#description)
* [Reviews](https://srd.wordpress.org/plugins/layersync-conversion-tracking/#reviews)
* [Installation](https://srd.wordpress.org/plugins/layersync-conversion-tracking/#installation)
* [Development](https://srd.wordpress.org/plugins/layersync-conversion-tracking/#developers)
[Support](https://wordpress.org/support/plugin/layersync-conversion-tracking/)
## Description
#### Overview
LayerSync is server-side conversion tracking for WooCommerce. It captures ecommerce
events and forwards them through the LayerSync SaaS to nine ad and analytics platforms
via their server-side APIs — Meta (Conversions API), Google Analytics 4 (Measurement
Protocol), Google Ads (Enhanced Conversions), TikTok (Events API), Pinterest, Snapchat,
LinkedIn, Reddit, and X (Twitter).
Configuration lives in the LayerSync dashboard, so there’s no Google Tag Manager
server container, no custom tracking subdomain, no external hosting to manage. The
plugin handles WooCommerce; LayerSync handles per-platform delivery.
#### Why Server-Side Tracking
Browser pixels are increasingly blocked by ad-blockers and degraded by Safari/iOS
tracking-prevention. Sending the same events server-to-server restores conversion
data your ad platforms use to optimize. LayerSync ships WooCommerce events over
HMAC-signed HTTPS to the LayerSync hub, which calls each platform’s CAPI with a
shared `event_id` so browser and server halves are deduplicated automatically.
#### What’s Included
**Nine ad platforms, one plugin** — Meta CAPI, GA4 MP, Google Ads Enhanced Conversions,
TikTok Events API, Pinterest CAPI, Snapchat CAPI, LinkedIn CAPI, Reddit CAPI, X
CAPI. Browser pixels + server-side CAPI for all of them, with automatic deduplication.
**WooCommerce funnel coverage** — view item, add to cart, view cart, begin checkout,
add payment info, purchase, refund. HPOS-compatible. Triple-fallback purchase capture(`
payment_complete` + `checkout_order_processed` + `woocommerce_thankyou`) so custom
checkouts still fire.
**Lead-form auto-detect** — Contact Form 7, WPForms, Ninja Forms, Formidable Forms,
and WooCommerce checkout forms.
**Browser-side recovery engine** — save-first localStorage queue, priority-aware
overflow (purchases never dropped), cross-tab serialization, exponential backoff
with jitter, multi-day retention (up to 30 days for purchases), `sendBeacon` on
page exit.
**Privacy & compliance** — per-event consent snapshot, default-denied mode, CMP
integration via `window.LayerSync.setConsent()`, SHA-256 PII hashing, IP anonymization,
GDPR / UK ICO / CCPA-aware (Meta Limited Data Use, Do-Not-Sell drop mode).
**Operational visibility** (via the LayerSync hub) — real-time event status, per-
platform delivery success rates, anomaly detection, Slack/PagerDuty/email digest
alerts (paid plans).
#### Free vs Paid Plans
**Free** includes browser pixels for all 9 platforms, server-side CAPI to one platform
of your choice, 1 site, 1 team seat, 10,000 events/month, WooCommerce + lead-form
auto-tracking, event quality scoring, real-time event log.
**Paid plans** add: server-side CAPI to all 9 platforms, higher event quotas, multiple
sites, team seats, Slack/PagerDuty alerts, anomaly detection, audience builder,
ROI dashboard, user journeys, customer profiles, automatic conversion recovery,
custom event definitions, white-label (enterprise), custom ingest domain (enterprise).
[Compare Plans](https://layersynchub.com/pricing)
#### For Developers
LayerSync exposes a JavaScript API, a same-origin REST endpoint, and WordPress hooks
for custom event tracking.
**JavaScript API:**
```
window.LayerSync.track('lead', {email: 'user@example.com', value: 25.00, currency: 'USD'});
window.LayerSync.setConsent({ad_storage: 'granted', ad_user_data: 'granted'});
```
**REST endpoint** (same-origin, nonce-protected, survives ad-blockers and corporate
firewalls):
```
POST /wp-json/layersync/v1/events
```
**WordPress filter hooks:** `layersync_event_payload`, `layersync_event_before_enqueue`,`
layersync_event_after_delivery`, `layersync_consent`.
Full API documentation: [layersynchub.com/docs](https://layersynchub.com/docs).
#### Compatibility
Works alongside Cookiebot, CookieYes, OneTrust, Borlabs Cookie, Complianz, and any
CMP that supports a JS consent callback. Compatible with WP Rocket, LiteSpeed Cache,
W3 Total Cache, Cloudflare, and other major caching/CDN solutions.
#### Getting Started
1. Sign up at [layersynchub.com](https://layersynchub.com) and create your first site.
2. Install and activate LayerSync from the WordPress plugin directory.
3. Visit **LayerSync Settings** in wp-admin and paste your API key, API secret, and
Site ID.
4. Click **Test connection** — once green, configure your platforms (Meta Pixel ID,
GA4 Measurement ID, etc.) in the LayerSync dashboard.
5. Events start firing within seconds; check the **Live Events** tab to confirm.
### External services
This plugin connects to external third-party services to provide its functionality.
Below is a complete list of all external services, when they are called, what data
is transmitted, and links to their terms of service and privacy policies.
**LayerSync SaaS Hub (Always Active):**
* **Service:** LayerSync (https://layersynchub.com)
* **Purpose:** Receives every WooCommerce / form / page event from your site and
dispatches matching Conversions API calls to each connected ad platform. Stores
the order ledger for conversion recovery, the queue table for outage survivability,
and provides the configuration dashboard for your platforms.
* **What data is sent:** Event name, timestamp, hashed user data (email, phone,
name SHA-256), product/order data (SKU, value, currency, quantity), browser-side
context (page URL, referrer, user agent, IP — IP can be anonymized in settings),`
event_id` for deduplication, consent snapshot
* **When it’s sent:** When a tracked event occurs (page view, product view, add
to cart, purchase, refund, lead, etc.). Browser-side: sent via the same-origin
REST proxy. Server-side: sent from PHP via WordPress HTTP API.
* **Service provider:** LayerSync
* **Terms of Service:** https://layersynchub.com/terms
* **Privacy Policy:** https://layersynchub.com/privacy
**When You Enable Meta Pixel / Conversions API:**
* **Service:** Meta (Facebook) Graph API
* **Purpose:** Send conversion events to Meta for ad optimization
* **What data is sent:** Event name, timestamp, hashed user email/phone, click
ID (`fbclid` / `fbp` / `fbc`), product SKU, revenue, IP, user agent, Pixel ID
* **When it’s sent:** Automatically when a tracked event occurs and Meta is enabled
in your LayerSync dashboard
* **Service provider:** Meta Platforms, Inc.
* **Terms of Service:** https://www.facebook.com/legal/terms
* **Privacy Policy:** https://www.facebook.com/privacy/policy
**When Loading Meta Pixel Script (If Enabled):**
* **Service:** Facebook Connect CDN
* **Purpose:** Load fbevents.js for browser-side Meta Pixel
* **What data is sent:** Standard HTTP request data (IP, user agent, referrer)
* **When it’s sent:** On every page load when Meta browser tracking is enabled
* **Script URL:** https://connect.facebook.net/en_US/fbevents.js
**When You Enable Google Analytics 4 / Google Ads:**
* **Service:** Google Analytics 4 Measurement Protocol + Google Ads API
* **Purpose:** Send analytics + conversion events to Google for reporting and ad
optimization
* **What data is sent:** Event name, page URL, referrer, session ID, client ID,
IP, user agent, device info, hashed user data for Enhanced Conversions
* **Service provider:** Google LLC
* **Terms of Service:** https://marketingplatform.google.com/about/analytics/terms/
us/
* **Privacy Policy:** https://policies.google.com/privacy
**When Loading Google Tag Script (If Enabled):**
* **Service:** Google Tag Manager CDN
* **Purpose:** Load gtag.js for browser-side GA4 + Google Ads tracking
* **Script URL:** https://www.googletagmanager.com/gtag/js
**When You Enable TikTok Events API:**
* **Service:** TikTok Business API
* **Purpose:** Send conversion events to TikTok for ad optimization
* **Script URL (if browser pixel enabled):** https://analytics.tiktok.com/i18n/
pixel/events.js
* **Privacy Policy:** https://www.tiktok.com/legal/privacy-policy
**When You Enable Pinterest Conversions API:**
* **Service:** Pinterest Tag + Conversions API
* **Purpose:** Send conversion events to Pinterest for ad optimization
* **Script URL (if browser pixel enabled):** https://s.pinimg.com/ct/core.js
* **Privacy Policy:** https://policy.pinterest.com/en/privacy-policy
**When You Enable Snapchat Conversions API:**
* **Service:** Snap Pixel + Conversions API
* **Purpose:** Send conversion events to Snapchat for ad optimization
* **Script URL (if browser pixel enabled):** https://sc-static.net/scevent.min.
js
* **Privacy Policy:** https://snap.com/en-US/privacy/privacy-policy
**When You Enable LinkedIn Insight Tag + Conversions API:**
* **Service:** LinkedIn Marketing API
* **Purpose:** Send conversion events to LinkedIn for ad optimization
* **Script URL (if browser pixel enabled):** https://snap.licdn.com/li.lms-analytics/
insight.min.js
* **Privacy Policy:** https://www.linkedin.com/legal/privacy-policy
**When You Enable Reddit Pixel + Conversion API:**
* **Service:** Reddit Ads API
* **Purpose:** Send conversion events to Reddit for ad optimization
* **Script URL (if browser pixel enabled):** https://www.redditstatic.com/ads/pixel.
js
* **Privacy Policy:** https://www.reddit.com/policies/privacy-policy
**When You Enable X (Twitter) Pixel + Conversion API:**
* **Service:** X Ads API
* **Purpose:** Send conversion events to X for ad optimization
* **Script URL (if browser pixel enabled):** https://static.ads-twitter.com/uwt.
js
* **Privacy Policy:** https://x.com/en/privacy
**Important Notes:**
* **No automatic data sharing:** LayerSync does NOT send any data to ad platforms
unless you explicitly enable them in your LayerSync dashboard
* **Consent-aware:** LayerSync respects user consent state via the `window.LayerSync.
setConsent()` API and only fires browser pixels and server events after consent
is granted
* **You control the data:** You choose which platforms to enable, what events to
track, and what user data to include (emails, phones, etc.)
* **Required account:** This plugin requires a LayerSync account to operate. The
plugin alone does not function without API credentials from layersynchub.com.
### Privacy Policy
LayerSync sends the following data to the LayerSync SaaS hub (https://layersynchub.
com):
**Per-Event Data:**
* Event name (e.g. `purchase`, `add_to_cart`)
* Timestamp
* Page URL and referrer
* User agent
* IP address (configurable — can be anonymized)
* `event_id` for deduplication
* Visitor consent snapshot at the moment of the event
* LayerSync first-party visitor ID (`layersync_uid` cookie — UUIDv4, 2-year sliding
expiry)
**For E-Commerce Events:**
* Product SKU, title, category, image URL, price, currency, quantity
* Order ID, total, currency (for purchase / refund events)
**For Lead / Form Events:**
* Form ID, submission ID, field values you’ve configured as trackable
**Hashed User Data (when available, hashed BEFORE leaving your server):**
* Email (SHA-256)
* Phone (SHA-256)
* First name (SHA-256)
* Last name (SHA-256)
* City, state, zip, country (SHA-256)
LayerSync hashes PII server-side before forwarding to any ad platform.
**External Data Sharing (Only When You Enable Each Platform):**
Per-platform data forwarding is documented in the **External services** section
above. No data is sent to any ad platform unless you explicitly enable it in your
LayerSync dashboard.
**Privacy Controls:**
* **IP Anonymization:** Available in Settings Privacy.
* **Consent Integration:** Respects `window.LayerSync.setConsent({...})` for Cookiebot,
CookieYes, OneTrust, Borlabs Cookie, Complianz, and custom consent managers.
* **Default-denied mode:** Treats all visitors as consent-denied until a CMP signals
otherwise — suitable for EU/UK traffic.
* **Right to delete:** Send a `POST /api/v1/privacy/delete` request to LayerSync
with the visitor’s `external_id` (or hashed email / phone) and all matching events,
audit rows, customer profile entries, landing signals, and delivery records are
removed.
**Your Responsibilities:**
* Disclose LayerSync’s data flow in your site’s privacy policy
* Obtain user consent before tracking, where required by law
* Configure data retention and privacy settings appropriately
* Honor user data-deletion requests via the LayerSync privacy API
### Support
* [Documentation](https://layersynchub.com/docs)
* [Support](https://wordpress.org/support/plugin/layersync-conversion-tracking)
* [Contact us](https://layersynchub.com/contact)
### Trademarks & Third-Party Services
LayerSync integrates with various third-party analytics and advertising platforms.
All trademarks, service marks, and company names mentioned in this plugin are the
property of their respective owners.
**Third-Party Platforms:**
* Meta, Facebook, Instagram, and Facebook Pixel are trademarks of Meta Platforms,
Inc.
* Google, Google Analytics, Google Ads, and GA4 are trademarks of Google LLC.
* TikTok is a trademark of ByteDance Ltd.
* Pinterest is a trademark of Pinterest, Inc.
* Snapchat is a trademark of Snap Inc.
* LinkedIn is a trademark of Microsoft Corporation.
* X (Twitter) is a trademark of X Corp.
* Reddit is a trademark of Reddit, Inc.
* WooCommerce is a trademark of Automattic, Inc.
**Integration Requirements:**
* Users must have active accounts with third-party platforms to use their respective
features
* API access requires platform-specific credentials and compliance with their terms
of service
* Data transmission follows each platform’s API specifications and privacy policies
* Users are responsible for compliance with each platform’s terms of service
LayerSync is an independent plugin and SaaS, and is not officially affiliated with,
endorsed by, or sponsored by any of the companies mentioned above. All product names,
logos, brands, and trademarks are property of their respective owners.
**Data Privacy:** LayerSync forwards event data to enabled ad platforms only with
user consent. No data is transmitted to any third party unless explicitly configured
by the site administrator.
## Installation
#### From WordPress Admin
1. Go to **Plugins Add New**
2. Search for **“LayerSync”**
3. Click **Install Now**, then **Activate**
#### Manual Upload
1. Download the ZIP from WordPress.org
2. Go to **Plugins Add New Upload Plugin**
3. Upload the ZIP, install, and activate
#### After Activation
1. Sign up at [layersynchub.com](https://layersynchub.com) if you haven’t already
2. Create a site in your LayerSync dashboard and copy your API key, API secret, and
Site ID
3. Go to **LayerSync Settings** in wp-admin
4. Paste your credentials and click **Test connection**
5. Once green, configure your ad platforms (Meta Pixel ID, GA4 Measurement ID, etc.)
in your LayerSync dashboard
6. Events start firing automatically; verify in the **Live Events** tab
WooCommerce is recommended but not required — without WC, the plugin runs in pixel-
only mode (no add-to-cart / purchase hooks, but browser pixels still fire and lead-
form tracking works).
## FAQ
### How does LayerSync improve ROAS and lower CPA?
When browser-side pixels miss conversions (due to iOS 14+, ad blockers, or cookie
restrictions), ad platforms optimize on incomplete data and your cost-per-acquisition
rises. LayerSync fixes this by sending conversion events **server-to-server** to
every connected platform via their respective Conversions API. Browser and server
events are deduplicated automatically using a shared `event_id`, so platforms see
more of your real conversions without double-counting. More complete data means
better optimization and improved Return on Ad Spend.
### How do I set up Meta Pixel with server-side tracking?
1. Install and activate LayerSync
2. Sign up at [layersynchub.com](https://layersynchub.com) and create your site
3. In your LayerSync dashboard, go to **Platforms Meta** and paste your Pixel ID
+ Conversions API Access Token (both from Meta Events Manager)
4. Save and click **Test Connection**
LayerSync automatically fires both the browser Meta Pixel and Meta Conversions API
events server-to-server. They’re deduplicated using a shared `event_id`. User data(
email, phone, name, address) is SHA-256 hashed and sent as Advanced Matching parameters
for maximum Event Match Quality (EMQ). No Google Tag Manager server container required.
### What is server-side tracking and why do I need it?
Server-side tracking sends conversion events directly from your server to ad platforms—
instead of relying only on browser JavaScript pixels. This matters because:
* **Ad blockers** block ~40% of browser tracking pixels
* **iOS 14+ App Tracking Transparency** reduced Meta Pixel reported conversions
by 30–40%
* **Safari ITP** limits first-party cookies to 7 days, causing session data loss
* **Browser privacy features** increasingly restrict third-party tracking
With server-side tracking, your conversion data bypasses all browser restrictions.
Ad platforms see your real sales, optimize better, and your ROAS improves.
### Do I need a LayerSync account?
Yes. This plugin connects WordPress to the LayerSync SaaS, which performs the actual
server-to-server dispatch to each ad platform. The LayerSync account is what configures
which platforms are enabled, stores your API credentials encrypted, and runs the
queue + recovery worker. A free plan is available.
### How many ad platforms does LayerSync support?
Nine: Meta (Facebook & Instagram), Google Ads, Google Analytics 4, TikTok, Pinterest,
Snapchat, LinkedIn, Reddit, and X (Twitter). All nine are server-side, all nine
are available on paid plans. The free plan supports browser pixels for all 9 and
server-side CAPI for one of your choice.
### Does LayerSync work with WooCommerce?
Yes. LayerSync automatically tracks the full WooCommerce funnel: product view add
to cart view cart begin checkout add payment info purchase refund. Order metadata(
value, SKU, currency, quantity, category) is captured automatically. HPOS-compatible.
Triple-fallback purchase hook (payment_complete + checkout_processed + thankyou)
ensures no transaction is missed.
### What about Easy Digital Downloads, SureCart, MemberPress?
The current release covers WooCommerce and any custom integration via the JavaScript/
REST APIs. Support for additional ecommerce platforms is on the roadmap.
### Does LayerSync slow down my website?
No. The browser tracking script loads asynchronously (non-blocking), events are
batched server-side, the same-origin REST proxy is lightweight, and the plugin uses
indexed database tables. Compatible with WP Rocket, LiteSpeed Cache, W3 Total Cache,
Cloudflare, and other caching/CDN solutions. The browser-side recovery queue uses
localStorage with strict size limits — no measurable impact on page load.
### Does LayerSync work with High-Performance Order Storage (HPOS)?
Yes. LayerSync is fully compatible with WooCommerce HPOS. WC order data is read
via the standard `wc_get_order()` API which abstracts over both storage modes.
### Is LayerSync GDPR and CCPA compliant?
Yes. The plugin captures per-event consent state and respects it during retries.
There’s an admin toggle for “default to denied until consent” suitable for EU/UK
traffic. CMPs integrate via `window.LayerSync.setConsent({ad_storage: 'granted',
ad_user_data: 'granted', ad_personalization: 'granted'})`. PII (email, phone, name,
address) is SHA-256 hashed server-side before any platform handoff. IP anonymization
is supported.
### Does LayerSync support Google Consent Mode v2?
Yes — via the `setConsent()` API. Pass the v2 fields (`ad_user_data`, `ad_personalization`)
and LayerSync forwards them to Google’s gtag in the correct shape.
### Does LayerSync support Meta Limited Data Use (LDU) for California traffic?
Yes. The Privacy tab has an LDU toggle. When enabled, every Meta server event ships
with `data_processing_options: ['LDU']` so California-resident traffic is CCPA-compliant.
### What happens if LayerSync’s SaaS goes down?
Browser pixels keep firing directly to ad platforms (they’re independent of the
LayerSync hub). Server-side events queue in your WordPress database for up to 30
days for critical events (purchases, refunds), 7 days for high-value funnel events(
add-to-cart, begin-checkout, lead), and shorter windows for behavioral events. When
LayerSync recovers, the queue drains automatically without intervention.
### Can I track custom events?
Yes. Use the JavaScript API:
```
window.LayerSync.track('button_click', {button_name: 'Download PDF', value: 0});
```
Or the REST endpoint from your own PHP code:
```
POST /wp-json/layersync/v1/events
```
Custom event definitions per site (with per-platform name mapping) are available
on paid plans.
### Can I export my data?
Yes. Every report in the LayerSync dashboard has a CSV export. You can also pull
data programmatically via the REST API on paid plans.
### Does LayerSync replace my existing pixel plugins?
Yes. The plugin loads each platform’s pixel SDK directly from the platform CDN with
hashed Advanced Matching set at init time. You can disable any other Meta/Google/
TikTok pixel plugins. Don’t run two plugins that load the same pixel — both will
fire, doubling your conversion counts.
### Can I use LayerSync on client sites / agency white-label?
Yes. The free WordPress plugin can be installed on unlimited sites. Each site connects
to one LayerSync account. Agencies running multiple client stores use the Growth
or Enterprise tiers, which include white-label branding, custom ingest domain, and
multi-site management from a single dashboard.
### What’s the difference between Free and Paid plans?
**Free** includes: browser pixels for all 9 platforms, server-side CAPI to one platform
of your choice, 1 site, 1 team seat, 10K events/month, WooCommerce + lead-form auto-
tracking, event quality scoring, real-time event log.
**Paid plans** add: server-side CAPI to all 9 platforms, higher event quotas, multiple
sites, team seats, Slack/PagerDuty alerts, anomaly detection, audience builder,
ROI dashboard, user journeys, customer profiles, automatic conversion recovery,
custom event definitions, white-label (enterprise), custom ingest domain (enterprise).
[Compare Plans](https://layersynchub.com/pricing)
## Reviews
### [Reliable conversion tracking setup for WooCommerce](https://wordpress.org/support/topic/reliable-conversion-tracking-setup-for-woocommerce/)
[askpluskwt](https://profiles.wordpress.org/askpluskwt/) May 15, 2026
LayerSync helped us improve our WooCommerce conversion tracking setup by making
key ecommerce events more consistent across browser and server-side tracking. The
plugin is useful for stores that rely on Meta, Google, TikTok, and other ad platforms
because it focuses on cleaner event data, deduplication, and API-based delivery
instead of only basic pixel installation. The setup was clear, and the product direction
is very strong. More platform-specific guides would make it even better, but overall
LayerSync is a valuable plugin for ecommerce tracking and attribution.
[ Read all 1 review ](https://wordpress.org/support/plugin/layersync-conversion-tracking/reviews/)
## Contributors & Developers
“LayerSync – Conversion Tracking, Pixel Manager, and Server-Side API” is open source
software. The following people have contributed to this plugin.
Contributors
* [ Layersync Conversion Tracking ](https://profiles.wordpress.org/layersync/)
[Translate “LayerSync – Conversion Tracking, Pixel Manager, and Server-Side API” into your language.](https://translate.wordpress.org/projects/wp-plugins/layersync-conversion-tracking)
### Interested in development?
[Browse the code](https://plugins.trac.wordpress.org/browser/layersync-conversion-tracking/),
check out the [SVN repository](https://plugins.svn.wordpress.org/layersync-conversion-tracking/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/layersync-conversion-tracking/)
by [RSS](https://plugins.trac.wordpress.org/log/layersync-conversion-tracking/?limit=100&mode=stop_on_copy&format=rss).
## Changelog
#### 1.24.0
* Admin information architecture rewrite. The single tabbed page is replaced by
11 native WordPress submenus under the LayerSync sidebar entry — Overview, Setup,
Platforms, Events & Quality, Campaign Truth, Recovery & Revenue, Audiences &
Identity, Leads & Forms, Scripts & Integrations, Diagnostics & Logs, and Settings.
Every existing `?tab=` URL 301-redirects to its new location with a one-shot “
We moved this page” notice; bookmarks keep working.
* Action Scheduler queue dispatch with dead-letter status, manual replay controls,
configurable retention (default 30 days), and full audit log of every queue state
transition. Replaces the prior WP-Cron loop without changing the deterministic`
event_id` formula or browser/server pairing guarantees.
* Microsoft Advertising (Bing UET) support — UET browser events for view_item /
add_to_cart / begin_checkout / purchase / lead / sign_up, `msclkid` capture,
SHA-256 enhanced-conversions field hashing, consent-gated dispatch.
* Google Analytics 4 Data API reconciliation. Compares WooCommerce orders, LayerSync
queue rows, and GA4 purchases and classifies each into match / missing in GA4/
duplicate in GA4 / value mismatch buckets, configurable lag window default 48h.
* WP Consent API bridge with auto-detection for 7 popular CMPs (Complianz, Cookiebot,
CookieYes, Borlabs, iubenda, OneTrust, Moove). Resolved Consent Mode v2 state
rides every event and gates server-side dispatch + PII stripping.
* Form-submission lead tracking added for Gravity Forms, Fluent Forms, and Elementor
Forms (in addition to the existing CF7 / WPForms / Ninja / Formidable support).
* Identity Quality scoring with per-platform weighted identifier tables for 10
ad platforms.
* Bot detection scoring with 7 reason codes (datacenter IP, Apple Private Relay,
bad user-agent, velocity spike, no-JS, impossible journey, repeated event_id),
merchant safe-list, and reporting that excludes bot traffic from ad-platform
dispatch.
* Historical backfill worker with 30 / 90 / 180 / 365-day windows, dry-run mode,
and Action Scheduler-batched processing.
* Safe External Scripts manager — page targeting (all / product / category / cart/
checkout / thank-you / custom), consent targeting, trigger rules, and 7 hard-
blocked dangerous patterns (eval, new Function, document.write, innerHTML=, document.
cookie, LayerSync REST URLs, `layersync_` identifiers).
* Signal Doctor — per-event weak-match diagnosis with actionable fix copy per ad
platform.
* Platform Overclaim Shield — multi-platform claim-conflict detection on the same
order with evidence-based confidence scoring.
* Consent-Recovery Graph — every conversion classified into 7 buckets (browser/
server matched, server-only recovered, consent limited, bot excluded, failed
then retried, missing identity, platform rejected).
* Accessibility — WAI-ARIA tablist on every sub-tab nav, skip-to-main-content link,
breadcrumbs with `aria-current="page"`, status badges wrapped in `role="status"`,
and visible `:focus-visible` outlines across every interactive element.
* No schema migrations introduced. 33 new PHPUnit tests added; full suite 719 tests/
0 failures.
#### 1.22.1
* Fixed popup tracking events (popup_impression, popup_visible, popup_cta_click,
etc.) returning HTTP 403 for logged-in users. Root cause: WordPress’s REST API
processes requests without X-WP-Nonce as user ID 0, but the nonce was being created
with the logged-in user’s ID — causing wp_verify_nonce to fail on the server.
The public event proxy nonce is now always created with user ID 0 context, matching
the REST verification context for all visitor types.
#### 1.22.0
* Added lightweight browser-side bot probe to every browser event payload. Collects
passive signals (webdriver flag, pointer/scroll/keyboard interaction, screen
size, timezone, page-time) using one-shot passive event listeners — no fingerprinting,
no impact on page load. The probe is stripped from all outbound platform payloads
and used only by the LayerSync server-side bot classifier to more accurately
distinguish real visitors from automated traffic.
#### 1.21.0
* Improved GA4 ecommerce tracking accuracy across WooCommerce stores.
* Added global initial page_view coverage before contextual ecommerce events.
* Fixed home page tracking to avoid invalid GA4 view_item events.
* Improved purchase payloads so value excludes tax and shipping while sending tax,
shipping, currency, transaction_id, and items separately.
* Added valid view_item_list item payloads for shop and category pages.
* Added remove_from_cart tracking improvements for classic WooCommerce and BeTheme
cart flows.
* Added duplicate guards for add_payment_info and add_shipping_info.
* Added item_category coverage across key ecommerce events.
* Added refund item enrichment.
* Added form_start, form_submit, and generate_lead tracking with AJAX form support
for supported form plugins.
* Improved select_item payloads with item_category, item_list_id, item_list_name,
and index.
* Added X (Twitter) browser pixel and Conversion API support: UWT pixel with Conversion
Event ID resolution, server-side CAPI delivery for purchase, add_to_cart, and
begin_checkout, consent-aware identity (twclid / hashed email / hashed phone),
and referrer-based attribution for t.co / twitter.com / x.com traffic.
* Fixed X pixel events not firing after initial page load due to an incorrect event-
forwarding reference in the deduplication wrapper.
* Fixed X page_view custom conversion not registering in X Events Manager — the
pixel auto-fires PageView from twq(‘config’), so an explicit conversion event
for page_view caused X deduplication to suppress the custom conversion.
* Fixed Snapchat uuid_c1 (_scid first-party cookie) not reaching the Snap pixel
on anonymous visits or when ad_user_data consent was denied separately from ad_storage.
The cookie ID is now forwarded independently, gated only on ad_storage.
#### 1.20.3
* Fixed popups targeting the Home page or Blog never showing: the popup runtime
now normalizes the pixel’s page-type names (home, post, archive) to the popup
builder’s vocabulary (homepage, blog).
#### 1.20.2
* Security hardening and release-readiness improvements.
* Added uninstall cleanup for LayerSync plugin data and scheduled hooks.
* Improved consent-safe runtime behavior.
* Improved queue retry reliability and UTC-safe scheduling.
* Improved catalog sync completion handling.
* Improved WordPress.org readiness checks.
#### 1.20.1
* GA4 campaign attribution: the plugin now forwards first-party campaign context
to GA4 — source / medium / campaign plus first-touch, last-touch and last-paid-
touch, returning-visitor and touch-count signals — as `ls_*` parameters and GA4’
s native campaign fields. Google Ads auto-tagging is respected (native fields
are suppressed when a Google click ID is present).
* Original landing URL lock: the true first landing URL is captured at the earliest
point in the page, before redirects or SPA navigation can overwrite it, so first-
touch attribution stays accurate.
* Privacy hardening: landing URLs and referrers are sanitized to strip PII and
WooCommerce order keys / checkout tokens before they reach GA4 or LayerSync,
while UTMs and ad click IDs are preserved.
* Test traffic is flagged (`ls_test`) so internal/QA visits can be excluded from
reporting.
* Meta Pixel payloads now omit non-product `content_type` values for homepage ViewContent
and click-to-contact events, avoiding Meta’s invalid parameter warning while
preserving `content_name`.
#### 1.20.0
* GA4 Direct Browser Mode: choose how GA4 events reach Google — Direct (LayerSync
fires gtag itself, no GTM needed), GTM / dataLayer only, or Measurement Protocol
only. Set per site on the Platforms page. Existing installs default to Direct,
preserving current behavior.
* Controlled page_view: in Direct mode the plugin emits `gtag('config', …, { send_page_view:
false })` and fires a single page_view with full params (page_location, page_referrer,
page_title, page_path, page_type, content_group, language, engagement_time_msec),
plus SPA support for history-based navigation.
* Full GA4 funnel coverage from the browser: select_item, view_cart, remove_from_cart,
add_shipping_info, add_payment_info, view_promotion, select_promotion, login,
and sign_up now fire alongside the existing commerce events.
* GA4 session capture: reads the `_ga_` session cookie (both the legacy GS1
and current GS2 formats) on the browser AND server side, so events attach to
the correct GA4 session. A short best-effort wait on high-value events (purchase,
sign_up, login, lead) improves session attribution without delaying normal page
traffic.
* Consent Mode: per-site Strict (denied-by-default until the CMP grants) or Standard(
defers to your existing consent setup). Enhanced Conversions / GA4 user-provided
data are now explicit, off-by-default opt-ins and only attach to conversion events.
* GA4 User-ID is restricted to signed-in WordPress users only.
* New diagnostics in the Live Events drawer: missing/invalid client_id, missing/
invalid session_id, missing transaction_id on purchase, missing currency when
value is set, items missing id and name, browser+GTM duplicate-source risk, and
consent-denied.
* Google Ads, LinkedIn, and X delivery paths are code-validated locally with unit
tests but still require live staging credential validation before public enablement.
#### 1.19.0
* New popup builder runtime: targets your existing LayerSync audiences, renders
inside Shadow DOM so the merchant’s theme can’t break it, evaluates audience
+ trigger + frequency + consent locally per visit. Supports modal, slide-corner,
and bar layouts with per-device (desktop / tablet / mobile) position overrides.
* Live cart-items block: pulls the visitor’s current WooCommerce cart via the Store
API and renders the actual products (image, name, qty, line price, subtotal)
inside the popup. Empty carts auto-suppress the popup so you never reminder a
customer who already checked out.
* WhatsApp CTA: when a popup CTA is set to the WhatsApp action, the runtime opens`
wa.me/` with a pre-composed message built from the popup heading + the
visitor’s live cart contents, so they arrive on WhatsApp with a ready-to-send
order summary.
* Popup tracking: every popup interaction (impression, visible, CTA click, submit,
close reason, conversion) fires through the existing WP-proxy endpoint into LayerSync
events — same pipeline as commerce events, so popups show up in Live Events,
ROI Insights, and audience targeting with no extra setup.
#### 1.18.2
* One-time backfill: marks every order whose server purchase event was already
delivered as “pixel-rendered” so 1.18.1’s once-per-order guard takes effect immediately
on legacy orders. Without this, each pre-1.18.1 order would cost one stray browser
purchase fire on its first thank-you-page revisit before the guard kicked in.
Runs asynchronously via WP-Cron in batches of 200 so admin page loads stay snappy
on stores with thousands of orders.
#### 1.18.1
* Fixed duplicate purchase events fired by the browser pixel on order-received
page revisits. The thank-you page URL is permanent — customers bookmark it, merchants
revisit to test, and WC’s payment redirect can reload it — so without a guard,
every revisit re-fired the same purchase event_id, inflating dashboard funnel
and revenue numbers. The pixel now sets a `_layersync_purchase_pixel_rendered`
order meta on first render and silently skips on subsequent visits, mirroring
the existing server-side `_layersync_purchase_sent` guard.
#### 1.18.0
* Homepage now fires a `view_content` event in addition to `page_view`, so Meta
and TikTok have an explicit top-of-funnel signal for cold-start audience optimization.
* Click-to-contact CTAs are auto-tracked: clicks on `tel:`, `sms:`, `mailto:`,
WhatsApp (`wa.me`, `api.whatsapp.com`), and Messenger links fire a `contact`
event mapped to Meta `Contact` and TikTok `Contact`. Captures intent signals
from off-site CTAs without any merchant setup.
* Pixel `firePixelEvent` now passes `content_name` through to Meta and TikTok for
non-product events so Pixel Helper and attribution dashboards label them meaningfully;
Meta `content_type` is reserved for product/product_group payloads.
#### 1.17.0
* Renamed plugin to better describe what it does: “LayerSync for WooCommerce –
Conversion Tracking, Server-Side API, Pixel Manager, GA4”.
* Hardened the public events endpoint: same-origin nonce check, per-IP rate limit,
body-size cap, and a block on `purchase` / `refund` events (those flow only through
the WooCommerce server hook now).
* Refactored every inline `