Title: SysRadar
Author: SysWP
Published: <strong>May 15, 2026</strong>
Last modified: May 16, 2026

---

Search plugins

![](https://ps.w.org/syswp-radar/assets/banner-772x250.png?rev=3533957)

![](https://ps.w.org/syswp-radar/assets/icon.svg?rev=3533957)

# SysRadar

 By [SysWP](https://profiles.wordpress.org/aporcebr/)

[Download](https://downloads.wordpress.org/plugin/syswp-radar.1.1.1.zip)

 * [Details](https://test.wordpress.org/plugins/syswp-radar/#description)
 * [Reviews](https://test.wordpress.org/plugins/syswp-radar/#reviews)
 *  [Installation](https://test.wordpress.org/plugins/syswp-radar/#installation)
 * [Development](https://test.wordpress.org/plugins/syswp-radar/#developers)

 [Support](https://wordpress.org/support/plugin/syswp-radar/)

## Description

SysRadar is a **server-side, privacy-first** alternative to Google Analytics and
Plausible — built in Brazil, hosted in Brazil, fully LGPD/GDPR-compliant.

Unlike GA4 (which requires cookies and complicated LGPD setup) and Plausible (which
only sees human visitors with JavaScript enabled), SysRadar captures **100% of real
requests** to your server: humans, AI bots (ClaudeBot, GPTBot, PerplexityBot), SEO
crawlers (Ahrefs, Semrush), attackers (sqlmap, nuclei, wpscan), RSS readers, uptime
monitors — all categorized in real time.

#### Why this matters in 2026

 * **30 to 60% of your traffic** is bots. You never knew — because GA4 and Plausible
   filter bots automatically. But it’s your server serving those bots, your bandwidth,
   your cost.
 * **AI crawlers** (Claude, GPT, Perplexity) are indexing your content right now.
   If you don’t know what they are reading, you can’t optimize. The first sites 
   to appear in AI answers will win the next decade of SEO.
 * **Attackers** are continuously scanning `/wp-admin/`, `/xmlrpc.php`, `/.env`.
   Wordfence Free does not block them. Cloudflare lets them through. You don’t even
   know they exist.
 * **Web Vitals** (LCP, CLS, INP) — Google ranks search results by them. Lighthouse
   on your machine ≠ real user. SysRadar measures with **RUM (Real User Monitoring)
   data**.

#### What the plugin does

 1. **Injects the tracker** (one line of JS, ~2KB minified, async) into the `<head>`
    of all front-end pages via the `wp_head` hook
 2. **Auto-detects** WooCommerce, Elementor, Yoast SEO, Rank Math, Contact Form 7, 
    BuddyPress, LearnDash, bbPress, All-in-One SEO
 3. **Auto-excludes:** admin pages, AJAX, REST API, cron jobs, and logged-in users 
    with edit-posts capability (admins/editors)
 4. **Honors** `DNT: 1` (Do Not Track) optionally
 5. **Compatible** with cache plugins (WP Rocket, W3 Total Cache, LiteSpeed Cache, 
    Cloudflare APO)
 6. **Custom domain support** (Pro+ plan): use `analytics.yoursite.com` to bypass aggressive
    ad-blockers
 7. **Zero queries** to the WordPress database (settings stored in `wp_options`)

#### Who is it for

 * **Bloggers and content creators** — discover which AI crawlers are indexing your
   content (ChatGPT, Claude, Perplexity)
 * **E-commerce (WooCommerce)** — real channel attribution, price-scraper detection,
   per-product Web Vitals
 * **Agencies** — manage analytics for multiple client sites in a single dashboard(
   Agency plan)
 * **Developers** — Web Vitals degradation alerts, automatic JS error capture, REST
   API access

#### Privacy & compliance

 * **IP anonymization runs in the plugin, before transmission** — last octet zeroed(
   IPv4) / last 80 bits zeroed (IPv6) inside your WordPress install, so SysRadar
   never receives identifiable IP addresses
 * First-party cookies only (`_rdid`, `_rds`) — no cross-site tracking, no fingerprinting.
   Cookieless mode is available as a one-click toggle
 * Split tracking toggles (since v1.1.1) — disable the front-end pixel and the server-
   side beacon independently
 * GDPR/LGPD-friendly: no data brokers, no impression auctions, no persona-building
 * Optional Honor DNT (Do Not Track) support
 * Servers located in Brazil; data processed under LGPD
 * No dependency on Google, Facebook, or any ad-tech vendor

#### Privacy policy snippet for site owners

You are the data controller for visitors of your site. The paragraph below is a 
starting point you can paste (and adapt) into your own privacy policy when this 
plugin is active. Replace the example placeholders with your specifics.

> **Analytics — SysRadar.** We use SysRadar (operated by SysWP, Brazil) for privacy-
> first server-side analytics. SysRadar receives the page URL you visit, the referrer
> URL, your user-agent, anonymized IP (last octet zeroed before it leaves our server),
> Web Vitals metrics (LCP / FCP / TTFB / CLS / INP), and security telemetry on suspicious
> requests. SysRadar never sets third-party cookies and is configured here in [cookieless
> mode / standard mode]. We process this data under [legitimate interest in security
> monitoring / your consent for analytics], depending on the feature. SysRadar privacy
> policy: https://radar.syswp.com.br/privacy/. To exercise your LGPD/GDPR rights,
> contact us at [your email].

If you enable cookieless mode in the plugin settings, the `_rdid` and `_rds` first-
party cookies are not set and you typically do not need a cookie consent banner 
for SysRadar.

#### Data subject rights walkthrough

Under LGPD (Brazil) Art. 18 and GDPR (EU) Art. 15–17, your visitors can request 
access to, correction of, deletion of, and portability of their personal data. Because
SysRadar minimizes data at source (anonymized IPs, no names, no emails, no persistent
cross-site identifier), most data subject requests are quick to answer:

 * **Access:** show the visitor the categories of data collected — see the table
   in the plugin’s Settings  SysRadar page and the SysRadar privacy policy at https://
   radar.syswp.com.br/privacy/.
 * **Correction:** SysRadar does not collect identifiable data that can be “corrected”
   in the LGPD/GDPR sense. If a visitor still requests correction, document the 
   request and respond confirming the data is anonymized.
 * **Deletion:** events are automatically purged after your plan retention window(
   7 to 180 days). For earlier deletion of events tied to a specific anonymized 
   IP, the site owner can email contato@syswp.com.br with the timeframe and the 
   IP prefix.
 * **Portability:** the site owner can export all events for their site via the 
   dashboard  Account  Export Data.
 * **Objection / withdrawal of consent:** if the visitor enabled DNT in their browser
   and you have “Honor DNT” turned on in the plugin, they are automatically not 
   tracked. They can also block first-party cookies in their browser.

#### Pricing

Free permanent plan with 1 site. Automatic 7-day Pro trial on signup (no credit 
card). Full pricing and plan details at https://radar.syswp.com.br/pricing.

### Roadmap

#### v1.2 (Q3 2026)

 * Mini-dashboard in WP admin showing last 24h numbers
 * Web Vitals widget in the WP admin

#### v1.3 (Q3 2026)

 * Auto-detection of SysWP ecosystem siblings + single sign-on via SSO HMAC
 * Integration with SysRadar API to fetch config remotely

#### v1.4 (Q4 2026)

 * Server-side events (S2S) — captures even with the most aggressive ad-blockers
 * Block AI crawlers directly from the plugin (optional)

### External services

This plugin connects to the SysRadar service at https://radar.syswp.com.br. There
are two distinct outbound transmissions, both fully disclosed below.

#### (1) Front-end JS pixel

 * **When it fires:** on every front-end page view from a non-excluded visitor (
   admins are excluded by default; logged-in users with edit-posts capability are
   skipped).
 * **Transport:** an async `<script>` tag loaded from `https://radar.syswp.com.br/
   p/{site_id}.js` runs in the visitor’s browser and sends measurement events back
   to the same domain.
 * **Data sent:** anonymized IP (last octet zeroed in your server before the script
   even runs, as the pixel is keyed to your site), page URL, referrer URL, user-
   agent string, browser locale and timezone, Web Vitals metrics (LCP, FCP, TTFB,
   CLS, INP).
 * **Cookies set:** `_rdid` and `_rds` first-party cookies — unless cookieless mode
   is enabled in the plugin settings, in which case no cookies are set.
 * **Legal basis:** consent (cookie + analytics) or legitimate interest depending
   on your jurisdiction. See the “Privacy & compliance” section above.

#### (2) Server-side beacon (new in v1.1.0+)

 * **When it fires:** only for requests the JS pixel cannot see — unauthenticated
   requests to `/wp-json/`, `xmlrpc.php`, `admin-ajax.php`, `wp-login.php`, and 
   direct probes of `/wp-admin/`. Skipped for cron, WP-CLI, and excluded users.
 * **Transport:** a fire-and-forget `wp_remote_post` to `https://radar.syswp.com.
   br/api/v1/pixel/server-beacon`, dispatched on the WordPress `shutdown` action
   AFTER the page response is delivered, using `fastcgi_finish_request()` + `blocking
   => false` for zero added page latency.
 * **Data sent:** site ID, HTTP method, request URI (truncated to 500 chars), anonymized
   IP (last octet zeroed inside this plugin before transmission), user-agent (truncated
   to 1000 chars), referer (truncated, escaped), HTTP response status code, request-
   type label (rest / xmlrpc / ajax / login / admin_unauth / other), plugin version,
   DNT header value, cookieless-mode flag.
 * **Data NOT sent:** logged-in user identities, post content, form submissions,
   payment data, cookies, session tokens — none of these ever transit the beacon.
 * **Legal basis:** legitimate interest in security monitoring under LGPD Art. 7º
   IX / GDPR Art. 6(1)(f). No visitor consent is required for security telemetry
   of suspicious unauthenticated requests, per regulator guidance. Disclosure remains
   mandatory and is provided in the privacy policy snippet above.

#### Common to both

 * Servers are located in Brazil.
 * Data is processed in compliance with LGPD/GDPR.
 * `sslverify` is always `true` on outbound HTTP — never relaxed.
 * No personally identifiable information (no name, no email, no full IP, no cross-
   site identifier) leaves your WordPress install.

#### Service links

 * Service URL: https://radar.syswp.com.br
 * Privacy policy: https://radar.syswp.com.br/privacy/
 * Terms of service: https://radar.syswp.com.br/terms/
 * Plugin setup + LGPD guide: https://radar.syswp.com.br/docs/plugin-setup/

## Screenshots

 * [[
 * Main SysRadar dashboard — traffic categories (humans, AI crawlers, attackers,
   SEO crawlers, etc.) in real time, with category breakdown and live event feed
 * [[
 * AI Dashboard Explainer — a built-in AI assistant explains what changed in your
   traffic, who visited, and what action to take, in plain English
 * [[
 * AI bots panel — see exactly which AI crawlers (ClaudeBot, GPTBot, PerplexityBot,
   Amazonbot, etc.) are reading your content, how often, and which URLs they target
 * [[
 * Top attackers detected in real time, with country flag, hits, scanned paths and
   per-IP drill-down (sqlmap, nuclei, wpscan, wp-login brute-force, etc.)
 * [[
 * Real Web Vitals (LCP, FCP, TTFB, CLS, INP) collected from real visitors with 
   Good/Needs-improvement/Poor coloring, per URL
 * [[
 * Alert rules engine — 14 rule types, 5 detection modes (threshold, percent change,
   z-score, first-seen, absence), 5 channels (email, webhook, Slack, Discord, Telegram)
 * [[
 * Multi-site overview — manage analytics across all client sites in a single dashboard(
   Agency plan)
 * [[
 * Plugin settings page — Site ID, privacy controls (anonymize IP, honor DNT, exclude
   admins), and platform auto-detection status

## Installation

#### Via upload

 1. Upload the `syswp-radar` folder to `/wp-content/plugins/` or install via **WP Admin
    Plugins  Add New  Upload Plugin** (use the `.zip`)
 2. Activate the plugin in **WP Admin  Plugins**
 3. Go to **Settings  SysRadar**
 4. Paste your **Site ID** (12 characters) — find it at [radar.syswp.com.br/sites](https://radar.syswp.com.br/sites)
 5. Save. Done. The pixel is now injected on all front-end pages automatically.

#### Via WordPress.org (after approval)

 1. WP Admin  Plugins  Add New  search “SysRadar”
 2. Install  Activate
 3. Settings  SysRadar  paste your Site ID

Don’t have an account yet? Sign up free at [radar.syswp.com.br/auth/signup](https://radar.syswp.com.br/auth/signup)—
7 days of Pro free, no credit card required.

## FAQ

### Will the plugin slow down my site?

No. The JS is asynchronous (`<script async>`), under 2KB minified, and the server
responds in sub-millisecond. Nothing blocks rendering. We honor the “zero impact
on LCP/FCP” contract — you can verify on the Web Vitals panels in the SysRadar dashboard
after installing.

### Does it work with WP Rocket / LiteSpeed Cache / Cloudflare?

Yes. The snippet is static and works inside any page cache. Tested in production
with WP Rocket and LiteSpeed.

### Can I use it with ad-blockers?

Most ad-blockers allow it because the traffic is interpreted as a simple image request(`.
gif`). If you need maximum accuracy and have the Pro+ plan, configure a **custom
domain** (e.g., `analytics.yoursite.com`) and ad-blockers become completely blind
to the tracking.

### Is there a free tier?

Yes. Permanent Free plan with 1 site, 50K events/month, 7-day retention. Automatic
7-day Pro trial on signup.

### What happens if I uninstall the plugin?

Events already collected stay in SysRadar (subject to your plan retention policy).
New visitors will not be tracked. The plugin’s settings (Site ID, etc.) remain in`
wp_options` until you delete the plugin via “Plugins  Delete” — at that point the
included `uninstall.php` cleans them up automatically.

### Does it collect personal data (LGPD/GDPR)?

No. The plugin collects only: User-Agent, visited URL, referrer, and browser performance
metrics (LCP/FCP/TTFB/CLS/INP). IPs are anonymized **inside the plugin, before transmission**(
last octet zeroed for IPv4, last 80 bits zeroed for IPv6). No name, email, cross-
site tracking cookies, or any personally identifiable information ever leaves your
WordPress install.

### Do I need a cookie banner to use SysRadar?

It depends on your configuration and your jurisdiction:

 * **Cookieless mode ON (Settings  SysRadar  Cookies):** SysRadar does not set any
   cookies. You typically do not need a cookie consent banner for SysRadar specifically.(
   You may still need one for other cookie-setting code on your site.)
 * **Cookieless mode OFF (default):** SysRadar sets two first-party cookies (`_rdid`,`
   _rds`) for unique-visitor counting. Under strict LGPD/ePrivacy interpretation
   you should ask visitors for consent before setting these. A consent banner that
   gates the SysRadar pixel until the visitor accepts analytics cookies is the safest
   path. Major consent management plugins (CookieYes, Complianz, Iubenda, Cookiebot,
   etc.) can gate scripts by handle — block `syswp-radar-pixel` until consent is
   granted.
 * **Server-side beacon:** does not set cookies and runs under “legitimate interest
   in security monitoring” — consent is not required, only disclosure in your privacy
   policy.

### What does “Honor DNT” actually do?

DNT stands for **Do Not Track** — it is a header (`DNT: 1`) that the visitor’s browser
sends to tell websites “please do not track me”. The header is sent automatically
when the visitor has enabled the DNT setting in their browser preferences (Firefox:
Settings  Privacy  “Send websites a Do Not Track signal”; equivalent in older versions
of other browsers). When you enable “Honor DNT” in SysRadar, the plugin checks for
this header on every request and skips tracking entirely (both pixel and beacon)
for visitors that send it. LGPD does not require honoring DNT, but it is a strong
privacy signal and best practice — recommended if you have EU traffic.

### How do I know it’s working?

After pasting the Site ID and saving, visit your site in an incognito tab. The dashboard
at [radar.syswp.com.br/dashboard](https://radar.syswp.com.br/dashboard) shows the
event in real time (5-10 second delay).

### Does the plugin auto-update?

Yes, via standard WordPress auto-update when we publish a new version. You are notified
at **WP Admin  Updates**.

### Does it support multisite?

Yes. Install on the network and configure each subsite with its own Site ID in local
settings. Each subsite has its own separate dashboard in SysRadar.

### Can I block AI crawlers via the plugin?

No — SysRadar **detects** AI crawlers, it does not block them. To block, use `robots.
txt` or a dedicated security plugin focused on bot blocking.

### Why “SysRadar” and not “SysWP Radar”?

The plugin’s **display name** was changed from “SysWP Radar” to “SysRadar” because
the WordPress.org Plugin Review Team does not allow the “WP” abbreviation in user-
facing plugin names (it could imply affiliation with WordPress itself). The slug—`
syswp-radar` — is a technical URL identifier and is exempt from this restriction,
similar to how Yoast SEO’s slug is `wordpress-seo`. The SaaS service is still branded“
SysWP Radar” at radar.syswp.com.br — only the plugin’s display name changed.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“SysRadar” is open source software. The following people have contributed to this
plugin.

Contributors

 *   [ SysWP ](https://profiles.wordpress.org/aporcebr/)

[Translate “SysRadar” into your language.](https://translate.wordpress.org/projects/wp-plugins/syswp-radar)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/syswp-radar/), check
out the [SVN repository](https://plugins.svn.wordpress.org/syswp-radar/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/syswp-radar/) by
[RSS](https://plugins.trac.wordpress.org/log/syswp-radar/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.1.1 – 2026-05-16

 * **Privacy:** IP anonymization now runs **inside the plugin, before transmission**(
   last octet zeroed for IPv4, last 80 bits for IPv6). Previously anonymization 
   happened server-side at radar.syswp.com.br — now the data leaves your WordPress
   install already anonymized, satisfying LGPD/GDPR minimization-at-source requirements.
 * **Settings split:** the single “Tracking enabled” toggle is now two independent
   toggles — **Front-end pixel** and **Server-side beacon** — so you can disable
   either independently. Legacy `enabled` setting is auto-migrated 11 to both on
   first load.
 * **Cookieless mode:** new one-click toggle that disables the `_rdid` / `_rds` 
   first-party cookies. When enabled you typically do not need a cookie consent 
   banner for SysRadar.
 * **Settings reference table:** the admin page now shows a clear table explaining
   the technical effect AND the legal implication of each setting, so you know what
   to update in your privacy policy when toggling.
 * **Privacy policy snippet:** the readme now includes a copy-paste-ready paragraph
   that site owners can adapt for their own privacy policies.
 * **Data subject rights walkthrough:** new section in readme covering LGPD Art.
   18 / GDPR Art. 15–17 — what to do when a visitor asks for access, deletion, portability.
 * **External services disclosure** expanded to cover both the JS pixel AND the 
   server-side beacon (when each fires, exact data sent, legal basis).
 * **Admin onboarding** redesigned — new visitors see a clear 3-step welcome card
   with a prominent “Sign up free” CTA toward radar.syswp.com.br.
 * **Brand:** admin header now uses the official SysRadar mark instead of a placeholder
   gradient square.
 * **FAQ additions:** “Do I need a cookie banner?” and “What does Honor DNT actually
   do?”.
 * **Base URL field removed** from the settings page — the analytics endpoint is
   now pinned to the canonical SysRadar service (radar.syswp.com.br). Custom-domain
   routing will return later via an authenticated API. Existing custom-domain installs
   are migrated to the canonical endpoint automatically on first load.
 * **Readme cleanup:** removed promotional pricing details from the description (
   kept on the SaaS site); donate link removed; tags revised for compliance.

#### 1.1.0 – 2026-05-11

 * Display name changed to “SysRadar” (per WordPress.org Plugin Review Team guidance—“
   WP” cannot appear in plugin display names). Plugin slug remains `syswp-radar`(
   slugs are URL identifiers, not user-facing branding, and are exempt from the “
   WP” restriction).
 * All UI strings translated from Portuguese to English with full i18n support —
   translations welcome via translate.wordpress.org
 * Added server-side beacon (captures attacks the JS pixel cannot see: /wp-json/,
   xmlrpc.php, admin-ajax.php unauth, wp-admin probes, wp-login.php). Fired on `
   shutdown` action; uses `fastcgi_finish_request()` + `blocking=false` for zero
   added latency.
 * Pixel injection switched from direct `echo` to `wp_enqueue_script()` + `script_loader_tag`
   filter for `async` attribute (matching WP.org Plugin Review best practices).
 * All `$_SERVER` reads now properly sanitized with `sanitize_text_field(wp_unslash())`/`
   esc_url_raw(wp_unslash())`.
 * Class renamed to `Syswp_Radar_Plugin` to match the slug-derived prefix convention.
 * Removed call to `load_plugin_textdomain()` — no longer needed since WordPress
   4.6 for plugins hosted on WordPress.org.

#### 1.0.0 – 2026-05-06

 * Initial release on WordPress.org
 * Pixel injection via wp_head (priority 99)
 * Auto-detection of platforms (WooCommerce, Elementor, Yoast, Rank Math, etc.)
 * Settings page with privacy controls
 * Compatibility tested with WP Rocket, LiteSpeed Cache, W3 Total Cache
 * Multisite support
 * Optional Honor DNT
 * Auto-exclusion of admins/editors

## Meta

 *  Version **1.1.1**
 *  Last updated **19 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.5 or higher **
 *  Tested up to **6.9.4**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/syswp-radar/)
 * Tags
 * [analytics](https://test.wordpress.org/plugins/tags/analytics/)[bots](https://test.wordpress.org/plugins/tags/bots/)
   [performance](https://test.wordpress.org/plugins/tags/performance/)[privacy](https://test.wordpress.org/plugins/tags/privacy/)
   [vitals](https://test.wordpress.org/plugins/tags/vitals/)
 *  [Advanced View](https://test.wordpress.org/plugins/syswp-radar/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/syswp-radar/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/syswp-radar/reviews/)

## Contributors

 *   [ SysWP ](https://profiles.wordpress.org/aporcebr/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/syswp-radar/)