SERVER-SIDE WORDPRESS ANALYTICS

WordPress analytics that sees what Google Analytics misses.

Google Analytics, Plausible, Fathom, and every JavaScript-based tracker share the same blind spot: they only see visitors whose browsers execute JS. That excludes 30–60% of real traffic — including AI crawlers, attackers, RSS readers, and most bots.

SysWP Radar captures it all, server-side, with one WordPress plugin or one line of code. Free plan, no cookies, LGPD/GDPR by design.

Start free · 7-day Pro trial See the dashboard

Why standard WordPress analytics lies to you

Every analytics platform built on a JavaScript snippet — including the most popular WordPress plugins — has the same architecture: a <script> tag injected on each page, fired in the visitor's browser. That tag only fires when the browser actually downloads and runs JavaScript. In 2026, that's a serious limitation:

  • AI crawlers don't run JavaScript. GPTBot, ClaudeBot, PerplexityBot, Amazonbot, Bytespider, OAI-SearchBot — they all fetch your content using server-to-server HTTP and never execute JS. Your analytics tool reports zero visits from them. Meanwhile, they're indexing your site for the next decade of search.
  • Attackers don't run JavaScript. When sqlmap, wpscan, Nuclei, or masscan hit /wp-login.php, /xmlrpc.php, or /.env, your analytics has no idea. Your hosting bill grows. Your security plugin maybe catches some. You see none of it in your "traffic" report.
  • SEO bots are mostly invisible too. Ahrefs, Semrush, Majestic, DotBot — most fetch headlessly. Some sample 0.1% of pages with JS. Your "organic search" attribution is wrong because of it.
  • RSS readers and feed aggregators consume /feed/ over HTTP with no browser. Inoreader, Feedly, NewsBlur — all invisible.
  • Performance monitors (UptimeRobot, Pingdom, StatusCake) and your own CRON jobs — same story.

What's left? Roughly 40–70% of your real traffic. The slice your tracker happens to see.

How server-side WordPress analytics works

SysWP Radar runs in two complementary layers:

  1. JavaScript pixel (front-end) — for human visitors, captures Web Vitals (LCP / FCP / TTFB / CLS / INP), UTM attribution, rage clicks, JS errors, scroll depth, time-on-page. The classic analytics layer, done correctly.
  2. Server-side beacon (PHP plugin) — fires on every request that doesn't render HTML: /wp-json/ REST API, /xmlrpc.php, admin-ajax.php (unauthenticated), /wp-login.php, direct probes to /wp-admin/. This is the layer GA can't have because GA is browser JS only.

The beacon runs after WordPress finishes serving the response (via fastcgi_finish_request() + blocking=false), so visitor latency is zero. The classifier sorts each request into 9 categories in real time: humans, verified bots, AI crawlers, SEO crawlers, RSS readers, health checks, WordPress internal, attackers, and unknown.

Install in 3 minutes

  1. Create a free account (7-day Pro trial, no credit card)
  2. Add your site → copy the 12-character Site ID
  3. Install the WordPress plugin: download the .zip → WP Admin → Plugins → Add New → Upload → Activate
  4. WP Admin → Settings → SysRadar → paste the Site ID → Save

Or for any non-WordPress site, paste this one line before </head>:

<script async src="https://radar.syswp.com.br/p/YOUR_SITE_ID.js"></script>
<noscript><img src="https://radar.syswp.com.br/p/YOUR_SITE_ID.gif" alt="" width="1" height="1"></noscript>

Visit your site in an incognito tab. The dashboard at radar.syswp.com.br/dashboard shows the event within 5–10 seconds.

FAQ

Does this replace Google Analytics?
It can — but it doesn't have to. The most powerful setup is to run both: keep GA for the human-only views you're used to, and add Radar to see everything else (AI bots, attackers, server-side traffic). On the Free plan there's no overhead to running both.
Is it LGPD / GDPR compliant?
Yes. No cookies of any kind for tracking. IPs are anonymized (last octet zeroed) before persistence. No fingerprinting, no cross-site tracking, no data brokers. Servers are in Brazil. We have a registered DPO. The privacy policy is at /privacy/.
Will it slow down my site?
No. The JS pixel is loaded async (under 2KB minified). The server-side beacon fires after WordPress finishes the response — visitor latency is zero. We honor a "zero impact on LCP/FCP" contract; you can verify this in the Web Vitals panel after install.
Does it work with WP Rocket / LiteSpeed Cache / Cloudflare?
Yes. The pixel snippet is static and works inside any page cache. Tested in production with WP Rocket, LiteSpeed Cache, W3 Total Cache, and Cloudflare APO.
Can I block AI crawlers with this?
Radar detects them — it does not block. For blocking, integrate with our sibling product SysWP Shield, or write a rule in your firewall / Cloudflare WAF based on the user-agent strings Radar surfaces.

See what your analytics has been hiding.

Free forever plan, 7-day Pro trial on signup, no credit card. The first hidden AI crawler hit shows up in your dashboard within minutes of install.

Create free account →

First 100 paying customers lock in 50% lifetime discount.

Related topics