WordPress Plugin Setup
The Travatar WordPress plugin adds Server-Side Tracking to your WordPress site. It captures every request (pages, admin, AJAX, REST API) and forwards the data to Travatar's Detection Engine.
Prerequisites
- WordPress 6.0 or later
- A Travatar account with an App ID and API Token
- Admin access to your WordPress site
Installation
Option 1: WordPress Plugin Directory
- Go to Plugins → Add New in WordPress admin
- Search for "Travatar"
- Click Install Now on Travatar AI Detection & Server-Side Tracking
- Click Activate
Option 2: Upload ZIP
- Download the plugin ZIP
- Go to Plugins → Add New → Upload Plugin
- Select the ZIP file and click Install Now
- Click Activate
Configuration
1. Get Your Credentials
- Log in to app.travatar.ai
- Go to Settings → Server Tracking
- Copy your App ID and generate an API Token (save it - it's shown only once)
2. Enter Credentials in WordPress
- Go to Settings → Travatar SST in WordPress admin
- Enter your App ID
- Enter your API Token
- Click Save Changes
The status indicator will change from Inactive (red) to Active (green) once both credentials are saved.
3. Verify
- Visit your website's front page
- Go to app.travatar.ai → AI Traffic
- You should see your visit appear within 1-2 minutes
What Gets Tracked
The plugin hooks into WordPress's init action and captures:
| Field | Source | Example |
|---|---|---|
uri | $_SERVER['REQUEST_URI'] | /blog/my-post/ |
method | $_SERVER['REQUEST_METHOD'] | GET |
user_agent | $_SERVER['HTTP_USER_AGENT'] | Mozilla/5.0 ... |
referer | $_SERVER['HTTP_REFERER'] | https://google.com/... |
ip_address | Best-effort discovery | 203.0.113.42 |
is_https | is_ssl() | true |
is_admin | is_admin() | false |
is_rest | REST_REQUEST constant | false |
Skipped Requests
The plugin does not track:
- WP-Cron - Background scheduled tasks (
DOING_CRON) - WP-CLI - Command-line operations (
WP_CLI)
AJAX requests are tracked, as they may originate from bot activity.
IP Address Detection
The plugin uses best-effort IP detection, checking headers in this order:
HTTP_CLIENT_IPHTTP_X_FORWARDED_FORHTTP_X_FORWARDEDHTTP_X_CLUSTER_CLIENT_IPHTTP_FORWARDED_FORHTTP_FORWARDEDREMOTE_ADDR
For X-Forwarded-For headers with multiple IPs (common behind load balancers), the first IP is used.
llms.txt File
On activation, the plugin creates an llms.txt file in your WordPress root directory. This file documents your AI training preferences using the emerging llms.txt standard:
# llms.txt - AI Training Guidelines for My Site
User-agent: *
Allow: /
Attribution: Required
Commercial-use: Allowed with attribution
You can edit this file to customize your AI training guidelines. The file is removed on plugin deactivation.
Performance
- The webhook uses a 1-second timeout with
blocking: false - WordPress does not wait for Travatar's response
- Zero impact on page load time
- Uses
wp_remote_post()with WordPress HTTP API
Troubleshooting
Status shows "Inactive"
Both App ID and API Token must be saved. Check:
- Go to Settings → Travatar SST
- Verify both fields are filled
- Click Save Changes again
No data in dashboard
- Verify the plugin is activated (Plugins page)
- Check status is "Active" in Settings → Travatar SST
- If using a caching plugin, clear the cache and visit a page
- Check for PHP errors: enable
WP_DEBUGinwp-config.php
Behind a reverse proxy (Nginx, Cloudflare)
If your WordPress is behind a reverse proxy, the visitor's real IP may not be in REMOTE_ADDR. The plugin checks X-Forwarded-For and similar headers, but ensure your proxy is configured to pass the original client IP.
Conflict with other plugins
The plugin uses a priority of 1 on the init hook to fire early. If another plugin modifies $_SERVER values before init, tracking data may be affected. Try increasing the priority to 0 if needed.
Uninstallation
When you deactivate the plugin:
- The
llms.txtfile is removed from WordPress root
When you delete the plugin:
- App ID and API Token options are removed from the database
- No other data is modified