{"id":290626,"date":"2026-04-03T11:25:33","date_gmt":"2026-04-03T11:25:33","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/clicksora-click-fraud-protection\/"},"modified":"2026-04-03T11:24:57","modified_gmt":"2026-04-03T11:24:57","slug":"clicksora-click-fraud-protection","status":"publish","type":"plugin","link":"https:\/\/pl.wordpress.org\/plugins\/clicksora-click-fraud-protection\/","author":23466799,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.8.0","stable_tag":"1.8.0","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"Clicksora Click Fraud Protection","header_author":"Clicksora","header_description":"Official WordPress integration for Clicksora. Automatically injects the click fraud tracking snippet into your site. Simply enter your Tracking ID and you're protected.","assets_banners_color":"111e29","last_updated":"2026-04-03 11:24:57","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/clicksora.com\/features","header_author_uri":"https:\/\/clicksora.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":129,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.8.0":{"tag":"1.8.0","author":"clicksora","date":"2026-04-03 11:24:57"}},"upgrade_notice":{"1.8.0":"<p>Fixed missing textdomain loading \u2014 translations now work correctly. Please update.<\/p>","1.7.0":"<p>WordPress Plugin Check compliance: Added textdomain loading, regenerated translation file, security hardening. Please update.<\/p>","1.6.0":"<p>WordPress.org review compliance fixes: Constants safety, proper uninstall handler, improved sanitization, and noscript pixel placement.<\/p>","1.5.0":"<p>CRITICAL: Fixes ghost click detection gap caused by deferred script loading. All users should update immediately.<\/p>","1.3.0":"<p>WordPress Plugin Check compliance: Fixed text domain, escaping, script enqueuing, and coding standards. Please update.<\/p>","1.2.0":"<p>Major update: Admin tracking skip, faster script loading with defer, settings link on plugins page, and automatic cleanup on uninstall.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3498192,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3498192,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3498195,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3498195,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.8.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Settings page \u2014 Enter your Tracking ID to activate protection.","2":"Protection status \u2014 Green banner confirms Clicksora is active.","3":"How-it-works guide \u2014 Step-by-step explanation built into the plugin."}},"plugin_section":[],"plugin_tags":[259366,4270,157374,985,259367],"plugin_category":[],"plugin_contributors":[259368],"plugin_business_model":[],"class_list":["post-290626","plugin","type-plugin","status-publish","hentry","plugin_tags-ad-protection","plugin_tags-click-fraud","plugin_tags-fraud-detection","plugin_tags-google-ads","plugin_tags-ppc-protection","plugin_contributors-clicksora","plugin_committers-clicksora"],"banners":{"banner":"https:\/\/ps.w.org\/clicksora-click-fraud-protection\/assets\/banner-772x250.png?rev=3498195","banner_2x":"https:\/\/ps.w.org\/clicksora-click-fraud-protection\/assets\/banner-1544x500.png?rev=3498195","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/clicksora-click-fraud-protection\/assets\/icon-128x128.png?rev=3498192","icon_2x":"https:\/\/ps.w.org\/clicksora-click-fraud-protection\/assets\/icon-256x256.png?rev=3498192","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Clicksora<\/strong> is the easiest way to protect your PPC ad campaigns from click fraud, bots, and competitors wasting your ad budget.<\/p>\n\n<p>This official WordPress plugin automatically injects the Clicksora tracking snippet into your site. Simply enter your Tracking ID and your ads are protected \u2014 no code editing required.<\/p>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><strong>Real-time click fraud detection<\/strong> \u2014 Identifies fraudulent clicks the moment they happen<\/li>\n<li><strong>Automatic IP blocking<\/strong> \u2014 Blocks bad IPs and syncs exclusions to your Google Ads account<\/li>\n<li><strong>Bot detection<\/strong> \u2014 Filters out automated bot traffic before it costs you money<\/li>\n<li><strong>Lightweight<\/strong> \u2014 Only 3KB tracking script loaded in the page head, minimal impact on page speed<\/li>\n<li><strong>Admin skip<\/strong> \u2014 Automatically excludes logged-in administrators from tracking<\/li>\n<li><strong>One-click setup<\/strong> \u2014 Just paste your Tracking ID and save<\/li>\n<\/ul>\n\n<h4>How It Works<\/h4>\n\n<ol>\n<li>Install and activate the plugin<\/li>\n<li>Enter your Clicksora Tracking ID (found in your <a href=\"https:\/\/app.clicksora.com\">Clicksora Dashboard<\/a>)<\/li>\n<li>The tracking script loads automatically on every page<\/li>\n<li>Clicks from ads are analyzed in real-time<\/li>\n<li>Fraudulent IPs are blocked and synced to your Google Ads<\/li>\n<li>View everything in your <a href=\"https:\/\/app.clicksora.com\">Clicksora Dashboard<\/a><\/li>\n<\/ol>\n\n<h4>Who Is This For?<\/h4>\n\n<ul>\n<li>Businesses running Google Ads campaigns<\/li>\n<li>Marketing agencies managing PPC for clients<\/li>\n<li>E-commerce stores protecting their ad spend<\/li>\n<li>Anyone who wants to stop paying for fake clicks<\/li>\n<\/ul>\n\n<p><strong>A Clicksora account is required.<\/strong> Sign up at <a href=\"https:\/\/clicksora.com\">clicksora.com<\/a> \u2014 all plans include a 14-day money-back guarantee.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to the following external services operated by Clicksora:<\/p>\n\n<h4>Clicksora Tracking API<\/h4>\n\n<ul>\n<li><strong>Service:<\/strong> <a href=\"https:\/\/clicksora.com\">Clicksora<\/a><\/li>\n<li><strong>What it does:<\/strong> The plugin loads a lightweight tracking script (<code>https:\/\/app.clicksora.com\/t.js<\/code>) on your site's frontend pages. This script analyzes incoming ad clicks to detect click fraud in real-time. Click data is sent to <code>https:\/\/app.clicksora.com\/api\/track\/click<\/code> for processing. A noscript tracking pixel (<code>https:\/\/app.clicksora.com\/api\/track\/pixel<\/code>) is also loaded as a fallback for visitors with JavaScript disabled.<\/li>\n<li><strong>Data transmitted:<\/strong> Click metadata including IP address, user agent, referrer URL, UTM parameters, and timestamp. No personal visitor data such as names, emails, or passwords is collected.<\/li>\n<li><strong>When data is sent:<\/strong> On every frontend page load. Admin pages and logged-in administrators are excluded from tracking.<\/li>\n<li><strong>Terms of Service:<\/strong> <a href=\"https:\/\/clicksora.com\/terms\">https:\/\/clicksora.com\/terms<\/a><\/li>\n<li><strong>Privacy Policy:<\/strong> <a href=\"https:\/\/clicksora.com\/privacy\">https:\/\/clicksora.com\/privacy<\/a><\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>clicksora-click-fraud-protection<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory, or install directly through the WordPress plugins screen.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> screen in WordPress.<\/li>\n<li>Go to <strong>Settings \u2192 Clicksora<\/strong> in the WordPress admin.<\/li>\n<li>Enter your Tracking ID (looks like <code>dom_xxxxxxxxx<\/code>). Find it in your <a href=\"https:\/\/app.clicksora.com\/dashboard\/settings\">Clicksora Dashboard<\/a> \u2192 Settings \u2192 Protected Domains.<\/li>\n<li>Click <strong>Save Tracking ID<\/strong> \u2014 you're protected!<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"do%20i%20need%20a%20clicksora%20account%3F\"><h3>Do I need a Clicksora account?<\/h3><\/dt>\n<dd><p>Yes. The plugin connects your WordPress site to Clicksora's fraud detection engine. Sign up at <a href=\"https:\/\/clicksora.com\">clicksora.com<\/a>.<\/p><\/dd>\n<dt id=\"where%20do%20i%20find%20my%20tracking%20id%3F\"><h3>Where do I find my Tracking ID?<\/h3><\/dt>\n<dd><p>Log into your <a href=\"https:\/\/app.clicksora.com\">Clicksora Dashboard<\/a>, go to Settings \u2192 Protected Domains, and copy the Tracking ID for your domain.<\/p><\/dd>\n<dt id=\"does%20this%20slow%20down%20my%20site%3F\"><h3>Does this slow down my site?<\/h3><\/dt>\n<dd><p>No. The tracking script is only 3KB and loads in the page head to ensure every ad click is captured \u2014 even from visitors who bounce quickly.<\/p><\/dd>\n<dt id=\"does%20this%20track%20my%20own%20visits%3F\"><h3>Does this track my own visits?<\/h3><\/dt>\n<dd><p>No. Logged-in administrators are automatically excluded from tracking so your data stays clean.<\/p><\/dd>\n<dt id=\"what%20ad%20platforms%20does%20clicksora%20support%3F\"><h3>What ad platforms does Clicksora support?<\/h3><\/dt>\n<dd><p>Clicksora primarily protects Google Ads campaigns, with support for Microsoft Ads and Facebook Ads coming soon.<\/p><\/dd>\n<dt id=\"is%20my%20data%20safe%3F\"><h3>Is my data safe?<\/h3><\/dt>\n<dd><p>Yes. All data is encrypted in transit (TLS\/SSL) and stored securely. See our <a href=\"https:\/\/clicksora.com\/privacy\">Privacy Policy<\/a>.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.8.0<\/h4>\n\n<ul>\n<li>Removed: Deprecated <code>load_plugin_textdomain()<\/code> call \u2014 WordPress.org auto-loads translations since WP 4.6<\/li>\n<li>Improved: Plugin Check passes clean with zero errors<\/li>\n<\/ul>\n\n<h4>1.7.0<\/h4>\n\n<ul>\n<li>Added: <code>load_plugin_textdomain()<\/code> for proper translation loading<\/li>\n<li>Added: Security <code>index.php<\/code> files to prevent directory listing<\/li>\n<li>Fixed: Translation template <code>.pot<\/code> file updated with all translatable strings<\/li>\n<li>Fixed: Readme \"free trial\" corrected to \"14-day money-back guarantee\"<\/li>\n<li>Improved: Full WordPress Plugin Check compliance<\/li>\n<\/ul>\n\n<h4>1.6.0<\/h4>\n\n<ul>\n<li>Fixed: Constants now wrapped in <code>defined()<\/code> checks to prevent fatal errors<\/li>\n<li>Fixed: Removed unnecessary escaping in <code>wp_enqueue_script()<\/code> and <code>wp_enqueue_style()<\/code> parameters<\/li>\n<li>Fixed: Settings section callback now uses a proper named function<\/li>\n<li>Fixed: Added <code>wp_unslash()<\/code> before sanitizing form input<\/li>\n<li>Fixed: Noscript pixel moved from <code>wp_head<\/code> to <code>wp_body_open<\/code> with <code>wp_footer<\/code> fallback<\/li>\n<li>Fixed: Uninstall cleanup now uses <code>uninstall.php<\/code> instead of <code>register_uninstall_hook()<\/code><\/li>\n<li>Fixed: CSS version synced with plugin version, removed duplicate header comments<\/li>\n<li>Fixed: Removed frontend CSS class from admin-only stylesheet<\/li>\n<li>Improved: Added <code>@package<\/code> PHPDoc tag to all files<\/li>\n<\/ul>\n\n<h4>1.5.0<\/h4>\n\n<ul>\n<li>CRITICAL FIX: Removed <code>defer<\/code> script loading strategy \u2014 deferred scripts execute AFTER HTML parsing, causing fast-bouncing ad visitors to leave before tracking activates (ghost clicks). Script now loads in <code>&lt;head&gt;<\/code> for immediate execution.<\/li>\n<li>Fixed: Tracking script URL reference updated to <code>app.clicksora.com\/t.js<\/code><\/li>\n<li>Fixed: Pixel URL updated to <code>app.clicksora.com\/api\/track\/pixel<\/code><\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Fixed: Text domain now correctly uses <code>clicksora-click-fraud-protection<\/code> throughout<\/li>\n<li>Fixed: All output is properly escaped using <code>esc_html()<\/code>, <code>esc_attr()<\/code>, and <code>esc_url()<\/code><\/li>\n<li>Fixed: Script injection now uses <code>wp_enqueue_script()<\/code> instead of direct HTML output<\/li>\n<li>Fixed: Inline styles replaced with external CSS file (<code>css\/admin.css<\/code>)<\/li>\n<li>Fixed: Added <code>rel=\"noopener noreferrer\"<\/code> to all external links<\/li>\n<li>Fixed: PHPDoc blocks added to all functions<\/li>\n<li>Fixed: <code>register_setting()<\/code> now uses array configuration format<\/li>\n<li>Improved: Sanitization uses <code>sanitize_text_field()<\/code> in addition to regex<\/li>\n<li>Improved: Added proper <code>width<\/code> and <code>height<\/code> attributes to noscript pixel image<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Added: Admin tracking skip \u2014 logged-in administrators are excluded from tracking<\/li>\n<li>Added: <code>defer<\/code> attribute for non-blocking script loading<\/li>\n<li>Added: Settings link on the Plugins page for quick access<\/li>\n<li>Added: How-it-works guide panel on settings page<\/li>\n<li>Added: Privacy policy link and version footer<\/li>\n<li>Added: Uninstall cleanup \u2014 removes all options when plugin is deleted<\/li>\n<li>Improved: Better input sanitization for Tracking ID<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Added: Noscript pixel fallback for visitors with JavaScript disabled<\/li>\n<li>Improved: Settings page UI with status indicator<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Tracking script injection via data-id attribute<\/li>\n<li>Settings page with Tracking ID input<\/li>\n<\/ul>","raw_excerpt":"Protect your Google Ads budget from click fraud. Automatically detects and blocks fraudulent clicks in real-time.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/290626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=290626"}],"author":[{"embeddable":true,"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/clicksora"}],"wp:attachment":[{"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=290626"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=290626"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=290626"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=290626"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=290626"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=290626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}