Documentation Getting Started Counting Unique Visitors Without Cookies

Counting Unique Visitors Without Cookies

Notice: The enhanced privacy and hashing mechanism described herein has been introduced in WP Statistics version 14.4.

Our methodology strikes a fine balance between ensuring user privacy and providing accurate analytics without using cookies, browser cache, or local storage. This approach aligns with strict privacy regulations like GDPR, which consider device-persistent identifiers as personal data.

Our Methodology

We count unique visitors based on the data available in every HTTP request: the IP address and the User-Agent string. However, to protect visitor privacy and comply with data protection laws, we do not use these datapoints in their raw form. Instead, we employ a hashing mechanism with a daily rotating salt. This process is designed to anonymize the data thoroughly, making it impossible to trace back to the individual user.

Please note: This methodology is applied only when the “Hash IP Addresses” option is enabled in the settings.

The unique identifier for counting visitors is generated using the following formula:

hash(daily_salt + ip_address + user_agent)

This formula integrates a daily-changing salt, the visitor’s IP address, and their User-Agent. By adding the daily salt, we ensure that the hash value changes every day, preventing the tracking of users across different days and enhancing privacy. The resulting hash is a random string of letters and numbers utilized to calculate the number of unique visitors for that day.

Enhanced Privacy with Version 14.4

With the introduction of version 14.4, WP Statistics has further enhanced this mechanism. The new hashing method, detailed in our GitHub repository, introduces improvements that align with the latest privacy protection techniques.

Key Enhancements Include:

  • Daily Salt Rotation: Ensures that the hash cannot be used to track visitors across different days.
  • Compatibility with Anonymize IP Addresses Option: When enabled, IPs are first anonymized, then hashed, adding an extra layer of privacy.

Implementation Guide

For Those Not Currently Hashing IPs:

  1. Enable IP Address Hashing: Navigate to Settings -> User Data Protection and enable the “Hash IP Addresses” option.
  2. Convert Pre-existing IPs: To apply hashing to previously recorded IP addresses, go to Optimization -> Plugin Maintenance -> Convert IP Addresses to Hash.

For Existing Users of the Hash Option:

  • Rehash Previous Data: To apply the enhanced hashing method to your previously recorded data, initiate the rehashing process through Optimization -> Plugin Maintenance -> Convert IP Addresses to Hash.

Limitations and Considerations

While our approach provides robust privacy protection and accurate visitor counting, it does have limitations. For instance, we cannot perform detailed retention analysis, such as distinguishing between new versus returning visitors, due to the lack of a persistent user identifier. Our method counts a visitor who views the site multiple times in a day as a single unique visitor. Conversely, if the same visitor comes on different days, each visit is counted as a unique visitor.

Compliance and Legal Considerations

We are committed to helping our users understand how WP Statistics is built to comply with various privacy regulations. While we provide this information to aid in compliance, we recommend consulting with legal professionals for advice tailored to your specific circumstances.