The latest articles on DEV Community by niyht (@niyht). https://dev.to/niyht https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3869598%2F976e81a0-4a04-4b80-8550-5e9e91aff78d.png https://dev.to/niyht en niyht Thu, 09 Apr 2026 11:17:50 +0000 https://dev.to/niyht/i-built-a-free-metorik-alternative-for-woocommerce-heres-what-15-years-and-1000-client-stores-3fag https://dev.to/niyht/i-built-a-free-metorik-alternative-for-woocommerce-heres-what-15-years-and-1000-client-stores-3fag <p>For the last 18 months I've been quietly building <strong><a href="https://wordpress.org/plugins/brikpanel-admin-panel-dashboard-for-woocommerce/" rel="noopener noreferrer">BrikPanel</a></strong> — a <strong>100% free</strong> WooCommerce admin dashboard that tries to do what Metorik does, without the $50–$200/month bill. No premium tier, no "pro" upsell, no locked features — the entire plugin is GPL‑2.0+ on the official WordPress.org repository. It's installed on roughly <strong>1,000 client stores</strong> through my agency work, and shipping into that many real production environments has taught me a lot about what WooCommerce gets right, what it gets wrong, and where third‑party plugins quietly break things.</p> <p>This post is the technical brain dump: the architecture decisions, the libraries I picked (and the ones I rejected), the database design, and a few gotchas I wish someone had written down for me before I started.</p> <blockquote> <p>👉 <strong><a href="https://wordpress.org/plugins/brikpanel-admin-panel-dashboard-for-woocommerce/" rel="noopener noreferrer">Install BrikPanel from WordPress.org</a></strong> — fully free, no signup, no API key.</p> </blockquote> <h2> The problem </h2> <p>The default WooCommerce admin is… fine. It works. But the moment a real store owner logs in, they want answers to four questions:</p> <ol> <li>How much did I make today vs. yesterday?</li> <li>Who is on my site <strong>right now</strong>?</li> <li>Which products are actually moving?</li> <li>Where are my orders coming from — organic? Trendyol? An influencer link?</li> </ol> <p>Metorik answers all of these beautifully. But Metorik is SaaS, it's expensive for a KOBİ (small/medium business), and a lot of my clients in Turkey simply won't pay monthly USD bills for a dashboard. So I started building what I thought would be a weekend plugin. 18 months later it has ~5,500 lines of code in the main analytics modules alone, custom DB tables, 3D globe rendering, and a dual code path for HPOS.</p> <p>Here's how it's put together.</p> <h2> 1. The HPOS dual code path — the single biggest decision </h2> <p>WooCommerce 8.2 introduced <strong>HPOS</strong> (High‑Performance Order Storage). Instead of storing every order as a <code>wp_posts</code> row + 30 <code>wp_postmeta</code> rows, it stores them in dedicated <code>wp_wc_orders</code> / <code>wp_wc_order_addresses</code> / <code>wp_wc_order_product_lookup</code> tables. It is dramatically faster and structurally saner.</p> <p>But here's the catch: <strong>most stores in the wild are still on legacy storage</strong>, or they have HPOS enabled with sync mode on, or they're mid‑migration. If you target only HPOS, you break thousands of installs. If you target only legacy, you ship a plugin that's already obsolete.</p> <p>So every analytics query in BrikPanel has <strong>two implementations</strong>, and they're chosen at runtime:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">private</span> <span class="k">function</span> <span class="n">is_hpos</span><span class="p">()</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">is_hpos</span> <span class="o">===</span> <span class="kc">null</span> <span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">is_hpos</span> <span class="o">=</span> <span class="nf">get_option</span><span class="p">(</span> <span class="s1">'woocommerce_custom_orders_table_enabled'</span> <span class="p">)</span> <span class="o">===</span> <span class="s1">'yes'</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">is_hpos</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>And then every query branches:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">if</span> <span class="p">(</span> <span class="nv">$is_hpos</span> <span class="p">)</span> <span class="p">{</span> <span class="nv">$query</span> <span class="o">=</span> <span class="nv">$wpdb</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span> <span class="s2">"SELECT p.product_id, SUM(p.product_qty) AS total_sold FROM </span><span class="si">{</span><span class="nv">$wpdb</span><span class="o">-&gt;</span><span class="n">prefix</span><span class="si">}</span><span class="s2">wc_order_product_lookup p INNER JOIN </span><span class="si">{</span><span class="nv">$wpdb</span><span class="o">-&gt;</span><span class="n">prefix</span><span class="si">}</span><span class="s2">wc_orders o ON p.order_id = o.id WHERE o.status IN (</span><span class="si">{</span><span class="nv">$status_placeholders</span><span class="si">}</span><span class="s2">)</span><span class="si">{</span><span class="nv">$admin_sql</span><span class="si">}</span><span class="s2"> AND o.date_created_gmt &gt;= %s AND o.date_created_gmt &lt;= %s GROUP BY p.product_id ORDER BY total_sold DESC LIMIT 5"</span><span class="p">,</span> <span class="nv">$query_args</span> <span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// Legacy: posts + postmeta + woocommerce_order_items + woocommerce_order_itemmeta</span> <span class="nv">$query</span> <span class="o">=</span> <span class="nv">$wpdb</span><span class="o">-&gt;</span><span class="nf">prepare</span><span class="p">(</span> <span class="s2">"SELECT m2.meta_value AS product_id, SUM(m1.meta_value) ..."</span><span class="p">,</span> <span class="nv">$query_args</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The legacy version is <strong>uglier and slower</strong> (four joins to get a product ID and a quantity, because everything lives in EAV‑style postmeta), but it has to exist. I also had to declare HPOS compatibility explicitly so WooCommerce doesn't show the scary "incompatible plugin" warning:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nf">add_action</span><span class="p">(</span><span class="s1">'before_woocommerce_init'</span><span class="p">,</span> <span class="k">function</span> <span class="p">()</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nb">class_exists</span><span class="p">(</span><span class="nc">\Automattic\WooCommerce\Utilities\FeaturesUtil</span><span class="o">::</span><span class="n">class</span><span class="p">))</span> <span class="p">{</span> <span class="nc">\Automattic\WooCommerce\Utilities\FeaturesUtil</span><span class="o">::</span><span class="nf">declare_compatibility</span><span class="p">(</span> <span class="s1">'custom_order_tables'</span><span class="p">,</span> <span class="k">__FILE__</span><span class="p">,</span> <span class="kc">true</span> <span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p><strong>Lesson:</strong> if you're building anything that touches orders today, write the HPOS version <em>first</em>, then write the legacy version as a <code>else</code> branch. Don't try to retrofit HPOS later — your query shapes will be wrong.</p> <h2> 2. Why I built custom DB tables instead of stuffing everything into <code>wp_options</code> </h2> <p>This is the mistake I see in 80% of analytics plugins on the WP repository. They store visitor counts, page views, and cart events as <strong>serialized arrays in <code>wp_options</code></strong>. It "works" until the option grows past a few MB, at which point every page load loads it into memory and the site dies.</p> <p>I created three dedicated tables on activation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$sql_visitors</span> <span class="o">=</span> <span class="s2">"CREATE TABLE </span><span class="nv">$visitors_table</span><span class="s2"> ( id BIGINT(20) UNSIGNED AUTO_INCREMENT PRIMARY KEY, date_column DATE NOT NULL, visitor_count INT DEFAULT 0, product_count INT DEFAULT 0, add_to_cart_count INT DEFAULT 0, checkout_count INT DEFAULT 0, KEY idx_date (date_column) ) </span><span class="nv">$charset_collate</span><span class="s2">;"</span><span class="p">;</span> <span class="nv">$sql_cart_tracking</span> <span class="o">=</span> <span class="s2">"CREATE TABLE </span><span class="nv">$cart_tracking_table</span><span class="s2"> ( id BIGINT(20) UNSIGNED AUTO_INCREMENT PRIMARY KEY, product_id BIGINT(20) UNSIGNED NOT NULL, cart_count INT DEFAULT 0, date_column DATETIME DEFAULT CURRENT_TIMESTAMP, KEY product_id (product_id), KEY idx_date (date_column), KEY idx_product_date (product_id, date_column) ) </span><span class="nv">$charset_collate</span><span class="s2">;"</span><span class="p">;</span> </code></pre> </div> <p>A few things worth pointing out:</p> <ul> <li> <strong>Composite indexes matter.</strong> <code>idx_product_date (product_id, date_column)</code> is what makes "show me top added‑to‑cart products in the last 30 days" run in milliseconds instead of seconds. The order of columns in a composite index has to match how you actually filter.</li> <li> <strong><code>DATE</code> for daily aggregates, <code>DATETIME</code> for events.</strong> Visitor counts are pre‑aggregated per day (one row per day, ever). Cart events are stored per‑event because we need precise timestamps for funnel analysis.</li> <li> <strong><code>dbDelta()</code> instead of raw <code>CREATE TABLE</code>.</strong> dbDelta is finicky (it requires double spaces in some places, no parentheses on <code>KEY</code> definitions, etc.) but it handles upgrades correctly when you change the schema in a future version.</li> </ul> <p>This means even on a store doing 10k visitors/day, the visitor table grows by <strong>one row per day</strong>. After five years it has 1,825 rows. Compare that to the "serialized array in options" approach where the same data would be a 50MB blob loaded on every request.</p> <h2> 3. Live visitors with <code>sendBeacon</code> and transients (not cron, not WebSockets) </h2> <p>The "live visitors" widget was the feature clients asked for the most. Everyone wants a Shopify‑style "12 people on your site right now" widget. The naive implementations all suck:</p> <ul> <li> <strong>Cron polling</strong> — too slow, you get 10‑minute‑old data.</li> <li> <strong>WebSockets</strong> — would require a separate Node process; not shippable as a drop‑in WP plugin.</li> <li> <strong>Database row per ping</strong> — kills the DB on busy stores.</li> </ul> <p>What I landed on:</p> <p><strong>Storage:</strong> a single transient (<code>brikpanel_live_visitors</code>) holding an associative array keyed by visitor cookie ID. Transients live in the object cache if Redis/Memcached is enabled, otherwise in <code>wp_options</code> — but capped to ~75 seconds of data, so it never bloats.</p> <p><strong>Client‑side:</strong> a 30‑second <code>fetch</code> ping with <code>keepalive: true</code>, plus a <code>pagehide</code> handler that fires <code>navigator.sendBeacon</code> for the explicit "user left" signal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">sendExitSignal</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">();</span> <span class="nx">data</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">action</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">brikpanel_track_live_visitor</span><span class="dl">'</span><span class="p">);</span> <span class="nx">data</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">page_url</span><span class="dl">'</span><span class="p">,</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span><span class="p">);</span> <span class="nx">data</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">is_exit</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">true</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nb">navigator</span><span class="p">.</span><span class="nx">sendBeacon</span><span class="p">)</span> <span class="p">{</span> <span class="nb">navigator</span><span class="p">.</span><span class="nf">sendBeacon</span><span class="p">(</span><span class="nx">endpoint</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">endpoint</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">data</span><span class="p">,</span> <span class="na">keepalive</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}).</span><span class="k">catch</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{});</span> <span class="p">}</span> <span class="p">}</span> <span class="nb">window</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">pagehide</span><span class="dl">"</span><span class="p">,</span> <span class="nx">sendExitSignal</span><span class="p">);</span> </code></pre> </div> <p><code>sendBeacon</code> is the unsung hero here. It's the only browser API that <strong>guarantees</strong> the request will be delivered even as the page is being torn down. <code>fetch({ keepalive: true })</code> mostly works but isn't universally reliable.</p> <p><strong>Server‑side cleanup:</strong> on every ping, I prune entries older than <code>BRIKPANEL_VISITOR_TIMEOUT</code> (75s = 2.5× the ping interval, so a single dropped packet doesn't kick a real visitor off the list):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$limit_time</span> <span class="o">=</span> <span class="nb">time</span><span class="p">()</span> <span class="o">-</span> <span class="no">BRIKPANEL_VISITOR_TIMEOUT</span><span class="p">;</span> <span class="k">foreach</span> <span class="p">(</span> <span class="nv">$visitors</span> <span class="k">as</span> <span class="nv">$vid</span> <span class="o">=&gt;</span> <span class="nv">$data</span> <span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'last_active'</span><span class="p">]</span> <span class="o">&lt;</span> <span class="nv">$limit_time</span> <span class="p">)</span> <span class="p">{</span> <span class="k">unset</span><span class="p">(</span> <span class="nv">$visitors</span><span class="p">[</span> <span class="nv">$vid</span> <span class="p">]</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">set_transient</span><span class="p">(</span> <span class="s1">'brikpanel_live_visitors'</span><span class="p">,</span> <span class="nv">$visitors</span><span class="p">,</span> <span class="mi">120</span> <span class="p">);</span> </code></pre> </div> <p><strong>Polling pause:</strong> the admin dashboard stops polling when the tab is hidden:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">document</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">visibilitychange</span><span class="dl">'</span><span class="p">,</span> <span class="nf">function </span><span class="p">()</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nx">visibilityState</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">hidden</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nf">stopLivePolling</span><span class="p">();</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">startLivePolling</span><span class="p">();</span> <span class="nf">fetchDashboardData</span><span class="p">();</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p>This is the kind of detail that nobody notices until they leave a tab open overnight and wake up to 8,000 wasted AJAX requests.</p> <h2> 4. Why Cobe.js for the globe and Chart.js for charts </h2> <p>I auditioned a lot of libraries. Here's what I picked and why.</p> <h3> Cobe.js (~6KB) for the 3D order locations globe </h3> <p>I wanted that "Stripe homepage" interactive globe that shows where orders are coming from. The contenders:</p> <ul> <li> <strong>Three.js</strong> — 600KB+, way too heavy for an admin widget.</li> <li> <strong>D3 + d3-geo + d3-geo-projection</strong> — beautiful, but you have to ship country GeoJSON, which is 200–500KB depending on resolution.</li> <li> <strong>globe.gl</strong> — wraps Three.js, still huge.</li> <li> <strong>Cobe</strong> — WebGL, ships in ~6KB, no external assets, GPU‑rendered. <strong>Won.</strong> </li> </ul> <p>Cobe gives me a smooth rotating globe with marker dots for each city, and the entire library is smaller than a single PNG would have been.</p> <h3> Chart.js for everything 2D </h3> <p>This was less of a contest. The alternatives:</p> <ul> <li> <strong>D3</strong> — too low‑level for the use case. I don't need bespoke visualizations, I need a line chart that doesn't break.</li> <li> <strong>ECharts</strong> — fantastic, but ~900KB minified. Overkill.</li> <li> <strong>ApexCharts</strong> — nice API but the bundle is heavy and the legacy SVG renderer is slow with lots of points.</li> <li> <strong>Chart.js</strong> — Canvas‑based (fast even with hundreds of points), tree‑shakeable, ~70KB, the API is mature, and I can override defaults globally to match my design system in three lines: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">Chart</span><span class="p">.</span><span class="nx">defaults</span><span class="p">.</span><span class="nx">font</span><span class="p">.</span><span class="nx">family</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif</span><span class="dl">'</span><span class="p">;</span> <span class="nx">Chart</span><span class="p">.</span><span class="nx">defaults</span><span class="p">.</span><span class="nx">font</span><span class="p">.</span><span class="nx">size</span> <span class="o">=</span> <span class="mi">12</span><span class="p">;</span> <span class="nx">Chart</span><span class="p">.</span><span class="nx">defaults</span><span class="p">.</span><span class="nx">color</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">#616161</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <h3> Flatpickr for the date range picker </h3> <p>WordPress ships jQuery UI Datepicker by default and it looks like it was designed in 2008. Flatpickr is ~17KB, supports range mode out of the box, has zero dependencies, and looks modern. No contest.</p> <p><strong>Total third‑party JS payload for the dashboard:</strong> Chart.js + Cobe + Flatpickr ≈ <strong>95KB</strong>. That's roughly one product image.</p> <h2> 5. The "batch endpoint vs. many endpoints" decision </h2> <p>The dashboard has <strong>15+ widgets</strong>: total sales, orders count, AOV, visitors, conversion rate, sales over time chart, conversion funnel chart, order status rates, top products, top countries, top cities, recent orders, most viewed pages, most added to cart, live visitors.</p> <p>The lazy approach: 15 separate AJAX endpoints, each fetching one widget. The dashboard makes 15 requests on load.</p> <p>The right approach for an admin dashboard: <strong>one batch endpoint</strong> that runs all the queries on the server side and returns one JSON blob. Everything except live visitors goes through a single <code>wp_ajax_brikpanel_dashboard_data</code> action:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nf">wp_send_json_success</span><span class="p">(</span> <span class="p">[</span> <span class="s1">'total_sales'</span> <span class="o">=&gt;</span> <span class="nf">wc_price</span><span class="p">(</span> <span class="nv">$total_sales</span> <span class="p">),</span> <span class="s1">'order_count'</span> <span class="o">=&gt;</span> <span class="nv">$order_count</span><span class="p">,</span> <span class="s1">'aov'</span> <span class="o">=&gt;</span> <span class="nf">wc_price</span><span class="p">(</span> <span class="nv">$aov</span> <span class="p">),</span> <span class="s1">'visitor_count'</span> <span class="o">=&gt;</span> <span class="nv">$visitor_count</span><span class="p">,</span> <span class="s1">'conversion_rate'</span> <span class="o">=&gt;</span> <span class="nv">$conversion</span><span class="p">,</span> <span class="s1">'funnel'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="cm">/* … */</span> <span class="p">],</span> <span class="s1">'order_rates'</span> <span class="o">=&gt;</span> <span class="nv">$order_rates</span><span class="p">,</span> <span class="s1">'top_products'</span> <span class="o">=&gt;</span> <span class="nv">$top_products</span><span class="p">,</span> <span class="s1">'sales_over_time'</span> <span class="o">=&gt;</span> <span class="nv">$sales_over_time</span><span class="p">,</span> <span class="s1">'recent_orders'</span> <span class="o">=&gt;</span> <span class="nv">$recent_orders</span><span class="p">,</span> <span class="s1">'order_locations'</span> <span class="o">=&gt;</span> <span class="nv">$order_locations</span><span class="p">,</span> <span class="s1">'deltas'</span> <span class="o">=&gt;</span> <span class="nv">$deltas</span><span class="p">,</span> <span class="p">]</span> <span class="p">);</span> </code></pre> </div> <p><strong>Live visitors stay separate</strong> because they poll on a different cadence (every 10s instead of on date‑range change). One endpoint for "rare expensive batch", one endpoint for "frequent cheap poll". This is the sweet spot.</p> <h2> 6. Period‑over‑period deltas, done right </h2> <p>Every store owner wants "today vs. yesterday, +12.4% ↑". The math is trivial; the gotcha is <strong>edge cases</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">private</span> <span class="k">function</span> <span class="n">calc_delta</span><span class="p">(</span> <span class="nv">$current</span><span class="p">,</span> <span class="nv">$previous</span> <span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span> <span class="nv">$previous</span> <span class="o">==</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="nv">$current</span> <span class="o">==</span> <span class="mi">0</span> <span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span> <span class="nv">$previous</span> <span class="o">==</span> <span class="mi">0</span> <span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="mi">100</span><span class="p">;</span> <span class="c1">// can't divide by zero — show 100% as "new"</span> <span class="p">}</span> <span class="k">return</span> <span class="nb">round</span><span class="p">(</span> <span class="p">(</span> <span class="p">(</span> <span class="nv">$current</span> <span class="o">-</span> <span class="nv">$previous</span> <span class="p">)</span> <span class="o">/</span> <span class="nv">$previous</span> <span class="p">)</span> <span class="o">*</span> <span class="mi">100</span><span class="p">,</span> <span class="mi">1</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The "previous period" is calculated as the same span immediately before the current one. If you're looking at the last 7 days, the comparison is the 7 days before that. Sounds obvious, but I've seen plugins that compare "last 7 days" to "the same 7 days last year", which is meaningless for a small store.</p> <p>I also had to deal with <strong>timezone hell</strong>. WooCommerce stores all order dates in <strong>GMT</strong> (<code>date_created_gmt</code>). The visitor table stores <strong>local dates</strong> because that's what the user sees ("today's visitors" should mean today <em>in Istanbul</em>, not today in UTC). So the date calculation does both:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$start_local</span> <span class="o">=</span> <span class="nf">wp_date</span><span class="p">(</span> <span class="s1">'Y-m-d 00:00:00'</span> <span class="p">);</span> <span class="nv">$end_local</span> <span class="o">=</span> <span class="nf">wp_date</span><span class="p">(</span> <span class="s1">'Y-m-d 23:59:59'</span> <span class="p">);</span> <span class="nv">$start_gmt</span> <span class="o">=</span> <span class="nf">get_gmt_from_date</span><span class="p">(</span> <span class="nv">$start_local</span> <span class="p">);</span> <span class="nv">$end_gmt</span> <span class="o">=</span> <span class="nf">get_gmt_from_date</span><span class="p">(</span> <span class="nv">$end_local</span> <span class="p">);</span> </code></pre> </div> <p>Order queries use <code>*_gmt</code>, visitor queries use <code>*_local</code>. Mixing them up gives you the kind of off‑by‑one bug that only shows up at 11 PM Istanbul time and then disappears at midnight. Don't ask me how I know.</p> <h2> 7. Excluding admin orders from analytics (the boring detail that matters) </h2> <p>Every dev who tests their own store places test orders. Every store owner places test orders. If you don't filter them out, the dashboard reports wildly inflated numbers on day one and the store owner concludes the plugin is broken.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">brikpanel_admin_order_exclusion_sql</span><span class="p">(</span> <span class="nv">$hpos</span><span class="p">,</span> <span class="nv">$id_column</span> <span class="o">=</span> <span class="s1">''</span> <span class="p">)</span> <span class="p">{</span> <span class="nv">$admin_ids</span> <span class="o">=</span> <span class="nf">brikpanel_get_admin_user_ids</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span> <span class="k">empty</span><span class="p">(</span> <span class="nv">$admin_ids</span> <span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'sql'</span> <span class="o">=&gt;</span> <span class="s1">''</span><span class="p">,</span> <span class="s1">'args'</span> <span class="o">=&gt;</span> <span class="p">[]</span> <span class="p">];</span> <span class="p">}</span> <span class="nv">$placeholders</span> <span class="o">=</span> <span class="nb">implode</span><span class="p">(</span> <span class="s1">', '</span><span class="p">,</span> <span class="nb">array_fill</span><span class="p">(</span> <span class="mi">0</span><span class="p">,</span> <span class="nb">count</span><span class="p">(</span> <span class="nv">$admin_ids</span> <span class="p">),</span> <span class="s1">'%d'</span> <span class="p">)</span> <span class="p">);</span> <span class="k">if</span> <span class="p">(</span> <span class="nv">$hpos</span> <span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'sql'</span> <span class="o">=&gt;</span> <span class="s2">" AND customer_id NOT IN (</span><span class="si">{</span><span class="nv">$placeholders</span><span class="si">}</span><span class="s2">)"</span><span class="p">,</span> <span class="s1">'args'</span> <span class="o">=&gt;</span> <span class="nv">$admin_ids</span><span class="p">,</span> <span class="p">];</span> <span class="p">}</span> <span class="k">global</span> <span class="nv">$wpdb</span><span class="p">;</span> <span class="nv">$col</span> <span class="o">=</span> <span class="nv">$id_column</span> <span class="o">?:</span> <span class="s1">'ID'</span><span class="p">;</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'sql'</span> <span class="o">=&gt;</span> <span class="s2">" AND </span><span class="si">{</span><span class="nv">$col</span><span class="si">}</span><span class="s2"> NOT IN (SELECT post_id FROM </span><span class="si">{</span><span class="nv">$wpdb</span><span class="o">-&gt;</span><span class="n">postmeta</span><span class="si">}</span><span class="s2"> WHERE meta_key = '_customer_user' AND meta_value IN (</span><span class="si">{</span><span class="nv">$placeholders</span><span class="si">}</span><span class="s2">))"</span><span class="p">,</span> <span class="s1">'args'</span> <span class="o">=&gt;</span> <span class="nv">$admin_ids</span><span class="p">,</span> <span class="p">];</span> <span class="p">}</span> </code></pre> </div> <p>The admin user list is cached in object cache for 5 minutes, so this isn't a per‑query lookup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">brikpanel_get_admin_user_ids</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$cached</span> <span class="o">=</span> <span class="nf">wp_cache_get</span><span class="p">(</span> <span class="s1">'brikpanel_admin_user_ids'</span> <span class="p">);</span> <span class="k">if</span> <span class="p">(</span> <span class="kc">false</span> <span class="o">!==</span> <span class="nv">$cached</span> <span class="p">)</span> <span class="k">return</span> <span class="nv">$cached</span><span class="p">;</span> <span class="nv">$admins</span> <span class="o">=</span> <span class="nf">get_users</span><span class="p">(</span> <span class="p">[</span> <span class="s1">'capability'</span> <span class="o">=&gt;</span> <span class="s1">'manage_options'</span><span class="p">,</span> <span class="s1">'fields'</span> <span class="o">=&gt;</span> <span class="s1">'ID'</span> <span class="p">]</span> <span class="p">);</span> <span class="nv">$admin_ids</span> <span class="o">=</span> <span class="nb">array_map</span><span class="p">(</span> <span class="s1">'intval'</span><span class="p">,</span> <span class="nv">$admins</span> <span class="p">);</span> <span class="nf">wp_cache_set</span><span class="p">(</span> <span class="s1">'brikpanel_admin_user_ids'</span><span class="p">,</span> <span class="nv">$admin_ids</span><span class="p">,</span> <span class="s1">''</span><span class="p">,</span> <span class="mi">300</span> <span class="p">);</span> <span class="k">return</span> <span class="nv">$admin_ids</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> 8. Order source detection across marketplaces </h2> <p>Most of my client base is in Turkey, where stores often sell on Trendyol, Hepsiburada, N11, and Amazon simultaneously, syncing back into WooCommerce via marketplace plugins. Knowing <strong>which orders came from which channel</strong> is huge.</p> <p>There's no standard for this — every marketplace plugin uses its own meta key. I just hard‑coded a priority list:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$marketplace_keys</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'_amz_order_id'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="s1">'amazon'</span><span class="p">,</span> <span class="s1">'label'</span> <span class="o">=&gt;</span> <span class="s1">'Amazon'</span><span class="p">,</span> <span class="s1">'color'</span> <span class="o">=&gt;</span> <span class="s1">'#ff9900'</span> <span class="p">],</span> <span class="s1">'_brksoft_trendyol_order_number'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="s1">'trendyol'</span><span class="p">,</span> <span class="s1">'label'</span> <span class="o">=&gt;</span> <span class="s1">'Trendyol'</span><span class="p">,</span> <span class="s1">'color'</span> <span class="o">=&gt;</span> <span class="s1">'#f27a1a'</span> <span class="p">],</span> <span class="s1">'_ty_order_number'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="s1">'trendyol'</span><span class="p">,</span> <span class="s1">'label'</span> <span class="o">=&gt;</span> <span class="s1">'Trendyol'</span><span class="p">,</span> <span class="s1">'color'</span> <span class="o">=&gt;</span> <span class="s1">'#f27a1a'</span> <span class="p">],</span> <span class="s1">'_hb_order_number'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="s1">'hepsiburada'</span><span class="p">,</span> <span class="s1">'label'</span> <span class="o">=&gt;</span> <span class="s1">'Hepsiburada'</span><span class="p">,</span> <span class="s1">'color'</span> <span class="o">=&gt;</span> <span class="s1">'#ff6000'</span> <span class="p">],</span> <span class="s1">'_n11_order_id'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="s1">'n11'</span><span class="p">,</span> <span class="s1">'label'</span> <span class="o">=&gt;</span> <span class="s1">'N11'</span><span class="p">,</span> <span class="s1">'color'</span> <span class="o">=&gt;</span> <span class="s1">'#00b900'</span> <span class="p">],</span> <span class="s1">'_ozon_posting_number'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="s1">'ozon'</span><span class="p">,</span> <span class="s1">'label'</span> <span class="o">=&gt;</span> <span class="s1">'Ozon'</span><span class="p">,</span> <span class="s1">'color'</span> <span class="o">=&gt;</span> <span class="s1">'#005bff'</span> <span class="p">],</span> <span class="p">];</span> <span class="k">foreach</span> <span class="p">(</span> <span class="nv">$marketplace_keys</span> <span class="k">as</span> <span class="nv">$meta_key</span> <span class="o">=&gt;</span> <span class="nv">$config</span> <span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span> <span class="o">!</span> <span class="k">empty</span><span class="p">(</span> <span class="nv">$order</span><span class="o">-&gt;</span><span class="nf">get_meta</span><span class="p">(</span> <span class="nv">$meta_key</span> <span class="p">)</span> <span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'type'</span> <span class="o">=&gt;</span> <span class="s1">'marketplace'</span><span class="p">,</span> <span class="cm">/* … */</span> <span class="p">];</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If none of those match, fall back to <strong>WC Order Attribution</strong> (WooCommerce 8.4+), which captures <code>_wc_order_attribution_source_type</code> (organic / referral / utm / typein / admin). That gives reasonable coverage for the rest of the orders.</p> <p>It's not glamorous, but it's the kind of code that makes a store owner go "oh wow, it knows which orders are from Trendyol!"</p> <h2> 9. i18n from day one — even if you only speak two languages </h2> <p>I wrote the plugin in English (the codebase, the strings, everything) and ran it through WordPress's standard <code>__()</code> / <code>esc_html_e()</code> functions with a <code>brikpanel</code> text domain. Then I localize it for the JS side via <code>wp_localize_script</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nf">wp_localize_script</span><span class="p">(</span><span class="s1">'brikpanel_dashboard_scripts'</span><span class="p">,</span> <span class="s1">'brikpanelDashboard'</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'ajax_url'</span> <span class="o">=&gt;</span> <span class="nf">admin_url</span><span class="p">(</span><span class="s1">'admin-ajax.php'</span><span class="p">),</span> <span class="s1">'nonce'</span> <span class="o">=&gt;</span> <span class="nf">wp_create_nonce</span><span class="p">(</span><span class="s1">'brikpanel_dashboard_nonce'</span><span class="p">),</span> <span class="s1">'currency'</span> <span class="o">=&gt;</span> <span class="nf">get_woocommerce_currency_symbol</span><span class="p">(),</span> <span class="s1">'i18n'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'revenue'</span> <span class="o">=&gt;</span> <span class="nf">__</span><span class="p">(</span><span class="s1">'Revenue'</span><span class="p">,</span> <span class="s1">'brikpanel'</span><span class="p">),</span> <span class="s1">'orders'</span> <span class="o">=&gt;</span> <span class="nf">__</span><span class="p">(</span><span class="s1">'Orders'</span><span class="p">,</span> <span class="s1">'brikpanel'</span><span class="p">),</span> <span class="c1">// …</span> <span class="p">],</span> <span class="p">]);</span> </code></pre> </div> <p>Doing this from day one means the same plugin works on a Turkish store, an English store, and a German store with zero code changes — just a <code>.po</code> file. It also forces you to write English‑first code, which is a <strong>massive</strong> quality multiplier when you're working with collaborators or AI assistants. (Turkish comments in PHP that talk about <code>gmdate()</code> vs <code>wp_date()</code> confuse everyone, including future me.)</p> <h2> 10. Security: nonces, capabilities, and <code>$wpdb-&gt;prepare</code> everywhere </h2> <p>This isn't glamorous either, but it's where most WP plugins fall down. Every AJAX handler in BrikPanel does three things, in this order:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">ajax_dashboard_data</span><span class="p">()</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span> <span class="o">!</span> <span class="nf">check_ajax_referer</span><span class="p">(</span> <span class="s1">'brikpanel_dashboard_nonce'</span><span class="p">,</span> <span class="s1">'security'</span><span class="p">,</span> <span class="kc">false</span> <span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="nf">wp_send_json_error</span><span class="p">(</span> <span class="p">[</span> <span class="s1">'message'</span> <span class="o">=&gt;</span> <span class="s1">'Invalid nonce.'</span> <span class="p">]</span> <span class="p">);</span> <span class="nf">wp_die</span><span class="p">();</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span> <span class="o">!</span> <span class="nf">current_user_can</span><span class="p">(</span> <span class="s1">'manage_woocommerce'</span> <span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="nf">wp_send_json_error</span><span class="p">(</span> <span class="p">[</span> <span class="s1">'message'</span> <span class="o">=&gt;</span> <span class="s1">'Unauthorized.'</span> <span class="p">]</span> <span class="p">);</span> <span class="nf">wp_die</span><span class="p">();</span> <span class="p">}</span> <span class="nv">$range</span> <span class="o">=</span> <span class="k">isset</span><span class="p">(</span> <span class="nv">$_POST</span><span class="p">[</span><span class="s1">'range'</span><span class="p">]</span> <span class="p">)</span> <span class="o">?</span> <span class="nf">sanitize_key</span><span class="p">(</span> <span class="nv">$_POST</span><span class="p">[</span><span class="s1">'range'</span><span class="p">]</span> <span class="p">)</span> <span class="o">:</span> <span class="s1">'today'</span><span class="p">;</span> <span class="c1">// …</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>Nonce check</strong> — proves the request came from a legit admin page, not CSRF.</li> <li> <strong>Capability check</strong> — <code>manage_woocommerce</code> for analytics, <code>manage_options</code> for live visitor data. Never <code>is_admin()</code>, which only checks if you're <em>on</em> an admin page, not whether you're <em>authorized</em> to be.</li> <li> <strong><code>$wpdb-&gt;prepare</code> with placeholders</strong> — every single SQL query, no exceptions. String interpolation into SQL is the #1 way WP plugins get owned.</li> </ol> <p>The cost of doing this consistently is small. The cost of <em>not</em> doing it once is a CVE entry with your plugin slug in it. Worth it.</p> <h2> What I'd do differently </h2> <p>If I were starting over today:</p> <ol> <li> <strong>HPOS first, legacy as a fallback</strong> — I built it the other way around and had to refactor every query.</li> <li> <strong>Custom tables from day one</strong> — I started with <code>wp_options</code> arrays for visitor counts, hit the wall around 10k stores, migrated. Painful.</li> <li> <strong>One batch endpoint, not 15</strong> — same story. Started with 15, consolidated.</li> <li> <strong>Cobe.js immediately</strong> — I tried Three.js first, deleted ~400KB of bundle when I switched.</li> <li> <strong>English‑first, i18n‑first</strong> — non‑negotiable. Even if you only ship in one language.</li> </ol> <h2> What I learned about WooCommerce as a platform </h2> <p>WooCommerce is enormous, inconsistent, and it absolutely makes sense why it dominates self‑hosted ecommerce. You get a <strong>gigantic</strong> API surface for free: products, orders, customers, taxes, shipping, coupons, attribution, marketplaces, the works. You also get a 15‑year‑old codebase with two parallel data models, dozens of legacy meta keys, and the kind of edge cases that only emerge after a few thousand real installs.</p> <p>If you're thinking about building something on top of it: <strong>assume nothing, test on real stores early</strong>, and always write the HPOS path first.</p> <h2> Try it </h2> <p><strong><a href="https://wordpress.org/plugins/brikpanel-admin-panel-dashboard-for-woocommerce/" rel="noopener noreferrer">BrikPanel on WordPress.org →</a></strong></p> <p>The whole plugin is GPL‑2.0+ and <strong>100% free</strong> — there is no premium version, no paid add‑on, and no feature gated behind a license key. Everything in this post (HPOS dual queries, custom DB tables, the live globe, marketplace detection, the batch endpoint) ships in the free download. If you find a bug or want a feature, the support forum on WordPress.org is the fastest way to reach me.</p> <p>Thanks for reading. If anything in this post saved you from a mistake I already made, that's a win for both of us.</p> wordpress woocommerce php javascript