Everything you'd want to know before you install.
A detailed look at how DataFirefly Social Connect — Social login & analytics for WooCommerce works, why we built it the way we did, and the thinking behind the features above.
Six social sign-ins in a single plugin
Instead of installing one plugin per provider, Social Connect bundles Google (with One-Tap), Apple (Sign in with Apple), Facebook, Microsoft (identity platform), LinkedIn and X (Twitter) into a single extension. Every authentication flow is implemented properly: full JWKS signature verification for Google One-Tap, on-the-fly ES256 signing of the Apple client secret, appsecret_proof hardening for Facebook, S256 PKCE for X. No simulation — these are the real OAuth 2.0 / OpenID Connect protocols.
Measure what matters: attributed orders
Most social-login plugins count button clicks. Social Connect goes much further: every WooCommerce order placed by a customer who signed in socially is attributed back to its originating provider. You know exactly how much revenue Google brought you, how much Apple, how much LinkedIn — and how much each A/B variant converts. Dashboard KPIs include sign-ins, registrations, linked accounts, attributed orders, revenue, conversion rate, breakdown by device and top countries.
Button A/B testing with zero third-party service
Compare two looks (filled / outline / minimal style, rounded / pill / square shape, stacked / inline layout, "Continue with…", "Sign in with…" or icon-only label) with measured impressions, conversions and per-variant rate. The winning variant is highlighted automatically on the dashboard. No external service calls: everything is measured in your database, GDPR-compliant by construction.
Anti-fraud designed for exposed stores
A store with social login is also a target for credential-stuffing attempts and automated account creation. Social Connect includes per-IP velocity limiting (attempts per rolling window + block duration, all configurable), a disposable-email filter (extensible via WordPress filter) and hashed IP storage by default (HMAC-SHA256 with wp_salt). The block event is logged in the recent activity for audit.
Privacy and GDPR at the heart of the design
Three IP-storage modes (full, hashed, or none), geolocation through the MaxMind database WooCommerce already embeds (no external calls), personal-data export and erasure integrated with WordPress's native Tools, an events table kept separate from the linked-accounts table to make erasure easier without losing statistical aggregates. GDPR-compliant across the EU and beyond.
Premium code, performance preserved
Written in strictly-typed PHP 8, PSR-4 architecture without Composer dependencies, charts rendered with native HTML5 canvas (no CDN, no Chart.js), SQL indexes on filter columns, JWKS public keys and Apple client secret cached, database-version management with automatic dbDelta migration. HPOS and Cart & Checkout Blocks compatibility declared by the book.
There are no reviews yet.