DataFirefly Server-Side — Complete guide
Install and connect the free DataFirefly Server-Side plugin, wire client + server tracking for the whole WooCommerce funnel, understand deduplication by event_id, the unblockable server-side purchase, consent handling (including Cookie Consent v2), the retry queue and the service subscription.
DataFirefly Server-Side is the free WooCommerce connector for the DataFirefly Server-Side Tracking service. The plugin captures your shop’s events and signs them; the service delivers them server-side to your advertising and analytics platforms. This guide covers installation, connection, how the client + server funnel works, deduplication, the server-side purchase, consent handling, reliability and the subscription.
Free plugin + paid service model. The plugin costs nothing and will stay free. To actually send your events, you need a subscription to the DataFirefly Server-Side service (from €39/month), which handles ingestion and server-side delivery.
Requirements
- WordPress 5.8 or above
- WooCommerce 5.0 or above (HPOS — High-Performance Order Storage — compatible)
- PHP 7.4 or above
- A working WordPress cron (or a real system cron) for the retry queue and deferred sending
- A DataFirefly Server-Side subscription to obtain your connection key
Installation
- Download
datafirefly-serverside-2_0_1.zipfrom your DataFirefly client space. - In the WordPress admin, go to Plugins → Add New → Upload Plugin, select the ZIP and click Install Now.
- Activate the plugin. A new DataFirefly Server-Side menu appears in the admin.
One-key connection
The plugin is configured with a single connection key that activates client and server tracking at once.
- From your DataFirefly client space, copy the connection key (it starts with
dfss_). - Paste it into the field on the plugin’s Connection screen.
- Click Connect. The plugin activates client and server tracking, sends a test event to the dispatcher and puts the client tags in place for the configured destinations.
- Check that the status turns to Connected ✓ and use the Test event button to confirm delivery.
The dfss_… key encodes your tenant, a secret and the dispatcher endpoint. It is restricted to datafirefly.com hosts over HTTPS: a key pointing to any other domain is refused.
Advanced mode (manual entry)
If you would rather not use the single key, advanced mode lets you enter the tenant, the secret and the endpoint manually. Keep it for specific setups: one-key mode covers almost every case.
Full client + server funnel
The plugin tracks the whole funnel in the browser, while the purchase conversion fires from the server.
- In the browser:
page_view,view_content(product view),add_to_cart,initiate_checkoutandadd_payment_info. - On the server:
purchase, triggered from the WooCommerce order hooks.
Both layers share the same event identifier to enable deduplication.
Deduplication by event_id
For each order, the client event and the server event carry the same event_id, keyed on the order id (for example order_1042). Meta, GA4 and the other platforms use it to count each conversion only once. You recover the conversions the browser lets slip, without double counting.
Server-side purchase: reliable and unspoofable
The purchase conversion is triggered by the WooCommerce order hooks (payment complete, processing, completed), idempotently: a lock (_dfss_sent) guarantees the same purchase is never sent twice, even if several hooks fire.
- Because the event comes from the server, no ad-blocker or ITP can prevent it.
- Conversely, the public collection endpoint (beacon) deliberately excludes the
purchaseevent: no one can inject a fake purchase from the browser to inflate your Meta or GA4 revenue. - The event context (value, currency, products) is authoritative on the server: the browser guesses nothing.
To keep attribution reliable even through a payment gateway with redirect, the plugin captures the _fbp, _fbc, _ga, _ttp cookies at checkout and attaches them to the order, and sets first-party click-id cookies (90 days) to carry fbc, ttclid and gclid through to the purchase.
Consent handling
The consent gate is on by default: nothing is sent until marketing consent is granted.
Native compatibility with Cookie Consent v2
The plugin natively detects the DataFirefly Cookie Consent — GDPR & Google Consent Mode v2 module and reads its consent cookie (dfcc_consent) directly on the server. If the marketing category is refused, the event is discarded, whatever the browser claims. This is the recommended combination: banner, Consent Mode v2 and server-side tracking speak the same language.
Other consent solutions
Without Cookie Consent v2, the plugin also supports WP Consent API, Complianz, Cookiebot and IAB TCF v2. You can keep your current banner and hook tracking onto it.
Reliability: retry queue and activity log
An event that could not be delivered is not lost: it is queued and redelivered automatically by a cron every 5 minutes.
The activity log shows in real time, without jargon, what has been delivered, what is queued and what has been rejected, with the HTTP code and the number of attempts. It is your first diagnostic step.
The WordPress cron only runs on traffic. On a low-traffic shop, set up a real system cron calling wp-cron.php so the retry queue empties regularly.
Security
- No secret in the browser: only public identifiers (pixel, measurement id) are exposed on the client.
- The signing secret and your destination credentials stay on the server.
- Every event is HMAC-signed before reaching the dispatcher, hosted in the EU (Germany).
DataFirefly Server-Side subscription
The plugin captures and signs; the DataFirefly Server-Side Tracking service ingests and delivers server-side to five destinations: Meta CAPI, GA4 (Measurement Protocol), TikTok Events API, Pinterest Conversions API and Google Ads. The dispatcher is hosted in Germany, ingestion is HMAC-signed, personal data is masked and firing respects consent. One integration, one consolidated invoice, several sites possible.
Discover the plans and subscribe at server-side.datafirefly.com:
- Starter — €39/month: 1 site, up to 500K events
- Growth — €119/month: 5 sites, up to 2M events
- Scale — €349/month: 20 sites, up to 10M events
Troubleshooting
Status stays “Not connected”
Check that the key starts with dfss_ and was copied in full. A key pointing to a domain other than datafirefly.com (HTTPS) is refused. Try the Test event button again.
The purchase is not tracked
The purchase fires from the order hooks: make sure the order reaches a payment status (complete / processing / completed). Check the activity log to see whether the event is queued or rejected, and check the cron if events are piling up.
Conversions counted twice
Check that no other tracking plugin is already sending a competing purchase without a shared event_id. With DataFirefly Server-Side alone, the order-based event_id guarantees deduplication.
Nothing fires even though consent seems granted
The gate is on by default. Check that the marketing category is actually accepted in your consent solution, and that this solution is detected (Cookie Consent v2, WP Consent API, Complianz, Cookiebot or IAB TCF v2).
Need help? Contact DataFirefly support from your client space, attaching a screenshot of the activity log (HTTP code + number of attempts).