WordPress.org

ئۇيغۇرچە

WordPress كە ئېرىشىش
WordPress.org

Plugin Directory

WinaltChat for WooCommerce

WinaltChat for WooCommerce

يازغۇچى Fahad Ali
چۈشۈر

چۈشەندۈرۈش

WinaltChat adds a fast, intelligent chat widget to your
WooCommerce store. Customers can search your product catalogue,
get instant answers about shipping and returns, and — when they
need a real person — connect to your support team through a built-in
live chat system, all without leaving your store.

AI Shopping Assistant

  • Dual AI Modes — Use your own API key from Groq — LLaMA
    (Free Tier), ChatGPT (OpenAI), Claude (Anthropic), or Gemini
    (Google) for full conversational AI. No key? The built-in
    Basic AI mode runs entirely on your server with zero external
    calls and zero ongoing cost.
  • Smart Product Search — Intent-aware search across your
    WooCommerce catalogue. Handles typos, synonyms, multilingual and mixed-language
    queries, and follow-up questions naturally.
  • Product Comparisons — Customers can ask «which is better, the Sony or the
    Samsung?» and get a clear side-by-side comparison
    with prices and key specs from your own catalogue.
  • Store Knowledge Base — Reads your shipping, returns, contact,
    and about pages to answer policy questions accurately and
    dynamically — no hardcoded answers that break for other stores.
  • Conversation Context — Remembers context within a session so
    follow-up questions («does it come in blue?») work naturally.
  • Amazon Affiliate Fallback — When a product is out of stock,
    optionally suggest an Amazon affiliate link so you still earn a
    commission.

Live Human Chat

  • Human Handoff — When a customer types phrases like «I want
    to talk to a human», «customer service», «live agent», or dozens
    of natural variants, the plugin detects the request and connects
    them to a real person on your team.
  • Admin Live Chats Dashboard — A dedicated Live Chats screen
    in your WordPress admin shows all active, waiting, and closed
    conversations in a two-panel interface. Keep the tab open to stay
    marked online for visitors.
  • Visitor Name Prompt — Before connecting, the visitor is
    optionally asked for their name. If skipped, they are identified
    as «Visitor #ID» so you can tell conversations apart.
  • Full Conversation Context for Agents — When a customer is
    handed off, the admin sees the complete prior AI conversation so
    there is no need to ask «how can I help?» twice.
  • Visitor Presence Dot — A green dot shows the visitor is
    active. It turns grey within 30 seconds if they close the tab.
  • Two-Tier Timeout — If your team does not respond within
    90 seconds, the visitor sees a friendly patience message. After
    5 minutes of no reply, the chat gracefully falls back to the AI
    assistant with an optional email capture.
  • Intelligent Offline Handling — When no admin is online the AI
    keeps helping. Visitors can optionally leave their email for a
    follow-up. Leads appear in the admin Live Chats list with a
    dedicated Leads section and unread badge.
  • Session Management — Close chats when resolved, or delete
    them permanently. Closed and lead sessions stay visible in
    their own sections until manually removed.
  • Zero External Dependencies — Live chat runs entirely within
    your WordPress site using secure AJAX polling over the REST API.
    No Pusher, no third-party service, no extra cost.
  • Email Notifications — Get an email when a customer starts a
    live chat or leaves their contact details while you are offline.

Privacy & Security

  • All live chat data is stored in your own WordPress database.
    Nothing is sent to an external service.
  • Session tokens are 32-character cryptographically random strings
    — not sequential IDs — so sessions cannot be enumerated.
  • All endpoints enforce nonces, capability checks, input
    sanitization, output escaping, and rate limiting.
  • Message content is sanitized server-side and rendered via
    textContent in the browser — XSS injection is not possible.

Requirements

  • WordPress 6.2 or later
  • WooCommerce 7.0 or later (must be installed and active)
  • PHP 7.4 or later
  • An API key from Groq, OpenAI, Anthropic, or Google (optional —
    Basic AI and Live Chat both work without one)

Support

We aim to respond to all support requests within 48 hours.

External Services

This plugin connects to third-party AI providers only when you
configure an external AI mode and enter your own API key. In Basic
AI mode and during live human chat, no external AI service is used.

AI Providers (optional — only when an API key is configured)

Customer messages, recent conversation context, and relevant store
and product context are sent to the AI provider you select so it
can generate a response. No data is sent to these providers when
using Basic AI mode.

Amazon Associate Program (optional — only when a tag is configured)

When the Amazon fallback is enabled and no matching product is
found in your store, the plugin generates an Amazon search link
with your Associate tag. No customer data is transmitted to Amazon
by the plugin — the link simply directs the visitor’s browser.

ئورنىتىش

  1. Upload the winaltchat-for-woocommerce folder to
    /wp-content/plugins/, or install directly via the WordPress
    Plugins screen.
  2. Activate the plugin through the Plugins screen in WordPress.
  3. Make sure WooCommerce is installed and active.
  4. Navigate to WinaltChat Settings in the WordPress admin.
  5. AI Mode (optional): Choose your preferred AI provider and
    enter your API key, or leave blank to use the built-in Basic AI
    mode at zero cost.
  6. Live Human Chat (optional): Scroll to the Live Human Chat
    section, enable the toggle, set a notification email and agent
    display name. A Live Chats item will appear in the sidebar.
  7. Keep the Live Chats tab open in your browser while you work
    to appear online to visitors requesting a human.
  8. Customise the chat appearance under the Chat Appearance tab.

FAQ

Do I need an API key to use this plugin?

No. The built-in Basic AI mode handles product search, comparisons,
policy questions, and conversation without any API key or external
service. Real AI mode (Groq, OpenAI, Claude, Gemini) is optional
and improves response quality for complex queries.

Does Live Human Chat require any external service?

No. It runs entirely within your WordPress site using the WordPress
REST API. No Pusher, no LiveChat subscription, no third-party
accounts needed.

How does the admin know a customer is waiting?

Two ways: a browser notification fires in the Live Chats tab (if
you grant notification permission), and an email is sent to your
configured notify address. Keep the Live Chats tab open while
you work to stay marked as online.

What happens if no admin is online when a customer asks for help?

The AI assistant keeps helping the customer seamlessly. A message
explains the team is unavailable, and the customer is offered an
optional email field so you can follow up. No dead ends.

How long before an unanswered live chat falls back to the AI?

At 90 seconds of no response, the visitor sees a friendly
«thanks for your patience» message. At 5 minutes, the chat
gracefully returns to AI mode with an email capture option. Both
thresholds are configurable in the Live Human Chat settings.

Can multiple admins handle chats at the same time?

Currently any admin with the manage_options capability can see and
reply to all live chats. Multi-agent role management is planned for
a future release.

How do I remove all plugin data on uninstall?

Deleting the plugin via the WordPress Plugins screen automatically
removes all WinaltChat settings, options, and live chat database
tables from your site.

Does it work with my theme?

Yes. The chat widget is injected into the page footer and uses its
own scoped CSS so it does not conflict with theme styles.

Will it slow down my site?

The AI chat widget loads asynchronously and does not block page
rendering. Live chat polling only runs while an active live session
is in progress — normal AI chat and idle pages make zero polling
requests.

باھالاشلار

بۇ قىستۇرمىغا تېخى باھا يېزىلمىدى.

تۆھپىكار ۋە ئىجادكار

«WinaltChat for WooCommerce» كودى ئوچۇق يۇمشاق دېتال. تۆۋەندىكى كىشىلەر بۇ قىستۇرمىغا تۆھپە قوشقان.

تۆھپىكار

«WinaltChat for WooCommerce» نى تىلىڭىزغا تەرجىمە قىلىڭ

ئىجادىيەتكە قىزىقامسىز؟

كودقا كۆز يۈگۈرتۈپ، SVN خەزىنە تەكشۈرۈپ ياكى RSSئارقىلىق ئىجادىيەت خاتىرىسىگە مۇشتەرى بولغىلى بولىدۇ.

ئۆزگىرىش خاتىرىسى

1.3.8

  • Fix: Replaced store-specific product examples (GFC, Electromax) in readme.txt and code comments with generic international examples suitable for any WooCommerce store worldwide.
  • Fix: «Urdu/English mixed queries» replaced with «multilingual and mixed-language queries» in plugin description.

1.3.7

  • Maintenance: Trimmed changelog to WordPress.org 5000 character limit, keeping entries from 1.2.6 onwards.
  • Fix: Plugin URI updated to the WordPress.org plugin page.

1.3.6

  • Security: Added per-IP rate limiting (30 requests / 60 seconds) to the AI chat REST endpoint to prevent API credit abuse by automated clients.
  • Security: Visitor poll endpoint now verifies the WP REST nonce (via X-WP-Nonce header or ?nonce= query param) in addition to the session token, consistent with all other visitor endpoints.
  • Fix: admin.js settings-save buttons now build DOM nodes with textContent / .text() instead of jQuery .html() string concatenation, eliminating a theoretical HTML injection path via malicious translation files.
  • Fix: Chat transcript download now passes assistant message content through sanitizeViaDOM() before inserting it into the exported HTML file.
  • Fix: readme.txt Tested up to corrected from 7.0 to 6.8.

1.3.5

  • Fix: Bumped minimum WordPress requirement from 6.0 to 6.2 to legitimise use of the %i identifier placeholder in $wpdb->prepare() calls — PHPCS was correctly flagging %i as unsupported below 6.2.

1.3.4

  • Fix: PluginCheck.Security.DirectDB.UnescapedDBParameter warnings resolved — all flagged queries now use the %i identifier placeholder (WordPress 6.2+) for table names instead of PHP string interpolation, eliminating intermediate $sql variables that triggered the sniff.
  • Fix: DELETE queries in the admin delete handler replaced with $wpdb->delete() — no manual SQL string construction.
  • Note: WordPress.DB.DirectDatabaseQuery.SchemaChange warnings in uninstall.php are advisory-only and expected — Plugin Check always warns on DROP TABLE. They do not block WordPress.org submission.

1.3.3

  • Fix: Plugin Check warnings resolved — all PHPCS checks pass cleanly.
  • Fix: readme.txt short description trimmed to a single line under 150 characters.
  • Fix: Two DELETE queries in the admin delete handler now use $wpdb->delete() — direct session_id interpolation removed.
  • Fix: Remaining UnescapedDBParameter Plugin Check warnings suppressed with inline phpcs:ignore comments where table names are trusted constants and values are prepared.

1.3.2

  • Fix: «Support team» now correctly replaces «human» in the email capture prompt — root cause was the PHP localized string in class-winalt-frontend.php overriding the JS fallback.
  • Fix: «New» badge on lead sessions disappears when clicked and does not reappear on subsequent polls (seenLeadIds tracking added).
  • Fix: Email submission correctly sends session token so the existing session is converted to a Lead, no duplicate row created.
  • Fix: Section headers (Active/Leads/Closed) now styled as clear readable headings with dividers between sections.
  • Security: User messages now rendered via textContent — HTML tags typed by visitors can no longer render in the chat widget.
  • Security: sanitizeViaDOM() added as a DOM-based sanitizer for AI response content; strips script, iframe, svg, form, and all on* event handlers before innerHTML insertion. img allowed but dangerous attributes stripped.
  • Security: sanitizeRichContent() updated to remove img from the allowed-tags whitelist.

1.3.1

  • Fix: Email prompt says «support team» not «human».
  • Fix: Submitting email now converts the existing session to a Lead — never creates a duplicate row.
  • Fix: Admin list now shows all session statuses so closed chats stay visible after admin closes them.
  • Fix: 429 and HTTP error responses from /start no longer leave «Checking…» stuck — error path clears the message and shows the email capture form.
  • Fix: Admin replies no longer appear twice (message_id from server response advances state.lastId before the confirming poll).
  • Fix: PHP handoff response set to empty to prevent a third connecting message alongside the JS status lines.
  • Fix: Email capture only shows «Thanks!» on a successful server response — invalid addresses show an inline error message without removing the form.
  • New: New offline lead sessions show an amber «New» badge and update the page title with a lead count.
  • Remove: Auto-cleanup cron removed — manual Delete button is the only way to remove sessions.

1.3.0

  • Fix: Presence dot now correctly placed before status text (Active/Waiting), not before the visitor name.
  • Fix: Closed/Lead sessions immediately hide the typing box and Send/Close buttons on click (using session cache for zero-latency read-only mode).
  • Fix: Offline email prompt now says «support team» instead of «human».
  • Fix: Email submission converts the existing session to a Lead instead of creating a duplicate.
  • Fix: Admin session list now includes all statuses (waiting/active/closed/lead/abandoned) so no chat is missed.
  • Fix: startLive() retries once on network failure before falling back to the email capture form.

Meta

دەرىجە

No reviews have been submitted yet.

Your review

بارلىق ئىنكاسنى كۆرسەت

تۆھپىكار

قوللاش

چۈشەندۈرۈشىڭىز بارمۇ؟ ياردەم لازىممۇ؟

قوللاش مۇنبىرىنى كۆرسەت