=== Insertabot - AI Chatbot Solution === Contributors: m1styk Tags: chatbot, ai, chat, support, customer service Requires at least: 5.9 Tested up to: 6.9 Stable tag: 1.0.9 Requires PHP: 7.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Add a customizable AI chatbot to your WordPress site. Real-time web search, unlimited conversations. Get started free! == Description == **Insertabot** brings the power of AI chat to your WordPress website in just minutes. No coding required! ### What Makes Insertabot Different? * **Real-Time Web Search** - Unlike ChatGPT, Insertabot searches the web for current information * **Lightning Fast Setup** - Install plugin, add API key, done! Takes under 5 minutes * **Fully Customizable** - Match your brand colors, greeting message, and bot personality * **Mobile Optimized** - Beautiful chat experience on all devices * **Free to Start** - 20 messages per day, no credit card required ### Key Features * **AI-Powered Conversations** - Smart, natural responses to visitor questions * **Real-Time Web Search** - Always up-to-date answers (not outdated training data) * **Full Customization** - Colors, branding, greeting messages * **Mobile-Friendly Widget** - Works perfectly on phones and tablets * **Zero Code Required** - Simple settings page, no technical skills needed * **Privacy Focused** - Your data is secure and never sold ### Pricing **Free Plan** * 20 messages per day * Real-time web search * Basic customization * Mobile-optimized widget **Pro Plan - $9.99/month** * Unlimited playground messages * 500 embedded messages/month * Priority support * Advanced analytics [Get Your Free API Key →](https://insertabot.io/signup) ### Perfect For: * E-commerce stores (product questions, support) * Blogs (engaging with readers) * Service businesses (answering FAQs) * SaaS products (onboarding help) * Educational sites (tutoring, Q&A) ### How It Works 1. **Install Plugin** - Download and activate from WordPress.org 2. **Get API Key** - Sign up free at insertabot.io 3. **Paste & Enable** - Enter your API key and toggle on 4. **Done!** - Your AI chatbot is now live on your site ### Why Users Love It > "Set up in 5 minutes. Visitors are actually using it. Best $10/month I spend." - Sarah, blogger > "The real-time web search is a game changer. Answers are always current." - Mike, e-commerce owner > "Free tier is perfect for testing. Upgraded after seeing how well it works." - Jessica, startup founder ### Technical Details * Footer script loading (won't slow down your site) * GDPR compliant * Works with all WordPress themes * Compatible with page builders (Elementor, Divi, etc.) * CDN-hosted for blazing fast performance == External Services == This plugin connects to the Insertabot API service to provide AI chatbot functionality. **Service URL:** https://insertabot.io **When the chatbot is enabled, the following data is transmitted:** * User chat messages and questions * Your website URL (for context) * API key (for authentication) **Third-Party Service Information:** * Service Provider: Insertabot (https://insertabot.io) * Privacy Policy: https://insertabot.io/privacy * Terms of Service: https://insertabot.io/terms The plugin requires an API key from Insertabot to function. You can obtain a free API key by signing up at https://insertabot.io/signup **Backend Services Used by Insertabot API:** * Cloudflare Workers AI (for AI processing) * Tavily API (for real-time web search) == Privacy == **Local Data Storage:** Insertabot stores minimal data locally in your WordPress database: * Encrypted API key (option: `insertabot_api_key_encrypted`) * Plugin settings (enabled/disabled state, API base URL) * Optional security logs (option: `insertabot_security_logs`) - anonymized with IP addresses masked **Data Transmission:** When users interact with the chatbot, their messages are sent to the Insertabot API service for processing. The plugin does **not** expose your API key to client browsers (uses short-lived tokens instead). **GDPR Compliance:** The plugin implements WordPress personal data exporters and erasers. Site administrators can export or remove personal data associated with a user via Tools → Export Personal Data / Erase Personal Data in WordPress admin. **Security:** * API keys are stored using AES-256-CBC encryption * IP addresses in logs are anonymized (last octet/80 bits zeroed) * No personal data is sent to third parties beyond what is necessary for chatbot functionality ### Support Need help? We're here for you: * **Insertabot Chat** – The fastest way to get help! Visit [insertabot.io](https://insertabot.io) and ask our AI assistant directly in the chat widget. Already signed up? Use the **Playground** tab in your [dashboard](https://insertabot.io/dashboard) for guided, real-time assistance. * [Documentation](https://insertabot.io/docs) * [Dashboard](https://insertabot.io/dashboard) * WordPress.org support forum * Email: support@insertabot.io ### Get Started Free No credit card required. 20 messages per day included. [Sign up now →](https://insertabot.io/signup) == Installation == ### Automatic Installation 1. Log in to your WordPress admin panel 2. Go to **Plugins** > **Add New** 3. Search for "Insertabot" 4. Click **Install Now**, then **Activate** 5. Go to **Insertabot** in your admin menu 6. Get your free API key from [insertabot.io](https://insertabot.io/signup) 7. Paste your API key and enable the chatbot 8. Done! The chat widget will appear automatically on your site. ### Manual Installation 1. Download the plugin zip file 2. Log in to your WordPress admin panel 3. Go to **Plugins** > **Add New** > **Upload Plugin** 4. Choose the zip file and click **Install Now** 5. Click **Activate Plugin** 6. Follow steps 5-9 from automatic installation above == Frequently Asked Questions == = Do I need a credit card to start? = No! The free plan includes 20 messages per day with no credit card required. = How do I get an API key? = Sign up free at [insertabot.io/signup](https://insertabot.io/signup). You'll receive your API key instantly. = Can I customize the chatbot appearance? = Yes! Customize colors, greeting message, bot name, and more in your [dashboard](https://insertabot.io/dashboard). = Does it slow down my website? = No. The script loads asynchronously and is hosted on a fast CDN. Your site speed won't be affected. = What if I exceed 20 messages per day? = The free plan resets daily at midnight. For unlimited messages, upgrade to Pro for $9.99/month. = Can I use it with page builders? = Yes! Insertabot works with Elementor, Divi, Beaver Builder, and all other page builders. = Is it mobile-friendly? = Absolutely! The chat widget is fully responsive and looks great on all devices. = What makes the web search special? = Unlike ChatGPT which has a knowledge cutoff, Insertabot searches the web in real-time for current information. Your visitors get up-to-date answers. = How do I upgrade to Pro? = Visit your [dashboard](https://insertabot.io/dashboard) or click the upgrade link in plugin settings. == Screenshots == 1. Beautiful chat widget on your website 2. Simple WordPress settings page 3. Customization dashboard 4. Mobile-optimized experience 5. Real-time web search in action == Changelog == = 1.0.9 = * Security: Removed legacy email-only login path that was returning the API key in the response * Security: Added AI and Search circuit breakers to the chat handler and web search — circuit state is now exposed via /health * Security: Replaced hard-coded year list with a dynamic current/previous year check in the search relevance filter * Security: Removed overly broad SQL-injection heuristic that was triggering false positives * Security: Adjusted response coherence validation to only reject the literal strings "undefined" or "null" * Security: Added Content-Security-Policy header to all Worker responses * Fix: updateWidgetConfig now uses strict !== undefined checks — falsy-but-valid values (e.g. 0, empty string) are no longer silently discarded * Fix: Removed local any type aliases; Cloudflare Workers bindings (D1Database, KVNamespace, Ai) now use their correct platform types * Fix: AI model message mapping corrected for multimodal content shapes * Fix: bge-base-en-v1.5 embedding response cast to its correct output shape = 1.0.8 = * Fix: "Upgrade to Pro" button in plugin settings now routes directly to the Insertabot dashboard — upgrade is one click away instead of buried behind the landing page * Fix: "Upgrade to Pro" on the public pricing page now routes to login instead of signup — existing users no longer hit a dead end * Fix: Various backend config corrections (DB binding name, AI model ID format, demo customer query, widget.js delivery route) = 1.0.7 = * Fix: Stale customer_id cache was causing 401 errors on widget token exchange — ID is now resolved on every API key save, including fresh installs * Fix: API base URL now resolved through the proper internal method instead of a raw option lookup that could return empty on new installs * Fix: Static widget.js and widget-dev.js files removed — widget is now served exclusively through the tokenized Worker endpoint, eliminating a delivery conflict = 1.0.6 = * Fix: API endpoint corrected project-wide from api.insertabot.io to insertabot.io/api/* — the api subdomain was never live and caused silent failures across the plugin and Worker * Fix: Settings menu was resetting on every "Save Changes" click when an API key was already stored = 1.0.5 = * Fix: upgradeToPro() was silently returning 401 — X-API-Key header was missing from the Stripe checkout fetch request * Fix: handleWidgetTokenExchange route had been accidentally removed from the Worker, breaking widget authentication on all WordPress installs * Fix: "Upgrade to Pro" on landing page now correctly directs existing users through login before checkout = 1.0.4 = * Fix: New customers were blocked from day one — null or empty allowed_domains was incorrectly refusing all widget embed requests instead of allowing all origins as documented = 1.0.3 = * Fix: Widget no longer requires manual script tag in footer — plugin now injects it automatically on all pages * Fix: Removed `async` attribute from bridge script that was preventing `document.currentScript` from resolving widget configuration = 1.0.2 = * Upgraded ephemeral token system: v2 tokens now include customer_id for faster widget authentication (v1 fallback retained for existing installs) * Security: upgraded rate-limit key hashing from MD5 to SHA-256 * Security: added URL validation in widget bridge to prevent SSRF * Admin: API key save now automatically resolves and caches customer ID server-side = 1.0.1 = * Updated free tier messaging to accurately reflect 20 messages per day limit = 1.0.0 = * Initial release * Free plan: 20 messages/day * Pro plan: Unlimited playground messages + 500 embedded messages/month * Real-time web search capability * Full WordPress integration * Mobile-optimized widget * Customizable appearance == Upgrade Notice == = 1.0.9 = Security and type-safety hardening release. Removes a legacy login path that exposed API keys, adds circuit breakers for AI and search, and tightens response validation. Upgrade recommended for all users. = 1.0.8 = Fixes the upgrade flow — the "Upgrade to Pro" button in plugin settings now goes directly to your dashboard. Also corrects several backend config issues. Recommended for all users. = 1.0.7 = Fixes a 401 error on widget token exchange that could occur on fresh installs. Upgrade if your widget stopped loading after saving the API key. = 1.0.6 = Corrects a critical API endpoint URL used by the plugin. If you installed between 1.0.3 and 1.0.5, upgrade to ensure proper API communication. = 1.0.5 = Fixes widget authentication breaking silently and the Pro upgrade flow. Upgrade recommended for all users. = 1.0.3 = Fixes automatic widget injection — the chatbot now appears without any manual script tag setup. Upgrade recommended for all users. = 1.0.0 = Initial release of Insertabot for WordPress. Get started free today!