VendorCert

VendorCert adds simple shortcodes for rendering VendorCert widgets. Public widget rendering resolves vendors from the calling domain. An optional read-only API key lets WordPress reserve the exact widget size configured in VendorCert without exposing the key to visitors.

WooCommerce support is optional. If WooCommerce is active, site administrators can choose one product taxonomy as the brand source, map taxonomy terms to VendorCert brand domains, and enable certificate placement on product pages.

External Service Disclosure

VendorCert connects to the external VendorCert service at https://vendorcert.com. This service is required for public widget rendering and certificate verification. The plugin can be installed and configured without an API key, but rendered widgets need VendorCert’s remote service to load live certificate data.

When a VendorCert shortcode or WooCommerce placement is rendered, the plugin loads the remote widget script from https://vendorcert.com/widget.js. That script requests VendorCert verification endpoints from the visitor’s browser so it can display the current vendor summary or brand certificate. These requests may include the widget mode, the configured brand domain for certificate widgets, and the calling site domain through normal browser request context. As with any request to an external service, VendorCert’s servers receive standard request metadata such as user agent and referrer.

If a site administrator configures the optional read-only VendorCert API key, WordPress makes server-side requests to VendorCert for plan-aware widget dimensions and available brand mappings. These requests send the configured API key in an Authorization header, the detected WordPress site domain, and, for certificate layout requests, the configured brand domain. The API key is used only server-side by WordPress and is not printed in frontend markup.

WooCommerce support is optional. If enabled, administrator-defined mappings between local WooCommerce taxonomy terms and VendorCert brand domains are used to choose which certificate widget to render. The local term names are not sent to VendorCert by this plugin; the mapped brand domains may be sent as described above when a certificate widget is rendered or when plan-aware layout metadata is requested.

VendorCert records aggregate certificate widget analytics, including widget impressions and verification clicks. These analytics are counted by certificate, event type, date, and coarse country code when available from request headers. The plugin does not add analytics cookies, does not create per-visitor analytics profiles, and does not store raw visitor IP addresses in VendorCert widget analytics.

VendorCert Terms of Service: https://vendorcert.com/terms
VendorCert Privacy Policy: https://vendorcert.com/privacy