WebPush Hub by CTIMEXICO

WebPush Hub by CTIMEXICO allows your visitors to subscribe to native browser push notifications with a single click. Every time you publish new content, they receive an automatic notification on their mobile or desktop device, without needing to provide an email address or create an account.

How it works

1. A few seconds after landing on your site, the visitor sees a small popup in the bottom-right corner asking if they want to receive alerts about new content.
2. If they accept, the browser displays its native permission dialog.
3. From that point on, every time you publish a post, all active subscribers receive a native push notification on their device.

Main features

• No email addresses or user registration required
• No dependency on third-party services such as OneSignal or Firebase
• Compatible with Chrome, Firefox, Edge and Safari (iOS 16.4+)
• Fully customizable popup: text, background color and text color
• Site favicon displayed inside the popup
• Admin panel with active subscriber count
• Test notification button in the admin panel
• Automatic sending when any post is published
• Expired subscriptions are removed automatically
• Full WordPress Multisite support
• Each subsite can be individually activated or paused

Technical implementation

The plugin implements the VAPID protocol (RFC 8292) and aes128gcm encryption (RFC 8291) natively using only standard PHP extensions, with no additional libraries or Composer required.

Server requirements

• PHP 8.1 or higher
• PHP extensions: openssl, curl, json, mbstring (available by default on any modern hosting)
• WordPress installed with active HTTPS (required for Service Workers)

Important Notes

WordPress Multisite

This plugin is optimized for multisite environments. When activated network-wide, it automatically configures the database and VAPID keys across all existing subsites without any manual intervention. Each subsite maintains its own subscriber list and its own configuration.

To pause the plugin on a specific subsite without uninstalling it, simply uncheck the “Enabled on this site” option under Settings > Push Notifications on that subsite. This stops the popup and notification sending only for that site, without affecting the rest of the network.

Cache plugin compatibility

If your installation uses cache plugins such as WP Super Cache or Autoptimize, you must clear the cache after installing or updating the plugin for the changes to take effect.

From the WordPress dashboard:

1. WP Super Cache > Settings > WP Super Cache > click “Delete Cache for All Blogs”.
2. Autoptimize > Settings > Autoptimize > click “Save Changes & Empty Cache” (no changes needed, just save).

Via SSH terminal (recommended for multisite):

sudo rm -rf /path/to/wordpress/wp-content/cache/supercache/*
sudo rm -rf /path/to/wordpress/wp-content/cache/autoptimize/BLOG_ID/*

Replace BLOG_ID with your subsite identifier number (for example, 3 for the third subsite in the network).

Recommended Autoptimize configuration

Autoptimize can interfere with the plugin if the inline JS deferral option is enabled. To avoid issues, choose one of these options under Settings > Autoptimize > JavaScript:

• Disable the “Also defer inline JS” option, or
• Keep it enabled and add MNPush to the “Exclude scripts from Autoptimize” field.

External Services

This plugin communicates with third-party browser push notification services to deliver notifications to your subscribers. No additional server is required on your end — the only cost is that when you publish a post, your WordPress site makes one HTTP request per subscriber to the browser vendor’s push service. With a few thousand subscribers, this is negligible.

The following external services may receive data when notifications are sent:

Google Firebase Cloud Messaging (FCM)
Used to deliver push notifications to Chrome and other Chromium-based browsers.
Data sent: encrypted notification payload, subscriber endpoint URL.
Sent when: a new post is published and Chrome users are subscribed.
– Terms of Service: https://firebase.google.com/terms
– Privacy Policy: https://policies.google.com/privacy

Mozilla Push Service
Used to deliver push notifications to Firefox browsers.
Data sent: encrypted notification payload, subscriber endpoint URL.
Sent when: a new post is published and Firefox users are subscribed.
– Terms of Service: https://www.mozilla.org/en-US/about/legal/terms/firefox/
– Privacy Policy: https://www.mozilla.org/en-US/privacy/firefox/

Apple Push Notification service (APNs)
Used to deliver push notifications to Safari browsers on iOS 16.4+ and macOS Ventura+.
Data sent: encrypted notification payload, subscriber endpoint URL.
Sent when: a new post is published and Safari users are subscribed.
– Terms of Service: https://developer.apple.com/terms/
– Privacy Policy: https://www.apple.com/legal/privacy/

All notification payloads are end-to-end encrypted using the aes128gcm standard (RFC 8291) before being sent to any external service. The browser vendor cannot read the content of the notifications.