Improved: only store valid API tokens in DB.

plausible · Dan0sz · Jun 7, 2024 · May 23, 2024 · May 23, 2024 · May 23, 2024
commit 193445feb9c285b3951d7ab8932d2f88fe899480
diff --git a/src/Client.php b/src/Client.php
@@ -60,7 +60,12 @@ public function validate_api_token() {
 		$token       = $this->api_instance->getConfig()->getPassword();
 		$is_valid    = strpos( $token, 'plausible-plugin' ) !== false && ! empty( $features->getGoals() ) && $data_domain === Helpers::get_domain();
 
-		set_transient( 'plausible_analytics_valid_token', [ $token => $is_valid ], 86400 );
+		/**
+		 * Don't cache invalid API tokens.
+		 */
+		if ( $is_valid ) {
+			set_transient( 'plausible_analytics_valid_token', [ $token => true ], 86400 );
+		}
 
 		return $is_valid;
 	}