Reviews For Google My Business Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
Key Features
– OAuth 2.0 authentication** – Secure connection to the Google My Business API
– Category system** – Organize your reviews by category (Training, Coaching, Design, etc.)
– Flexible shortcode** – Display all reviews or filter by category
– Advanced customization** – Customizable colors, borders, and stars
– Custom fields** – Add each reviewer’s position
External services
This plugin connects to Google APIs to authenticate and retrieve your Google Business Profile reviews. Below is a detailed explanation of all external services used:
Google OAuth 2.0 Authentication
Service: Google OAuth 2.0 Authorization Server
Domain: accounts.google.com
Purpose: To securely authenticate your Google account and obtain authorization to access your Google Business Profile data.
When data is sent: When you click “Authorize with Google” in the plugin configuration page.
Data sent:
– Your Google Cloud Client ID
– Redirect URI (your website URL)
– Requested scopes (permissions)
No personal data from your website is sent during this process. You are redirected to Google’s servers where you grant permission.
Service: Google OAuth 2.0 Token Server
Domain: oauth2.googleapis.com
Purpose: To exchange authorization codes for access tokens and refresh expired tokens.
When data is sent:
– After you authorize the plugin (one-time exchange of authorization code)
– Automatically when access tokens expire (token refresh)
Data sent:
– Authorization code or refresh token
– Client ID and Client Secret
– Grant type
Google Terms of Service: https://policies.google.com/terms
Google Privacy Policy: https://policies.google.com/privacy
Google My Business API
Service: Google My Business Account Management API
Domain: mybusinessaccountmanagement.googleapis.com
Purpose: To retrieve the list of your Google Business Profile accounts and locations.
When data is sent: When you configure the plugin or click “Refresh Locations” in the settings page.
Data sent:
– Access token (for authentication)
No other data is sent. The API returns a list of your available business accounts and locations.
Service: Google My Business Business Information API
Domain: mybusinessbusinessinformation.googleapis.com
Purpose: To retrieve information about your business locations, including reviews.
When data is sent:
– During initial setup when selecting a location
– When you manually sync reviews using the “Sync Reviews from API” button
– Automatically when the plugin checks for new reviews
Data sent:
– Access token (for authentication)
– Account ID and Location ID (to identify which business location to fetch reviews from)
No customer data from your website is sent to Google.
Service: Google APIs Core Services
Domain: www.googleapis.com
Purpose: OAuth 2.0 scope definitions and core API authentication.
Scopes used:
– https://www.googleapis.com/auth/business.manage – Permission to manage your business information
– https://www.googleapis.com/auth/plus.business.manage – Permission to manage your Google+ business pages (legacy scope)
When accessed: During OAuth authentication flow.
Google My Business API Terms of Service: https://developers.google.com/my-business/content/terms-of-service
Google APIs Terms of Service: https://developers.google.com/terms
Google Privacy Policy: https://policies.google.com/privacy
Important Notes
- All communication with Google services is performed over secure HTTPS connections.
- This plugin does NOT send any of your website’s customer data, user data, or visitor information to Google.
- Only authentication tokens and business identifiers are transmitted.
- Your Google Cloud API credentials (Client ID and Client Secret) are stored securely in your WordPress database.
- Reviews and profile photos are downloaded and stored locally on your server. After the initial download, no further external calls are made to display reviews to your visitors.
- You maintain full control and can revoke access at any time from the plugin settings or your Google account settings.
By using this plugin, you acknowledge that you have read and agree to comply with Google’s Terms of Service and Privacy Policy.
Usage
After configuration, display reviews using the shortcode:
[wgmbr_reviews]
Shortcode Parameters:
– limit – Number of reviews to display (e.g., limit="10")
– category – Filter by category slug (e.g., category="training")
– show_summary – Display summary stats (e.g., show_summary="1")
Examples:
– [wgmbr_reviews limit="5"] – Display 5 most recent reviews
– [wgmbr_reviews category="training"] – Display reviews from “training” category
– [wgmbr_reviews category="training,coaching" limit="10"] – Display 10 reviews from multiple categories
– [wgmbr_reviews show_summary="1"] – Display reviews with rating summary
Security
This plugin implements multiple layers of security to protect your data:
OAuth 2.0 Security
- Uses industry-standard OAuth 2.0 authentication with Google
- Implements CSRF protection via OAuth state parameter (RFC 6749)
- State parameter is cryptographically random (64 hex characters)
- Single-use state tokens with 10-minute expiry
- All OAuth callbacks require admin authentication
- Secure token storage with encryption
WordPress Security Best Practices
- All AJAX requests use nonce verification
- All admin actions check user capabilities (manage_options)
- Input sanitization on all user inputs
- Output escaping on all outputs
- Prepared statements for database queries
- HTTPS required for OAuth token exchange
Data Protection
- Client secrets are encrypted before storage
- Access tokens are stored securely in WordPress database
- Profile photos are downloaded and stored locally (no external hotlinking)
- No customer or visitor data is sent to external services
- You can revoke access at any time from plugin settings
For Developers
Source Code
This plugin uses Laravel Mix to compile JavaScript and CSS assets. All source code is available in the plugin directory:
– JavaScript source files: src/js/
– SCSS source files: src/scss/
– Compiled assets: assets/js/ and assets/css/
Build Instructions
To compile the assets from source:
- Install Node.js (https://nodejs.org/)
- Navigate to the plugin directory
- Install dependencies:
npm install - Compile assets:
- For development:
npm run dev - For production (minified):
npm run prod - Watch for changes:
npm run watch
- For development:
Build Configuration
The build process is configured in webpack.mix.js and uses Laravel Mix, which is a wrapper around webpack.
Dependencies:
– Laravel Mix: ^6.0.43
– Swiper: ^12.0.3 (for carousel functionality)
For more information about Laravel Mix, visit: https://laravel-mix.com/
Screenshots
No screenshots provided
