=== H3SEC Guard - Security Hardening ===
Contributors: h3st4k3r
Tags: security, hardening, login protection, activity log
Requires at least: 6.4
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Lightweight WordPress security plugin focused on hardening, explainable risk scoring, activity logging, and a lightweight malware/integrity scan.

== Description ==

H3SEC Guard is built for site owners who want practical security controls without enabling a heavy, opaque security suite.
Project contact: h3st4k3r@h3sec.com

Main capabilities in 1.0:

* Hardening controls (XML-RPC, file editor, author enumeration, security headers)
* Login protection (attempt limit + temporary IP lockout + optional admin whitelist)
* Activity logging for critical site changes
* Core integrity scan using official WordPress checksums
* Lightweight suspicious PHP scanner with context-aware severity
* Finding-level hashes (MD5/SHA256), full path visibility, and recommendations
* Risk panel (low / medium / high / critical score)
* On-screen findings tables (not only downloads) for suspicious files, core mismatches, and permissions
* Response mode actions (close sessions, force password reset, maintenance, forensic export)
* Default blocking for known malicious probe paths with temporary IP lockout
* Weekly mitigation report with detailed activity counters
* Tracking for attempts with non-existent usernames
* No hidden telemetry or mandatory third-party APIs

H3SEC Guard is designed as an explainable security plugin. Each control explains:

* what it does;
* what risk it reduces;
* what it may break;
* how to revert it.

== Installation ==

1. Upload the `h3sec-guard` folder to `/wp-content/plugins/`.
2. Activate plugin from the WordPress Plugins screen.
3. Open `H3SEC Guard` in wp-admin.
4. Run a manual scan and review the risk panel.

== Frequently Asked Questions ==

= Does this plugin send hidden external requests? =

No. External checksum calls only happen when running core integrity verification through the WordPress official checksum API and are part of scan behavior.

= Can this replace a WAF/CDN or server hardening? =

No. It complements server-level security controls.

= Will XML-RPC blocking break integrations? =

It can affect legacy apps, Jetpack setups, or integrations that rely on XML-RPC.

= Does this plugin send site data externally by default? =

No. The plugin does not exfiltrate site data, users, emails, or logs by default.

== Changelog ==

= 1.1.0 =

* Added weekly mitigation report panel and scheduled weekly email summary.
* Added counters for vulnerable PHP probe tests, forbidden URL requests, form denials, XML-RPC denials, REST API denials, and blocked IPs.
* Added tracking for attempts with non-existent usernames.
* Added optional restrictions for sensitive REST API endpoints and suspicious public POST payloads.

= 1.0.0 =

* Initial release.
* Hardening controls and explainable settings.
* Login protection and response actions.
* Activity log with CSV/JSON export.
* Core integrity + suspicious pattern scanner.
* Risk panel and forensic JSON package export.
* Added finding-level hashes, in-dashboard scan result tables, and suggested improvement plan.
* Added known probe-path blocking and temporary lockout for repeated suspicious requests.
