=== ShieldGuard — Security & Bot Protection ===
Contributors: shieldguard
Tags: security, firewall, bot protection, xml-rpc, login protection, spam, fraud, woocommerce
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

One-click firewall and bot protection for WordPress. Stops XML-RPC attacks, brute force logins, comment spam, and card testing fraud.

== Description ==

ShieldGuard protects your WordPress site from the most common attacks — no configuration needed. Just activate and you're protected.

= Free Features =
* **XML-RPC Firewall** — Blocks the #1 WordPress attack vector. Stops brute force via xmlrpc.php.
* **Login Protection** — Rate limits wp-login.php to 5 attempts per IP. Blocks known attacker IPs.
* **Comment Spam Protection** — Detects bot-generated spam using keyword analysis and disposable email detection.
* **Attack Dashboard** — See every blocked attack in your WordPress admin. 7-day local log.

= Pro Features (ShieldGuard Pro) =
* **WooCommerce Anti-Fraud** — Card testing detection, coupon abuse prevention, fake order blocking.
* **Vulnerability Probe Blocking** — Stops scanners looking for known vulnerable plugin paths.
* **REST API Protection** — Rate limits and secures your wp-json endpoints.
* **File Change Monitoring** — Alerts you if files are unexpectedly modified (malware injection).
* **90-Day Attack Log** with CSV export.
* **Cloud Sync** — Cross-site threat intelligence. Back up your attack logs.
* **Email Alerts** on critical threats.
* **Daily Signature Updates** — New bot patterns blocked within hours.

= Agency Features (ShieldGuard Agency) =
* Everything in Pro, plus:
* **Multi-Site Management** — Manage up to 20 sites from one dashboard.
* **White-Label Reports** — Send branded security reports to your clients.
* **Real-Time Signature Updates** — New threats blocked within 60 seconds.
* **API Access** — Integrate ShieldGuard data into your own tools.
* **365-Day Audit Logs** — Compliance-ready security records.
* **Dedicated Support** — 4-hour SLA.

== Installation ==

1. Upload the `shieldguard` folder to `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Done — your site is protected immediately. Visit **ShieldGuard** in the admin sidebar to see attack stats.

== Frequently Asked Questions ==

= Does this slow down my site? =

No. ShieldGuard runs at WordPress init (priority 0-1) and blocks threats before they reach your application code. Typical overhead: <1ms.

= Will it break my XML-RPC pingbacks? =

Pingbacks use GET requests and are allowed by default. Only POST requests to xmlrpc.php are blocked (these are the ones used for brute force attacks).

= Does it work with WooCommerce? =

Yes. The free tier protects your WordPress site. Pro adds WooCommerce-specific protection: card testing detection, coupon abuse prevention, and fake order blocking.

= Can I whitelist my IP? =

Yes — Pro and Agency tiers include IP allowlisting.

= What happens to blocked attacks? =

Every blocked attack is logged with timestamp, IP, attack type, and reason. You can view them in the ShieldGuard admin dashboard.

== Screenshots ==

1. ShieldGuard admin dashboard — attack stats, blocked IPs, and tier status
2. Recent attack log — see every blocked threat in real time
3. Upgrade prompt — free tier users see what they're missing

== Changelog ==

= 1.0.0 =
* Initial release
* XML-RPC firewall
* Login rate limiting (5 attempts per IP)
* Comment spam detection
* Vulnerability probe blocking (Pro)
* WooCommerce anti-fraud (Pro)
* Attack dashboard with stats
* Tier system: Free / Pro / Agency
