=== Anonindo Security Advisor ===
Contributors: anonymoustech
Tags: security, hardening, scanner, audit, admin
Requires at least: 6.4
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.1.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Lightweight WordPress security coach for scanning risks, explaining issues clearly, and guiding safer site improvements.

== Description ==

Anonindo Security Advisor helps site owners understand and improve their WordPress security posture without acting like a full firewall suite.

The plugin follows a simple workflow:

* Scan for common WordPress security issues and misconfigurations
* Explain what each issue means in beginner-friendly language
* Show practical guidance and safer best practices
* Offer safe auto-fix actions for selected hardening steps

This plugin is designed to be lightweight, educational, and operationally safe.

== Features ==

* Detects debug mode enabled in production
* Detects dashboard file editing enabled
* Detects XML-RPC exposure
* Detects weak file permissions on common paths
* Detects potentially exposed `wp-config.php` backup patterns
* Detects outdated plugins and themes
* Detects suspicious administrator account patterns
* Detects REST API user enumeration exposure
* Heuristically scans active theme and plugin PHP files for basic SQL injection and XSS risk patterns
* Scans selected database content for suspicious script-like patterns
* Provides a security score and prioritized recommendations
* Includes an activity log for meaningful security-related site events
* Supports safe auto-fixes for selected hardening improvements

== Installation ==

1. Upload the `anonindo-security-advisor` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the `Plugins` screen in WordPress.
3. Open `Anonindo Security Advisor` in the WordPress admin menu.
4. Run a security scan and review the recommendations.

== Frequently Asked Questions ==

= Does this replace a firewall or malware scanner? =

No. This plugin focuses on lightweight auditing, explanation, guided improvements, and selected safe fixes.

= Does the plugin make automatic changes? =

Only selected hardening actions support auto-fix, and they require explicit administrator confirmation.

= Will this plugin impact performance? =

The plugin is designed to avoid heavy frontend overhead. Scans are run manually or on schedule, and the most expensive checks are intentionally bounded.

== Screenshots ==

1. Dashboard with security score, scan summary, and recommended improvements.
2. Vulnerability cards with plain-language explanations and guided actions.
3. Security Improvements tab with manual guidance and safe auto-fix actions.
4. Activity Log showing meaningful security-related events.
5. Settings screen for module and scan preferences.

== Changelog ==

= 1.1.1 =

* Renamed the plugin to Anonindo Security Advisor and updated the submission metadata and slug.

= 1.0.0 =

* Initial MVP release.
