=== Dashified Sync for WooCommerce ===
Contributors: dashified
Tags: woocommerce, analytics, dashboard, orders, revenue
Requires at least: 5.8
Tested up to: 7.0
Stable tag: 1.3.0
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connect your WooCommerce store to Dashified's AI-powered analytics dashboard in one click — no API keys to copy.

== Description ==

Dashified Sync for WooCommerce connects your store to Dashified, an AI-powered ecommerce command center that brings your revenue, orders, customers, and marketing data into a single dashboard alongside your other sales channels and ad platforms.

Instead of manually generating and pasting WooCommerce REST API keys, this plugin authorizes the connection with one click, then keeps your data in sync automatically:

* **One-click OAuth** — no manual API key setup.
* **Real-time order sync** via WordPress webhooks — no polling your store.
* **Historical backfill** — your existing orders and products sync in the background right after connecting.
* **Encrypted at rest** — all credentials are encrypted with AES-256 on Dashified's servers.
* **Revoke any time** — disconnect from the plugin's settings page, or by removing Dashified's webhooks under WooCommerce → Settings → Advanced → Webhooks.

Once connected, view your unified analytics at [dashified.com](https://dashified.com).

= What data is sent to Dashified? =

This plugin sends order data (line items, totals, taxes, refunds, and billing location) and product data (name, SKU, price, and stock levels) to Dashified's API over HTTPS, using a per-store token generated during the one-click authorization. No customer payment details are ever transmitted. See Dashified's [Privacy Policy](https://dashified.com/privacy) for full details.

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/`, or install directly from the WordPress Plugins screen.
2. Activate the plugin through the "Plugins" menu.
3. Go to WooCommerce → Dashified.
4. Click "Connect with Dashified" and approve the connection.

== Frequently Asked Questions ==

= Does this plugin work without WooCommerce? =

No. WooCommerce must be installed and active.

= How do I disconnect my store? =

Go to WooCommerce → Dashified and click "Disconnect." This removes the webhooks this plugin created and deletes all locally stored connection data.

= What happens to my data if I delete the plugin? =

All options this plugin stores in your WordPress database are removed automatically when the plugin is deleted.

== Screenshots ==

1. The Dashified settings page under WooCommerce, before connecting.
2. The Dashified settings page once a store is connected and syncing.

== Changelog ==

= 1.3.0 =
* Fixed a CSRF vulnerability in the OAuth-return handler: the connect flow now embeds a nonce (minted before redirecting to Dashified) that must round-trip and verify before any connection state or push token is trusted, closing a gap where a crafted link could have connected a store's webhooks to an attacker-controlled Dashified account.

= 1.2.0 =
* Renamed to Dashified Sync for WooCommerce (from Dashified for WooCommerce) to avoid confusion with the unrelated "Dashify: WooCommerce admin dashboard theme" plugin.
* Added the Requires Plugins header to declare the WooCommerce dependency.

= 1.1.3 =
* Declared compatibility with WooCommerce's High-Performance Order Storage (custom order tables) and Cart/Checkout blocks. This plugin only ever used the official wc_get_orders()/WC_Order/WC_Product APIs, so it was already compatible — it just hadn't announced it, which WooCommerce now flags on the Plugins screen until a plugin does.

= 1.1.2 =
* Fixed a nonce-verification warning on the OAuth push-token read that a prior fix only partially covered (it spans two statements, not one).

= 1.1.1 =
* Removed the load_plugin_textdomain() call — discouraged for WordPress.org-hosted plugins since translations now load automatically.
* Documented (with phpcs:ignore) the handful of $_GET reads that don't take a nonce: the OAuth-return handler (an external redirect from Dashified, not a same-site form) and a read-only admin-notice flag.
* Bumped "Tested up to" to the current WordPress release.

= 1.1.0 =
* Restructured for WordPress.org submission: added readme.txt, uninstall.php, and the standard includes/languages/assets directory layout.
* Renamed plugin slug and text domain to dashified-for-woocommerce.
* Hardened input handling on all $_GET reads.

= 1.0.3 =
* Improved webhook registration reliability.

= 1.0.2 =
* Bug fixes to the historical sync batching.

= 1.0.1 =
* Initial public release.

== Upgrade Notice ==

= 1.3.0 =
Security fix: closes a CSRF gap in the connect flow. Update recommended for all sites. No settings or data changes.

= 1.2.0 =
Plugin renamed to Dashified Sync for WooCommerce. If updating from Dashified for WooCommerce, deactivate and delete the old plugin, then install this one — your connection settings are unaffected.
