=== DawsonyWeb - Security Shield ===
Contributors: dawsonyweb
Tags: spam, comments, security, rest-api, xmlrpc
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 1.0.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Spam comment protection, comment disabling, XML-RPC hardening, REST API lockdown, user enumeration blocking, and IP blocklisting.

== Description ==

DawsonyWeb Security Shield protects your WordPress site from comment spam and unauthorised API access.

**Comment Protection**

* Master switch to completely disable all comments (form, REST API, XML-RPC, feeds)
* Invisible honeypot field to trap bots
* Minimum comment length enforcement
* Block all links or cap links per comment
* Require login to comment
* Keyword/phrase blocklist

**API & REST Hardening**

* Disable XML-RPC entirely (removes X-Pingback header too)
* Hide `/wp/v2/users` endpoint to prevent username harvesting
* Require authentication for all REST API requests
* Optionally disable the REST API completely
* Block author enumeration via `/?author=N`

**Spam Rules**

* Per-IP comment rate limiting (configurable max and time window)
* IP address blocklist — blocked IPs receive a 403 on any front-end request
* Rolling activity log (last 200 events)

== Installation ==

1. Upload the `dawsonyweb-security-shield` folder to `/wp-content/plugins/`.
2. Activate the plugin through the Plugins menu in WordPress.
3. Go to Security Shield in the admin menu to configure.

== Changelog ==

= 1.0.1 =
* Compatibility: tested up to WordPress 7.0.

= 1.0.0 =
* Initial release.
