=== DominoGuard Security ===
Contributors: digitalwebtutor
Tags: security, firewall, limit login attempts, 2fa, two factor authentication
Requires at least: 5.8
Tested up to: 6.9
Stable tag: 1.0.0
Requires PHP: 7.2
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

A minimalistic, lightweight security plugin offering limit login attempts, brute force protection, email 2FA, and a basic firewall.

== Description ==

**DominoGuard** is a focused, minimalistic security solution for WordPress. Designed to be fast and lightweight, it provides the essential security features every website needs with a clean configuration.

= Key Features =

*   **Limit Login Attempts**: Automatically block IPs for 15 minutes after 5 continuous failed login attempts, keeping brute-force attacks at bay.
*   **Email Two-Factor Authentication (2FA)**: Add an extra layer of security for Administrators. When enabled, logging in requires a 6-digit code sent to the admin's email address.
*   **Brute Force Protection**: Easily disable XML-RPC, a common vector for brute force and pingback attacks.
*   **Block User Enumeration**: Prevent attackers from discovering your administrator username by blocking `/?author=N` query scans.
*   **Basic Firewall**: A lightweight WAF that silently blocks simple directory traversal attempts (`../`) and basic malicious query strings commonly found in automated SQL injections.

= Why DominoGuard? =

Many security plugins suffer from excessive features that can impact performance. DominoGuard focuses on delivering efficient performance by utilizing standard WordPress functions, keeping your site secure with minimal resource usage.

== Installation ==

1. Upload the `dominoguard-security` directory to your `/wp-content/plugins/` directory, or install it directly via the WordPress Plugins menu.
2. Activate the plugin through the 'Plugins' menu in WordPress.
3. Navigate to **Settings > DominoGuard** in the admin dashboard.
4. Toggle the security features you wish to enable and click "Save Settings".

== Frequently Asked Questions ==

= How does the Email 2FA work? =
When "Enable Email 2FA" is active, Administrators will be prompted to enter a 2FA code during login. If the password is correct, the plugin sends a secure 6-digit code to the administrator's email. This code must be entered into the "2FA Code" field on the login screen, alongside the username and password, to successfully log in.

= Will DominoGuard slow down my website? =
No. DominoGuard is built with a minimalist philosophy. It runs efficient code with minimal impact on your website performance. 

= Do I need to configure the Firewall? =
No configuration is needed. When enabled, it quietly blocks some explicit malicious patterns in URLs before WordPress even loads fully, keeping you safe.

== Changelog ==

= 1.0.0 =
* Initial Release.
