=== Elevoire Security Audit ===
Contributors: hassanraza
Tags: security, audit, scanner, hardening, vulnerability
Requires at least: 6.8
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 1.0.0
Author: Elevoire
Author URI: http://elevoire.com/
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Read-only WordPress security auditing plugin. Scans for security issues, explains the risks, and recommends fixes.

== Description ==

**Elevoire Security Audit** is a production-ready, read-only WordPress security auditing plugin. It scans your site for security misconfigurations, outdated software, and dangerous settings — then explains what each issue means and how to fix it.

**The plugin NEVER:**
* Modifies your site or its settings
* Acts as a firewall or removes malware
* Sends any data to external servers
* Collects analytics or user information

Its only job is to **audit, analyse, and educate**.

= What it scans =

* WordPress Core version and debug mode
* File editing and SSL admin settings
* Version exposure and exposed default files
* XML-RPC and WP-Cron configuration
* User accounts and the default "admin" username
* Login page HTTPS and Application Passwords
* Outdated and inactive plugins and themes
* File permissions (wp-config.php, .htaccess, uploads)
* PHP version and dangerous PHP settings
* HTTP Security Headers (CSP, HSTS, X-Frame-Options, etc.)
* SSL/HTTPS certificate status
* Database prefix and autoloaded options size

= Security Score =

Every scan produces an overall Security Score (0–100) with a breakdown by severity: Critical, High, Medium, Low, and Passed checks.

= Detailed Findings =

Each finding includes:
* Status and severity
* What was found
* Why it matters (risk explanation)
* Recommended fix

= Reports =

Stores all scan reports in your database so you can compare security posture over time. You can view or delete any report at any time from the Reports page.

== Installation ==

1. Upload the `enhanceo-security-audit` folder to `/wp-content/plugins/`
2. Activate the plugin through the **Plugins** screen in WordPress
3. Go to **Security Audit** in your WordPress admin menu
4. Click **Run Full Scan**

== Frequently Asked Questions ==

= Does this plugin fix security issues automatically? =

No. This plugin is read-only. It identifies issues and recommends fixes, but never modifies your site. This is intentional — automated changes to security settings can break sites.

= Will running a scan slow down my site? =

Scans run in the WordPress admin only and never affect your front-end. Full scans may take a few seconds depending on the number of plugins and themes installed.

= Does the plugin send my data anywhere? =

No. All scan data stays in your WordPress database. The plugin never communicates with external servers.

= Is this plugin safe to use on a production site? =

Yes. The plugin is read-only, loads only in wp-admin, and follows all WordPress security best practices.

== Screenshots ==

1. Security Audit Dashboard with overall score and summary
2. Detailed scan results with expandable findings
3. Filter and search across results
4. Previous Reports list

== Changelog ==

= 1.0.0 =
* Initial release

== Upgrade Notice ==

= 1.0.0 =
Initial release.
