=== FortressX Security – Firewall, Security Scan & Hardening ===
Contributors: aorist
Tags: security, firewall, login security, hardening, file integrity
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 3.7.5
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

FortressX Security helps protect WordPress with login protection, firewall tools, security checks, hardening guidance and file integrity monitoring.

== Description ==

FortressX Security is a WordPress security plugin for site owners, freelancers and agencies who want a clear overview of important protection settings.

The plugin focuses on practical WordPress security tasks: login protection, request protection, hardening checks, file integrity monitoring, security status information and clear administration screens.

= Core Features =

* Login protection and brute-force mitigation
* Firewall and request protection tools
* XML-RPC protection
* REST user enumeration protection
* Security checks and hardening recommendations
* File integrity monitoring
* Security reports and status overview
* Clean administration interface

= Optional Pro Add-on =

A separate commercial add-on may be offered outside WordPress.org. The WordPress.org plugin remains fully functional on its own and does not require a license key to use its included features.

== External Services ==

FortressX Security can connect to external services only for specific plugin features. The services listed below are used for security intelligence or optional integrations configured by the site administrator.

The plugin does not intentionally transmit WordPress user passwords, private post content, customer order data or full website files to these services.

= FortressX Intelligence Feed =

Service URL: https://fortessx-licenses.com/fx-intel

Purpose: Retrieves signed security intelligence data and rule updates for FortressX security checks.

Data transmitted: Technical request data required to retrieve the feed, such as the requesting site domain, plugin version, WordPress/PHP environment metadata and standard server request information such as the server IP address.

When used: Only after the administrator explicitly enables or manually starts FortressX Intelligence functionality. Until then, FortressX works with local rules only.

Service provider: Aorist / FortressX.

Terms and privacy information: https://fortressx-security.com/privacy/

= AbuseIPDB =

Service URL: https://api.abuseipdb.com/

Purpose: Optional IP reputation lookup for login protection when configured by the administrator.

Data transmitted: The IP address selected for reputation lookup, the configured AbuseIPDB API key and request metadata required by AbuseIPDB.

When used: Only when the administrator enables and configures the AbuseIPDB integration.

Service provider: AbuseIPDB.

Terms: https://www.abuseipdb.com/legal
Privacy policy: https://www.abuseipdb.com/privacy

= Cloudflare API =

Service URL: https://api.cloudflare.com/

Purpose: Optional Cloudflare-related security or cache actions when configured by the administrator.

Data transmitted: Cloudflare zone/account information, API credentials configured by the administrator and the data required for the selected Cloudflare action.

When used: Only when the administrator enables and configures Cloudflare integration.

Service provider: Cloudflare.

Terms: https://www.cloudflare.com/website-terms/
Privacy policy: https://www.cloudflare.com/privacypolicy/

== Data Handling and Privacy ==

FortressX Security scans local WordPress files for security purposes. Full files are not transmitted externally by the scanner.

The plugin stores security settings, scan results, file integrity information, logs and status information locally in the WordPress installation. This information is used to show security status, support administrator actions and help identify changes or risks.

External communication is limited to the services documented in the External Services section and only where the related feature is enabled or configured.

== Background Tasks ==

FortressX Security may use WordPress scheduled tasks (WP-Cron) for security-related maintenance, such as scheduled checks, local monitoring or retrieving signed rule updates after opt-in.

These tasks are designed to avoid unnecessary load and run only as required for the related feature.

== Installation ==

1. Upload the plugin to the `/wp-content/plugins/` directory or install it through the WordPress plugin installer.
2. Activate FortressX Security in the WordPress admin area.
3. Run the setup wizard.
4. Review the recommended protection settings.

== Frequently Asked Questions ==

= Is FortressX Security beginner friendly? =

Yes. FortressX Security is designed to provide practical security tools in a clear WordPress admin interface.

= Does FortressX Security guarantee complete protection? =

No security plugin can guarantee complete protection against every possible attack. FortressX Security provides tools to improve security, reduce common risks and support ongoing WordPress maintenance.

= Does the free plugin require the Pro add-on? =

No. The free plugin provides usable security features on its own. The Pro add-on is optional.

= Does FortressX Security connect to external services? =

Yes, but only for specific features such as the FortressX Intelligence Feed or optional third-party integrations configured by the administrator. Details are documented in the External Services section of this readme.

= Are website files sent to external services? =

No. FortressX scans files locally. Full website files are not transmitted externally by the scanner.

= Is Cloudflare required? =

No. Cloudflare integration is optional and only used when configured by the administrator.

= Is AbuseIPDB required? =

No. AbuseIPDB is optional and only used when configured by the administrator.

== Screenshots ==

1. Security dashboard
2. Protection center
3. Security checks
4. File integrity monitoring
5. Reports and status overview

== Changelog ==

= 3.7.5 =
* Review-focused compatibility update for path handling and managed file operations.
* No UI, licensing, wizard, menu, permission or dashboard widget changes.

= 3.7.4 =
* Maintenance update for WordPress 7.0 compatibility metadata.
* Review-focused packaging and readme consistency update.
* No functional, UI, licensing, wizard, menu, permission or dashboard widget changes.

= 3.7.3 =
* Improved WordPress.org review compatibility for path handling and managed upload file operations.


= 3.7.2 =
* Maintenance release for WordPress.org review readiness.
* Improved library isolation and WordPress-compliant file handling.
* Updated readme metadata and package consistency.

= 3.6.9 =

* WordPress.org compliance cleanup based on review feedback.
* Removed WordPress.org directory banner and icon assets from the plugin package.
* Moved inline admin styles into the enqueued admin stylesheet.
* Ensured included features are usable without a license key.
* Updated contributor metadata, text domain and external service documentation.

= 3.6.7 =

* Updated author metadata for WordPress.org submission.
* No functional changes.

= 3.6.6 =

* WordPress Plugin Check compliance cleanup
* Improved escaping, nonce handling and input sanitization for review readiness
* Improved bundled report library handling for WordPress.org review compatibility

= 3.6.1 =

* Refined WordPress.org submission documentation
* Clarified external service usage and privacy information
* Updated readme metadata for review transparency
* No functional changes to protection, scanner, wizard, licensing or administration logic

= 3.6.0 =

* Prepared WordPress.org submission package
* Refined plugin positioning around WordPress security, hardening and monitoring
* Improved documentation for external services
* Improved packaging and compatibility checks

== Upgrade Notice ==

= 3.6.9 =

WordPress.org compliance cleanup for review submission.

= 3.6.7 =

Author metadata update for WordPress.org submission consistency.

= 3.6.3 =

WordPress Plugin Check compliance cleanup for review readiness.

= 3.6.1 =

Documentation and WordPress.org submission metadata update. No functional changes.
