=== Gatewarden ===
Contributors: ingenium-marketing
Tags: security, captcha, login security, smtp, woocommerce
Requires at least: 6.5
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Protect WordPress and WooCommerce with CAPTCHA, login limits, categorized audit logs, security alerts, privacy controls, and optional SMTP delivery.

== Description ==

Gatewarden provides a modular security and mail-delivery layer for WordPress and WooCommerce. The interface and source strings are written in English and are translation-ready through the `gatewarden` text domain.

All public protection, integration, privacy, event-logging, notification, SMTP, and uninstall-cleanup modules are disabled by default. Administrators enable only the features required by the site.

= CAPTCHA providers =

* Google reCAPTCHA v2.
* Google reCAPTCHA v3.
* Cloudflare Turnstile.

= WordPress protection =

* Login.
* Registration.
* Lost password.
* Password reset.
* Comments.

= WooCommerce protection =

* My Account login and registration.
* Lost-password and reset-password forms.
* Checkout login.
* Account creation during classic checkout.
* Account creation during Checkout Block checkout.

= Security, observability, and email features =

* Configurable failed-login limits by IP address, username, or IP address and username.
* Progressive lockout durations with a configurable multiplier and maximum duration.
* Optional neutral account messages for login, registration, and password-recovery flows.
* One indexed audit stream with focused Authentication, CAPTCHA, Account activity, and Email views.
* Searchable, filterable, sortable, paginated, clearable, and CSV-exportable activity logs.
* WordPress-native list tables with Screen Options for visible columns and rows per page.
* Human-readable event details instead of raw JSON in the administration interface and CSV exports.
* A Gatewarden dashboard with login, lockout, CAPTCHA, email, provider, integration, and recent-event metrics.
* A compact WordPress Dashboard widget for administrators.
* Optional email alerts for selected lockouts, logins, registrations, password events, CAPTCHA service errors, and SMTP failures.
* Configurable alert recipients, successful-login scope, minimum lockout duration, and duplicate-alert cooldown.
* Optional approximate IP location from server headers or an explicit IPWHOIS.io lookup.
* Optional standard SMTP delivery with sender, host, port, encryption, authentication, timeout, certificate verification, protected credentials, and a test tool.
* Credential-redacted SMTP diagnostics that classify DNS, connection, timeout, TLS, authentication, relay, sender, recipient, and message-policy failures.
* SMTP outcome logging that excludes message bodies, attachments, passwords, and complete recipient addresses.
* Configurable log retention and optional data removal on uninstall.
* Secret-key and SMTP-password controls that never render a stored secret in administration HTML.
* Responsive CAPTCHA wrappers for WordPress and WooCommerce forms.

Gatewarden stores security events and lockout state in site-prefixed custom database tables created through the WordPress database API. Records can include IP addresses and submitted usernames. Configure event logging, alerting, and retention according to the site's privacy and operational requirements.

To disable public Gatewarden protection during an emergency, add this to `wp-config.php`:

`define( 'GATEWARDEN_DISABLE', true );`

Administrators with the `manage_options` capability see a warning while the emergency bypass is active.

The default allowed CAPTCHA verification hostname is taken from `home_url()`. Additional explicit hostnames can be supplied through the `gatewarden_allowed_hostnames` filter.

== External services ==

Gatewarden connects to an external service only after the relevant feature is explicitly configured and enabled by an administrator.

= Google reCAPTCHA =

When Google reCAPTCHA v2 or v3 is selected, Gatewarden loads Google's reCAPTCHA JavaScript from `www.google.com` on protected forms and sends the generated response token and configured secret key to Google's verification endpoint. Gatewarden does not include the visitor's IP address in the server-side verification request. Google's client-side service may process browser and device data under Google's terms.

* Service: https://www.google.com/recaptcha/about/
* Privacy policy: https://policies.google.com/privacy
* Terms: https://policies.google.com/terms

= Cloudflare Turnstile =

When Cloudflare Turnstile is selected, Gatewarden loads the Turnstile JavaScript from `challenges.cloudflare.com` on protected forms and sends the generated response token and configured secret key to Cloudflare's verification endpoint. Gatewarden does not include the visitor's IP address in the server-side verification request. Cloudflare's client-side service may process browser and device data under Cloudflare's policies.

* Service: https://www.cloudflare.com/products/turnstile/
* Privacy policy: https://www.cloudflare.com/privacypolicy/
* Terms: https://www.cloudflare.com/website-terms/

= Administrator-configured SMTP server =

When SMTP is enabled, WordPress sends outgoing message content, recipient addresses, and sender details to the SMTP server configured by the administrator. The server may be operated by any provider selected by the site owner. Gatewarden stores the configured SMTP password in the WordPress options table, never renders the stored password in administration HTML, and supplies it only to the configured host during SMTP authentication. Review the selected provider's privacy policy and terms before enabling SMTP.

= IPWHOIS.io =

Approximate location is disabled by default. When an administrator enables location in security notifications and explicitly selects IPWHOIS.io, Gatewarden sends the event IP address to `ipwho.is` and requests country, region, and city data. The result is cached on the WordPress site for 24 hours. Server-header location mode does not make this external request.

* Service and documentation: https://ipwhois.io/documentation
* Privacy policy: https://ipwhois.io/privacy
* Terms: https://ipwhois.io/terms

== Installation ==

1. Upload the `gatewarden` directory to `/wp-content/plugins/`, or install the ZIP from Plugins > Add New Plugin > Upload Plugin.
2. Activate Gatewarden.
3. Open the top-level Gatewarden menu.
4. Enable and configure only the required modules. No public protection is active until it is explicitly enabled.

== Frequently Asked Questions ==

= Is any protection enabled immediately after activation? =

No. CAPTCHA protection, protected forms, login limits, WooCommerce integration, generic account messages, event logging, notifications, SMTP, and uninstall cleanup are disabled by default.

= Can login limits run without CAPTCHA? =

Yes. Login limits have their own activation control and do not require a configured CAPTCHA provider.

= What do generic account messages change? =

When enabled, Gatewarden replaces account-specific login and registration errors with neutral messages. Password-recovery requests for known and unknown accounts use the same public confirmation message, while an email is sent only for a real account. CAPTCHA and lockout errors remain authoritative.

= Why does Gatewarden keep one log table instead of one table per subsystem? =

Authentication, CAPTCHA, account, and email events share the same retention, export, search, and dashboard requirements. One append-only, indexed audit schema avoids duplicated maintenance logic and supports cross-category investigation. The administration screen separates the data into native category views so unrelated records do not have to be displayed together.

= What SMTP information is stored in logs? =

When event logging and SMTP are enabled, Gatewarden records whether the WordPress mail transaction was accepted or failed, the SMTP host, port, encryption mode, recipient count, recipient domains, attachment count, and a sanitized failure reason. It does not store email bodies, attachment contents or paths, SMTP credentials, or complete recipient addresses.

= Where can I see the exact SMTP test failure? =

After a test, Gatewarden displays the latest result for the current administrator on the SMTP tab for seven days. The report includes the exact sanitized mail error, an actionable classification, connection settings, elapsed time, and a bounded SMTP transcript with credentials and AUTH payloads redacted. It does not depend on `debug.log`.

= Does a successful SMTP test guarantee inbox delivery? =

No. A successful result means the WordPress mail transport accepted the message. Final delivery can still be affected by provider policy, spam filtering, DNS authentication, mailbox rules, or downstream delivery failures. Review the provider delivery logs when a message is accepted but does not arrive.

= Can notifications create an email loop when SMTP is broken? =

No. Notification delivery failures are recorded as email events when logging is enabled, but they do not trigger another SMTP-failure notification. Potentially noisy alert types also support a configurable cooldown.

= Does the emergency bypass disable login limits too? =

Yes. When `GATEWARDEN_DISABLE` is strictly `true`, public CAPTCHA checks and login lockouts are bypassed. Administrative configuration and previously stored event visibility remain available.

= Are stored secret keys or SMTP passwords rendered in the settings page? =

No. Existing values are never included in the HTML. They can be retained, explicitly replaced, or deleted.

= What happens to data on uninstall? =

By default, settings and security tables are retained. Enable the uninstall data-removal option in Gatewarden > Settings to remove the site's settings, tables, list preferences, and recent SMTP diagnostic metadata when the plugin is uninstalled.

== Changelog ==

= 1.0.0 =
* Initial public release.
* Production-ready, WordPress-native administration UI with responsive navigation, full-width controls, consistent Dashicon statuses, accessible focus states, Screen Options support, and tablet/mobile list-table presentation.
* CAPTCHA protection with Google reCAPTCHA v2, Google reCAPTCHA v3, and Cloudflare Turnstile for supported WordPress and WooCommerce forms.
* Progressive login limits by IP address, username, or both, including configurable lockout escalation and active-lockout management.
* Categorized security activity logs with search, filters, sorting, pagination, Screen Options, CSV export, and retention controls.
* Security metrics in the Gatewarden dashboard and a compact WordPress Dashboard widget.
* Optional generic account messages that reduce account-enumeration information in login, registration, and password-recovery flows.
* Optional SMTP delivery with protected credentials, connection testing, actionable diagnostics, and mail outcome logging.
* Configurable email notifications for selected authentication, lockout, account, CAPTCHA, and SMTP events.
* Privacy guidance, translation support, accessible administration controls, WooCommerce integration, and optional uninstall cleanup.
* CAPTCHA protection, login limits, logging, notifications, SMTP, integrations, and data removal remain disabled until explicitly enabled by an administrator.
