=== Gogasys Malware Scanner ===
Contributors: gogasysitsolutions
Stable tag: 1.0.6
Requires at least: 5.6
Tested up to: 6.9
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Advanced WordPress malware scanner, firewall, IP blocker, security headers, and attack monitoring plugin.

== Description ==

Gogasys Malware Scanner is a comprehensive security solution for WordPress, built from the ground up to be lightweight, secure, and fully compliant with WordPress coding standards.

**Key Features:**

*   **Web Application Firewall (WAF):** Real-time inspection of GET, POST, and FILES requests to block SQL injection, XSS, and more.
*   **Malware Scanner:** Detects malicious file patterns and monitors WordPress core file integrity using official checksums.
*   **IP & Country Blocking:** Easily block specific IP addresses or entire countries using GeoIP detection.
*   **Security Headers:** One-click configuration for XSS Protection, CSP, HSTS, and more.
*   **Scheduled Scans:** Automated scanning powered by WP-Cron. **Note: This feature is OFF by default and requires explicit user consent to enable.**
*   **Incident Logging:** Detailed logs of all blocked threats and suspicious activities.
*   **Admin Notifications:** Get notified via email immediately when threats are detected.

== External services ==

Gogasys Malware Scanner connects to the following third-party services to provide core security features:

1. **api.wordpress.org**: Used by the Malware Scanner to fetch official WordPress core file checksums. This allows the plugin to verify the integrity of your WordPress installation and detect unauthorized file modifications.
   * **Data Sent:** WordPress version and site locale.
   * **Service Provider:** WordPress.org (Privacy Policy: [https://wordpress.org/about/privacy/](https://wordpress.org/about/privacy/))

2. **ip-api.com**: Used for GeoIP-based country blocking. When the *Country Blocking (GeoIP)* feature is **explicitly enabled** by the site administrator, visitor IP addresses are sent to ip-api.com to determine the country of origin. **This feature is disabled by default.** No IP data is sent unless the administrator opts in. IP addresses are not stored by this plugin.
   * **Data Sent:** Visitor IP address (only when the GeoIP feature is enabled by the admin).
   * **Service Provider:** Artia International S.R.L. (Terms and Privacy: [https://ip-api.com/docs/legal](https://ip-api.com/docs/legal))

== Installation ==

1. Upload the `gogasys-malware-scanner` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the 'Plugins' menu in WordPress.
3. Navigate to the 'Gogasys Security' menu in your dashboard to configure settings.

== Frequently Asked Questions ==

= Does this plugin include a firewall? =
Yes, it includes a real-time Web Application Firewall (WAF) that inspects every request.

= How does the malware scanner work? =
It compares your WordPress core files against official checksums and scans the `wp-content` directory for known malicious PHP patterns.

== Screenshots ==

1. The Gogasys Security Dashboard providing a high-level security overview.
2. Firewall configuration panel with advanced security toggles.
3. Detailed incident logs showing blocked threats.

== Changelog ==

= 1.0.6 =
* Security: Gated all ip-api.com GeoIP lookups behind an explicit admin opt-in toggle (`gogasys_ms_enable_geoip`). The plugin no longer contacts external services without administrator consent, complying with WordPress.org Plugin Directory Guidelines.
* Privacy: Added `wp_add_privacy_policy_content()` integration so site owners can include GeoIP data-handling details in their Privacy Policy.
* Path Handling: Replaced hardcoded `WP_CONTENT_DIR` with `wp_upload_dir()` for the quarantine directory, ensuring compatibility with non-standard WordPress installs.
* Security: Replaced the disallowed `define('DISALLOW_UNFILTERED_HTML', true)` with a `map_meta_cap` filter, which is the WordPress-approved pattern for restricting the `unfiltered_html` capability.
* Bug Fix (Critical): Fixed fatal PHP error in quarantine action — `GOGASYS_MS_QUARANTINE_DIR` constant reference replaced with the correct `gogasys_ms_quarantine_dir()` function call throughout `class-scanner.php`.
* Bug Fix: Fixed admin asset enqueue logic — CSS/JS now loads on all plugin subpages (Firewall, Scanner, Logs, IP Blocker, Headers, Notifications), not only the main dashboard.
* Compliance: Removed `Network: true` from plugin header (plugin does not require network activation).
* Compliance: Updated `Author` header field to a proper display name per WordPress Plugin Directory guidelines.
* Compliance: Updated `Plugin URI` to a clean URL without `.html` extension.
* Settings API: Registered `gogasys_ms_enable_geoip`, `gogasys_ms_blocked_countries`, and `gogasys_ms_block_attack_countries` via `register_setting()` for proper sanitization.
* Added `gogasys_ms_sanitize_country_array()` sanitize callback for country code option storage.
* UI: Added a prominent opt-in notice to the IP & Country Management settings page explaining that ip-api.com is an external service.
* Uninstall: Added all `gogasys_ms_header_*` options, `gogasys_ms_attack_countries`, and removed duplicate entries from uninstall cleanup list — ensures no orphaned data remains after plugin deletion.

= 1.0.5 =
* Fix: Resolved PHP syntax error by renaming invalid namespace (`Gogasys Malware Scanner`) to `GogasysMalwareScanner` across all files to comply with WordPress.org coding standards.

= 1.0.4 =
* Renamed plugin to Gogasys Malware Scanner for compliance with directory guidelines.
* Fully refactored codebase to synchronize namespaces, constants, and options with the new identity.

= 1.0.3 =
* Resolved granular Plugin Check security warnings for unescaped DB parameters.
* Optimized database queries with unified suppressions.

= 1.0.2 =
* Finalized database compliance by using literal SQL fragments for ordering.
* Improved cache invalidation on data updates.

= 1.0.1 =
* Improved database query compliance for WordPress.org submission.
* Implemented full object caching for database results.
* Prefixed all global variables in admin views.

= 1.0.0 =
* Initial release.
