=== GuestDock ===
Contributors: rakibantor
Donate link: https://degird.com/
Tags: guest post, contributor, editorial workflow, sandboxing, security
Requires at least: 5.8
Tested up to: 6.9
Requires PHP: 8.0
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

GuestDock is a secure, isolated guest authoring system for WordPress. Invite contributors with time-limited access and strict sandboxing.

== Description ==

**GuestDock** is an industry-standard WordPress plugin designed to allow guest users to post content with temporary, strictly limited, and completely isolated access to the WordPress backend.

Unlike standard contributor roles, GuestDock creates a "Sandbox" environment. Guests are completely siloed: they can only view, edit, and interact with their own posts and their own media uploads. They cannot see other users' drafts, media files, or sensitive site configurations.

This plugin is perfect for multi-author blogs, news sites, and brands that want to accept guest contributions without compromising security or site performance.

### Key Features:

* **Strict Sandbox Isolation:** Guests are restricted via `pre_get_posts` and `ajax_query_attachments`. They only see what they created.
* **Time-Limited Access:** Set exact expiration dates. Accounts automatically lose access once the time is up.
* **Post Quantity Limits:** Control exactly how many posts a guest can submit.
* **Advanced Editorial Workflow:** Return posts to "Draft" with inline feedback notes. Notify guests automatically upon approval.
* **SEO & Spam Protection:** Limit external links per post and automatically inject `rel="nofollow sponsored"` attributes to protected site SEO.
* **Content QA Enforcement:** Disable the "Submit" button until guests meet minimum word counts, upload a featured image, and provide an excerpt.
* **Media Security:** Strict MIME type validation, file size limits (e.g., 2MB), and double-extension checks to prevent server abuse.
* **Frontend Request Form:** Use the `[guestdock_request_form]` shortcode to let users apply for guest access directly from your site.
* **Gutenberg Ready:** Native integration with the block editor, providing dynamic "Post Requirements" notices to guide authors.
* **Gutenberg Block Restriction:** Prevent malicious layout breaking by restricting guests to only safe blocks (e.g., Paragraph, Image) and disabling Custom HTML/Code blocks.
* **Category Locking:** Restrict guest posts to specific pre-approved categories to keep your site organization clean.
* **Custom Instruction Field:** Add pre-filled writing guidelines that appear directly in the guest's dashboard and post editor.
* **Mail Customization:** Fully customize the subject and body of all automated emails (Invites, Feedback, Approvals, Requests).
* **API & XML-RPC Security:** Completely disables XML-RPC access and tightly secures REST API endpoints for guest accounts.
* **Easy Guest Management:** Inline editing of expiration dates and post limits directly from the admin dashboard.
* **Smart User Removal:** Delete guests while safely reassigning their posts to an administrator to prevent content loss.
* **Auto Username Generation:** Automatically generate usernames from email prefixes during guest creation.
* **In-Plugin Documentation:** Built-in "Help" and "Shortcode Reference" tabs for instant admin guidance.

### Documentation & Resources

For a complete step-by-step guide on how to use GuestDock, including setup and workflows for both administrators and guest authors, please read our [GuestDock User Guide](https://wpinlearn.com/guestdock-user-guide).

To learn more about the philosophy behind GuestDock and why it's the ultimate solution for your WordPress site, check out our blog post: [The Ultimate Way to Manage Guest Posts on WordPress](https://wpinlearn.com/manage-guest-posts-wordpress-guestdock).

== Installation ==

1. Upload the `guestdock` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the 'Plugins' menu in WordPress.
3. Navigate to the **GuestDock** menu in your dashboard to configure settings.
4. (Optional) Create a "Write for Us" page and add the `[guestdock_request_form]` shortcode.

== Frequently Asked Questions ==

= Can guests see my other posts or media? =
No. GuestDock uses deep hooks into the WordPress query engine to ensure guests can only see and manage their own content and media uploads.

= What happens when a guest's access expires? =
The user will be blocked from logging in or redirected away from the admin area. Their published posts remain on the site, reassigned to a designated administrator if the guest user is deleted.

= Does this work with the Block Editor (Gutenberg)? =
Yes, GuestDock is fully optimized for the modern WordPress block editor and includes custom validation rules directly in the editor UI.

= Can I restrict guests to specific categories? =
Yes. You can "lock" guest users to one or more admin-approved categories to keep your site organization clean.

= How do I notify guests about feedback? =
When you return a post to "Draft" status, you can include a feedback note. The guest will see this note prominently on their Guest Dashboard and within the post editor.

== Screenshots ==

1. The Guest Dashboard showing access limits and expiration status.
2. The Admin interface for managing guest invites and durations.
3. The Gutenberg editor with GuestDock QA requirements (Word count, featured image).
4. The Frontend Request Form generated via shortcode.

== Changelog ==

= 1.0.0 =
* Initial Release.
* Core Access Control with the `guestdock_guest` role.
* Strict Sandbox isolation for posts and media.
* Time-based expiration and post submission quotas.
* Editorial workflow with "Admin Feedback" system.
* Content QA rules: Word counts, link limits, and required images.
* SEO protection: Auto-nofollow/sponsored attributes for guest links.
* Frontend `[guestdock_request_form]` shortcode.
* Enhancement: Rebranded plugin to GuestDock, updating text domain and metadata.
* Enhancement: Refactored asset loading to a standardized enqueue system, removing hardcoded scripts/styles.
* Security: Enforced strict late escaping (`esc_html`, `esc_attr`, `esc_url`) across all views.
* Security: Refactored JavaScript data passing to use secure `wp_json_encode`.
* Security: Removed "nag" UI patterns and hardened administrative capability checks.

== Upgrade Notice ==

= 1.0.0 =
Initial version. Install now to start accepting secure guest posts.
