=== Kripanov Anticopia ===
Contributors: kripanov
Tags: anti-copy, copy-protection, right-click, devtools, anti-scraping
Requires at least: 6.3
Tested up to: 7.1
Stable tag: 1.4.9
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Anti-copy protection: disables right-click, text selection, copy, paste, keyboard shortcuts, mobile long-press and browser inspection tools.

== Description ==

**Kripanov Anticopia** protects your WordPress content against content theft and web scraping. When activated, it disables keyboard shortcuts, right-click, copy and paste, text selection, image dragging, mobile long-press and browser inspection tools on your website.

In addition to the common copy methods, the anti-copy protection also blocks inspection tools (DevTools), poisons the clipboard on blocked copy attempts, and lets you exclude specific roles or URLs.

= Features =

* Disable the right-click context menu.
* Prevent text selection across the whole site.
* Block copy, cut and paste actions.
* Replace copied text with a custom protection notice (clipboard poison).
* Block keyboard shortcuts: `Ctrl/Cmd+C`, `Ctrl/Cmd+X`, `Ctrl/Cmd+V`, `Ctrl/Cmd+A`, `Ctrl/Cmd+S`.
* Block browser inspection tools: `F12`, `Ctrl/Cmd+Shift+I/J/C/K`, `Cmd+Option+I`, `Ctrl/Cmd+U`.
* Basic detection of DevTools being open.
* Prevent image dragging and add extra figure overlays.
* Block mobile long-press / callout gestures.
* Optional text watermark on featured images and post content images (overlay and/or burned file, position, opacity, size).
* Watermarks compatible with Gutenberg, Elementor, Divi and Newspaper/tagDiv (current and older builder versions).
* Exclude watermark by category or subcategory.
* Block printing (`Ctrl/Cmd+P`) and hide content on print.
* Early inline guard in `<head>` to reduce the unprotected load window.
* Customizable notice message shown when a copy attempt is made.
* Option to exclude administrators, specific roles and URL paths.
* Full settings panel under **Settings > Anticopia**.

= Compatibility =

Compatible with WordPress 7.0 and PHP 7.4 or greater. Uses the `defer` loading strategy of `wp_enqueue_script` (available since WP 6.3) to avoid blocking page rendering. Frontend-only: does not load scripts in wp-admin or the block editor, so it is unaffected by the iframed editor changes in WordPress 7.0.

= Privacy =

This plugin does **not** collect, send or store any personal data from your visitors. All processing happens client-side in the visitor's browser.

== Installation ==

1. Upload the `kripanov-anticopia` folder to the `/wp-content/plugins/` directory, or install the plugin from the **Plugins > Add New** menu in WordPress.
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Go to **Settings > Anticopia** and adjust the protections you want to apply.
4. Save your changes.

== Frequently Asked Questions ==

= Is the anti-copy protection 100% foolproof? =

No. No client-side protection is absolute: a technically skilled user can disable JavaScript or use advanced tools. However, for 99% of visitors and simple scrapers the protection is very effective and greatly hinders content theft.

= Can administrators be excluded from the protection? =

Yes. By default, users with the `manage_options` capability are excluded so they can continue editing, copying and inspecting the site during their work. This option can be disabled from the plugin settings. You can also exclude additional roles and specific URL paths.

= Does it affect site performance? =

Not noticeably. The script is very lightweight and is loaded with the `defer` strategy so it does not block page rendering. A tiny early guard is also printed in the document head.

= Does it work with contact forms and comments? =

Yes. The plugin detects `input`, `textarea`, `select` fields and elements with `contenteditable="true"`, allowing users to type, copy and paste inside them normally.

= Does it work on mobile devices? =

Yes. Selection, context menu, image dragging and long-press protections work on both desktop and mobile devices.

= Can I customize the notice message? =

Yes. From **Settings > Anticopia** you can edit the toast text and the clipboard replacement text shown when a visitor tries to copy content.

== Screenshots ==

1. Plugin settings panel under **Settings > Anticopia**.
2. Floating notice shown when attempting to copy content.
3. Granular options to enable or disable each type of protection.

== Changelog ==

= 1.4.9 =
* Admin: when Enable protection is off, all Protections toggles are disabled until it is turned on.

= 1.4.8 =
* Admin: when Enable watermark is off, all watermark options are disabled until it is turned on.

= 1.4.7 =
* Overlay and Burned watermark modes are mutually exclusive in settings (UI + save). Only one can be active at a time.

= 1.4.6 =
* Fix: excluded categories (e.g. Obituario / Funeraria Faundez) were still getting burned thumbs — JS ignored `.anticopia-wm-skip` on module cards, and category archives never set `skipPage`.

= 1.4.5 =
* Fix: single featured burn in Newspaper/Cloud Library — resolve the real post ID (not the `tdb_templates` CPT) and stop skipping thumbs nested in `<header>`.
* Fix: strip `srcset` before swapping burned URLs so the browser cannot keep the unmarked image.

= 1.4.4 =
* Fix: burned watermark now applies to the single-post featured image in Newspaper/Cloud Library (hooks `wp_get_attachment_image_src` and disables competing `srcset`).

= 1.4.3 =
* Fix: burn watermark on Newspaper Cloud Library single featured image (`.tdb_single_featured_image`).
* Fix: skip PHP burn during AJAX infinite scroll (`td_ajax_block`); DOM applicator re-runs after Newspaper ajaxComplete.

= 1.4.2 =
* Fix: critical error when burning watermarks on images with incomplete attachment metadata (`Illegal string offset 'large'`).

= 1.4.1 =
* Fix: burned-only mode blanked featured images (admin-ajax returned 403 because `is_admin()` is true there).
* Burned images are served via frontend `?kripanov_wm=1` and fall back to the original photo if burn fails.
* JS preloads burned URLs before swapping so thumbs never disappear.

= 1.4.0 =
* Watermark compatibility expanded for Gutenberg, Elementor (Theme Builder / Loop Grid) and Divi, in addition to Newspaper/tagDiv.
* DOM applicator uses host overlays (no layout-breaking wraps) and re-runs on Elementor/Divi frontend init events.
* Server-side hooks: `elementor/frontend/the_content`, `elementor/widget/render_content`, `et_builder_render_layout`.

= 1.3.3 =
* Fix: Newspaper category modules show featured image again (watermark overlays the thumb without wrapping `.entry-thumb` / `td-thumb-css`).

= 1.3.2 =
* Fix: watermarks now work with Newspaper / tagDiv (featured `.entry-thumb` and in-post images) via a DOM applicator.
* Burned mode: AJAX helper rewrites image URLs for themes that bypass `post_thumbnail_html`.

= 1.3.1 =
* Redesigned settings screen: modern cards, teal status hero, toggle switches and sticky save sidebar.

= 1.3.0 =
* New: burn watermark into cached image copies (originals untouched) so Save image / direct URL keep the mark.
* Overlay mode and burned mode as separate options (if both are on, burned is used).
* Exclude watermark by category / subcategory (slug, name or ID), e.g. `obituario`. Excluding a parent also skips its children.

= 1.2.0 =
* New: text watermark for featured images and post content images.
* Watermark options: enable per target, custom text, transparency, size and position (featured / content separately).

= 1.1.1 =
* Fix: YouTube/Vimeo and other video embeds are clickable again on mobile (figure image overlay no longer covers iframes).
* Exclude embeds, video and audio from image/touch protection so play controls work normally.

= 1.1.0 =
* Clipboard poison: replace blocked copy/cut content with a custom notice text.
* Mobile long-press / touch-callout protection.
* Extra image protection (figure overlays, block Ctrl/Cmd+click and middle-click on images).
* Exclude protection by WordPress role slugs.
* Exclude protection by URL / path patterns (supports `*`).
* Early inline guard in `wp_head` to reduce the unprotected window before deferred JS loads.
* Improved editable-field detection (`select`, nested `contenteditable`).
* Expanded macOS DevTools shortcuts (Cmd+Option+I/J/C/U).
* Skip protection on the WordPress login screen.

= 1.0.1 =
* Verified compatibility with WordPress 7.0.
* Replaced `wp_localize_script()` with `wp_add_inline_script()` for passing configuration to JavaScript.
* Minimum WordPress version raised to 6.3 (required for the `defer` script loading strategy).

= 1.0.0 =
* Initial release.
* Disables right-click, text selection, copy, cut and paste.
* Blocks keyboard shortcuts (Ctrl+C, Ctrl+X, Ctrl+V, Ctrl+A, Ctrl+S, Ctrl+P).
* Blocks browser inspection tools (F12, Ctrl+Shift+I/J/C/K, Ctrl+U).
* Basic detection of DevTools being open.
* Prevents image dragging.
* Blocks printing and hides content via `@media print`.
* Admin settings panel with granular options.
* Customizable notice message.
* Option to exclude administrators.
* Compatible with WordPress 6.9 and PHP 7.4+.

== Upgrade Notice ==

= 1.1.0 =
Stronger client-side protection: clipboard poison, mobile gestures, image overlays and role/URL exclusions.

= 1.0.1 =
Verified compatibility with WordPress 7.0.

= 1.0.0 =
Initial stable release. Full anti-copy protection compatible with WordPress 6.9.
