=== NaveenCodes Login Guard ===
Contributors: shinu1503
Tags: login security, brute force, login protection, ip block, security
Requires at least: 6.5
Tested up to: 7.0
Requires PHP: 8.0
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Brute-force protection, live login-attempt log, IP block/allow lists, and instant email alerts — all on your server, zero external requests.

== Description ==

**Login Guard** is a powerful, privacy-first login security plugin that runs entirely on your own server — no cloud service, no external API calls, no telemetry.

= Core Features =

**Brute-Force Protection**
Automatically detects repeated failed login attempts from the same IP address. When a configurable threshold is reached, the IP is locked out and can be automatically added to the block list.

**Live Login Activity Log**
Every login attempt — successful, failed, or blocked — is recorded with IP address, username, user agent, and timestamp. Full filter, paginate, and export to CSV.

**IP Block List**
Manually block specific IP addresses, with permanent or time-limited expiry. Auto-blocked IPs are automatically pruned when their lockout period ends.

**IP Allow List**
Protect your own IP or your developer's IP from ever being blocked — even during testing.

**Instant Email Alerts**
Get notified when a suspicious number of failed attempts is detected from a single IP, or when a successful login occurs from a new location for any user.

**Dashboard Overview**
At-a-glance stats with a 7-day bar chart (no external chart libraries), auto-refreshed every 30 seconds.

**WP Admin Dashboard Widget**
Quick stats and last 5 login attempts visible from the main WordPress dashboard.

= Privacy =

Login Guard stores IP addresses and usernames in your own database. No data leaves your server.

= Free, Forever =

No upsells, no premium tier, no usage limits. Login Guard is completely free.

❤️ *Dedicated in loving memory of Maa — 18 May.*

== Installation ==

1. Upload the `naveencodes-login-guard` folder to `/wp-content/plugins/`
2. Activate through **Plugins → Installed Plugins**
3. Visit **Login Guard → Settings** to configure thresholds
4. Done — your site is now protected

== Frequently Asked Questions ==

= Will this lock me out of my own site? =

Add your own IP to the Allow List from **IP Manager → Allowed** to guarantee you are never blocked.

= Does it work with Cloudflare or load balancers? =

Yes. Login Guard checks `HTTP_CF_CONNECTING_IP`, `HTTP_X_REAL_IP`, and `HTTP_X_FORWARDED_FOR` before falling back to `REMOTE_ADDR`, so Cloudflare and most reverse-proxy setups work correctly.

= How do I unblock an IP? =

Go to **Login Guard → IP Manager → Blocked** and click **Unblock** next to the IP address.

= Does this slow down my login page? =

No. The lockout check is a single indexed database query — typically under 1 ms.

= Can I export the log? =

Yes. Click **Export CSV** on the Activity Log page to download the full log with applied filters.

= Does it send data to any external service? =

No. Every feature runs entirely on your server with zero external requests.

== Screenshots ==

1. Dashboard — stat cards + 7-day bar chart + recent attempts
2. Activity Log — full log with filters, inline Block IP button, CSV export
3. IP Manager — blocked and allowed lists with add/remove controls
4. Settings — thresholds, alerts, log retention

== Changelog ==

= 1.0.0 =
* Initial release
* Brute-force lockout (configurable max attempts + window + lockout duration)
* Login activity log with filters, pagination, and CSV export
* IP block list: manual + auto-block with optional expiry
* IP allow list: IPs that are never blocked
* Email alert on suspicious activity (configurable threshold)
* Email alert on successful login from a new IP address
* 7-day bar chart dashboard (no external libraries)
* WP Admin dashboard widget
* Block IP inline from activity log
* Daily cron: prune old log entries + expired blocks
* Full WP.org Plugin Check compliance

== Upgrade Notice ==

= 1.0.0 =
Initial release.
