=== NetShield - Request Blocker ===
Contributors: behi76
Tags: performance, security, blocker, http, network
Requires at least: 6.0
Tested up to: 6.9
Stable tag: 1.0.0
Requires PHP: 8.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Scans and blocks unreachable or unwanted external HTTP requests to dramatically optimize WordPress loading speed on restricted networks.

== Description ==

**NetShield - Request Blocker** helps WordPress administrators identify and block external HTTP requests that the server cannot reach due to network restrictions, firewalls, or internet access limitations.

On restricted or internal networks, WordPress and plugins often make dozens of outbound HTTP requests on every page load (to Google Fonts, CDNs, analytics services, etc.). When those endpoints are unreachable, each request stalls and waits for a timeout — silently slowing your site down.

NetShield solves this by:

1. **Scanning** a curated list of common external endpoints using the WordPress HTTP API.
2. **Identifying** which ones are unreachable from your server.
3. **Blocking** future requests to those endpoints via WordPress's `pre_http_request` filter — so they never wait for a timeout again.

= Key Features =

* **On-demand network scanner** — test 27 common external endpoints (WordPress.org, Google APIs, CDNs, social platforms, analytics).
* **Selective blocking** — choose which unreachable addresses to block; toggle any entry on/off without deleting it.
* **Manual entries** — add any domain, URL, or IP address to the block list manually.
* **Context-aware rules** — block requests only on the admin side, only on the frontend, or both.
* **Bulk actions** — enable, disable, or delete multiple entries at once.
* **Graphical settings page** — modern, tab-based admin UI with real-time stats, toast notifications, and toggle switches.
* **Master switch** — enable or disable the plugin's blocking functionality instantly without deactivating it.
* **Auto-block on scan** — optionally mark all unreachable URLs as blocked automatically after each scan.
* **Transient caching** — blocked URL lists are cached in WordPress transients for optimal performance.
* **Clean uninstall** — all data (database table, options, transients, capabilities) is removed on plugin deletion.

= Use Cases =

* WordPress sites hosted on intranets or servers with restricted outbound internet access.
* Development environments behind corporate firewalls.
* Any WordPress site where external HTTP request timeouts are causing slow admin or frontend load times.

= Technical Details =

* Uses WordPress `pre_http_request` filter for zero-overhead blocking (no request is even initiated).
* Custom database table (`wp_nsb_blocked_urls`) for storing and managing blocked entries.
* REST API endpoints (`/wp-json/netshield/v1/`) for all admin UI interactions.
* PHP 8.1+ with strict typing, readonly DTOs, and backed enums.
* No external dependencies — no Composer required, built-in PSR-4 autoloader.

== Installation ==

1. Upload the `netshield-blocker` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Navigate to **NetShield** in the admin sidebar.
4. Click **Start Scan** to discover unreachable endpoints.
5. Toggle blocking on for the entries you want to block.

== Frequently Asked Questions ==

= Will this break my site? =

No. The plugin only intercepts requests to domains/URLs that you explicitly mark as "blocked". You are always in control. Use the toggle on each entry to enable or disable blocking at any time.

= What happens when a request is blocked? =

WordPress's HTTP API returns a `WP_Error` immediately instead of waiting for a network timeout. This means zero wait time instead of potentially 5–30 seconds per blocked request.

= Can I block a custom domain that is not in the scan list? =

Yes. Use the **Add Entry Manually** form in the **Blocked URLs** tab to add any domain, full URL, or IP address.

= Does blocking affect admin and frontend separately? =

Yes. Each entry has a **Context** setting (Admin Only / Frontend Only / Both). You can also enable/disable blocking globally for admin and frontend separately from the Settings tab.

= Is my data removed when I uninstall the plugin? =

Yes. `uninstall.php` removes the database table, all plugin options, transients, and the custom administrator capability.

== Screenshots ==

1. Scanner tab — run on-demand scans and view results.
2. Blocked URLs tab — manage all blocked entries with toggles and bulk actions.
3. Settings tab — configure blocking scope and scan options.

== Changelog ==

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
