=== NMIP Guard ===
Contributors: nmipguard
Tags: security, fraud, click-fraud, bot, analytics
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.4.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Protect your website and ad budget from bots, click fraud, and invalid traffic — powered by the NMIP Guard fraud-prevention platform.

== Description ==

**NMIP Guard** connects your WordPress site to the [NMIP Guard](https://nmipguard.com) platform to keep bots, click fraud, and invalid traffic away from your site and your advertising budget.

Once connected, NMIP Guard analyzes your visitors in real time, identifies fraudulent activity, and protects your site automatically. You manage everything from your NMIP Guard dashboard.

= What NMIP Guard does for you =

* **Detects bots and fraud** — analyzes every visitor and separates real users from automated and malicious traffic.
* **Protects your ad budget** — identifies invalid ad clicks you can report to Google Ads to reclaim wasted spend.
* **Blocks high-risk traffic** — optionally stops dangerous visitors before they reach your site.
* **Monitors uptime** — alerts you within seconds if your site goes down.
* **Privacy-first** — an optional consent banner helps you stay compliant with GDPR / KVKK.

All analysis runs securely on the NMIP Guard platform; the plugin simply connects your site to it.

= External Service & Data Disclosure =

NMIP Guard is a cloud service. To detect fraud, the plugin securely sends visitor session data to `https://nmipguard.com`. **No data leaves your server until you add a valid API key in NMIP Guard → Settings.**

Data sent for analysis includes:

* IP address and browser/device information
* Pages visited and referrer
* On-page activity (time on page, scroll, clicks)
* Technical signals used to identify bots
* Ad-click and campaign parameters (e.g. gclid, fbclid, UTM tags)

This data is used **only** for fraud detection, bot identification, and ad-click validation, in line with our [Privacy Policy](https://nmipguard.com/privacy) and [Terms of Service](https://nmipguard.com/terms). If your jurisdiction requires explicit consent (e.g. GDPR, KVKK), enable the built-in consent banner so tracking starts only after the visitor opts in.

== Installation ==

1. Install and activate the plugin.
2. Go to **NMIP Guard → Settings** and enter your **Site API key** (found in your NMIP Guard dashboard under *My Sites*).
3. Enable **visitor tracking** to start protecting your site.
4. *(Optional)* Enable the **consent banner** if your region requires visitor opt-in.

Your site is now connected and protected.

== Frequently Asked Questions ==

= Do I need an NMIP Guard account? =

Yes. The plugin connects your site to the NMIP Guard platform, where all analysis and protection happens. Create an account at [nmipguard.com](https://nmipguard.com).

= Is my visitors' data safe? =

Yes. Data is sent only to NMIP Guard, only after you add your API key, and is used solely for fraud detection and ad-click validation. See our Privacy Policy and Terms of Service.

= Do I need visitor consent? =

It depends on your local laws (e.g. GDPR, KVKK). The plugin includes an optional consent banner that starts tracking only after the visitor agrees. Consult your legal advisor.

= Does it slow down my site? =

No. The plugin is lightweight and serves its tracker from your own server — no external scripts are loaded.

= What happens without a valid API key? =

Nothing is sent. Protection and reporting begin once you save a valid API key in Settings.

== Screenshots ==

1. NMIP Guard dashboard — live traffic, bot ratio, and blocked-IP overview.
2. Invalid-click report — flagged IPs ready to submit to Google Ads.

== Changelog ==

= 1.4.1 =
* Security hardening — stronger protection against spoofing of the request-flood counter and the auto-block list. Sites behind Cloudflare or a reverse proxy can enable the new "Behind a CDN / reverse proxy" option in Settings.
* Improved compliance with WordPress coding standards.

= 1.4.0 =
* Site uptime monitoring — detects outages within seconds and alerts you.
* Optional health URL for third-party uptime services on low-traffic sites.

= 1.3.0 =
* Automatic blocking — optionally blocks high-risk visitors in real time. Administrators are never blocked; threshold and duration are configurable.

= 1.2.0 =
* Faster reporting — visitor sessions are sent to NMIP Guard immediately, with automatic fallback.

= 1.1.1 =
* Redesigned admin dashboard and settings with the NMIP Guard brand identity.

= 1.1.0 =
* Added optional GDPR / KVKK consent banner.
* Added request-flood / DDoS detection with automatic security alerts.
* Improved bot detection and admin dashboard.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.4.1 =
Security hardening for visitor-IP detection. If your site runs behind Cloudflare or a CDN/reverse proxy, enable "Behind a CDN / reverse proxy" in Settings.
