=== OPI Security Boost ===
Contributors: mpietrzak, mruszczyk, iworks, litys
Donate link: https://ko-fi.com/iworks?utm_source=opi-security-boost&utm_medium=readme-donate
Tags: security, hardness 
Requires at least: 6.0
Tested up to: 7.0
Stable tag: 1.3.2
Requires PHP: 8.2
License: GPLv3 or later
License URI: https://www.gnu.org/licenses/gpl-3.0.html

OPI Security Boost plugin adds basic hardness to your site.

== Description ==

OPI Security Boost plugin adds basic hardness to your site.

== Features ==

* Security Configuration Management:
  - Automated generation and management of `/security.txt` file for security settings
  - Implementation of `/pgp-key.txt` file for secure key management

* User Management and Security:
  - Automated user roles reset after configurable inactivity period
  - Enhanced user list table with additional security information:
    - User registration date tracking
    - Last login timestamp recording
  - Random ID generation for new user accounts
  - Protection against user enumeration attacks

* API and Frontend Security:
  - Restriction of REST API endpoints for non-logged-in users
  - Removal of WordPress version information from frontend
  - Elimination of Really Simple Discovery (RSD) meta tag
  - Removal of Windows Live Writer meta tag

* Security Hardening:
  - Role-based access control with configurable reset periods
  - Enhanced user data visibility for security audits on users list table

== Installation ==

There are 3 ways to install this plugin:

= 1. The super easy way =
1. In your Admin, go to menu Plugins > Add.
1. Search for `opi-security-boost`.
1. Click to install.
1. Activate the plugin.

= 2. The easy way =
1. Download the plugin (.zip file) on the right column of this page.
1. In your Admin, go to menu Plugins > Add.
1. Select button `Upload Plugin`.
1. Upload the .zip file you just downloaded.
1. Activate the plugin.

= 3. The old and reliable way (FTP) =
1. Upload `opi-security-boost` folder to the `/wp-content/plugins/` directory.
1. Activate the plugin through the 'Plugins' menu in WordPress.

== Frequently Asked Questions ==

== Screenshots ==

== Changelog ==

= 1.3.2 (2026-05-18) =
* Added blocked usernames functionality.

= 1.3.1 (2026-04-16) =
* Fixed issue with role downgrade warning not being marked properly.

= 1.3.0 (2026-04-16) =
* Added interation with [Simple History](https://wordpress.org/plugins/simple-history/) plugin.
* Added role downgrade warning functionality with configurable notification days.
* Enhanced user data visibility with last login date display in days.
* Improved code organization and maintainability.
* Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 3.1.0.

= 1.2.3 (2025-12-18) =
* Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 3.0.9.

= 1.2.2 (2025-08-18) =
* Added `check_option_object` method to the main class.

= 1.2.1 (2025-07-03) =
* Added charset to security.txt file.
* Added charset to pgp-key.txt file.
* Added `print_headers` method to the main class.
* Added no cache headers to the main class.
* Added `links_info` method to the main class.
* Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 3.0.7.

= 1.2.0 (2025-05-20) =
* Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 3.0.1.
* Added `blueprint.json` to allow testing plugin on WordPress.org.
* Added user roles reset functionality with enhanced security features:
  - New option to allow automatic role reset after specified days.
  - Selective role reset for specific user roles.
  - Exclusion of specific users from role reset.
  - Enhanced user query optimization.
  - Added proper sanitization for options.
  - Improved code organization and maintainability.

= 1.1.2 (2025-03-27) =
* Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 2.9.9.
* The issue with the saving multiple option value has been resolved.

= 1.1.1 (2025-03-12) =
* Improved build process for better performance and efficiency.
* Updated the [iWorks Options](https://github.com/iworks/wordpress-options-class) module to version 2.9.8.

= 1.1.0 (2025-02-17) =
* Auto lowering user privileges after a year without login has been added.
* The `_load_textdomain_just_in_time()` notice has been fixed.
* The build process has been improved.
* The `security.txt` configuration has been added.
* The `pgp-key.txt` configuration has been added.

= 1.0.7 (2024-10-12) =
* Random ID generation for new user account has been added.

= 1.0.6 (2024-01-22) =
* The plugin has been published on WordPress.org.

= 1.0.5 (2023-10-19) =
* Implementation of comments submitted by WordPress Plugin Review Team.
* Users REST API for logged users has been restored.

= 1.0.4 (2023-08-01) =
* Directory indexes were been added.

= 1.0.3 (2023-07-31) =

* The last login date has been added to user login action.
* The last login date and the registration date were been added to users list table.

= 1.0.2 (2023-07-28) =

* The WordPress version has been removed from front-end.
* The `/readme.html` will be removed if there is proper files rights.

= 1.0.1 (2023-07-24) =

* Really Simple Discovery meta tag has been removed from front-end.
* Windows Live Writer meta tag has been removed from front-end.

= 1.0.0 (2023-07-21) =

* A prevent for enumerating users has been added:
** The `?author=\d+` query string has been redirected to the main page.
** The login form messages have been unified to remove information about account existence.
* Users related REST API endpoints have been removed.

== Upgrade Notice ==
