=== Rabbit SEO ===
Contributors: rabbitseo
Tags: seo, rabbitseo, optimization, application password, rest api
Requires at least: 5.6
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connect WordPress to Rabbit SEO with a secure Application Password, automatic script embed, and REST API access.

== Description ==

Rabbit SEO Connector links your WordPress site to [Rabbit SEO](https://www.rabbitseo.com) so you can:

* Automatically embed the Rabbit SEO frontend script using your website GUID
* Allow Rabbit SEO to read pages and posts over the WordPress REST API
* Prepare secure access for future automatic posts, media uploads, and SEO metadata updates

This plugin never asks for your main WordPress login password. It creates a WordPress Application Password named "Rabbit SEO" and sends it once to Rabbit SEO over HTTPS.

== Installation ==

1. Download `rabbitseo-connector.zip`.
2. In WordPress Admin go to Plugins â†’ Add New â†’ Upload Plugin.
3. Upload the ZIP and click Install Now.
4. Activate **Rabbit SEO Connector**.
5. Open the **Rabbit SEO** menu page.

== Connection instructions ==

1. In Rabbit SEO, add or edit your website and choose platform WordPress.
2. Download the connector (or use this ZIP) and install it on WordPress.
3. In Rabbit SEO click Connect to WordPress. You will be redirected to WordPress Admin with a short-lived token.
4. Review the permissions and click **Approve and Connect**.
5. Return to Rabbit SEO and click **Verify Connection**.

Local development tip: define `RABBITSEO_API_BASE_URL` in `wp-config.php` (for example `http://localhost:8080/`) to point at a local Rabbit SEO server.

== Privacy / data disclosure ==

After you approve the connection, Rabbit SEO receives:

* Site URL, home URL, REST API URL
* WordPress username
* One-time Application Password (stored encrypted by Rabbit SEO; never saved by this plugin)
* Website GUID, WordPress version, plugin version, connection ID

This plugin stores only non-secret connection metadata locally (GUID, connection ID, Application Password UUID, script settings). Your main WordPress password is never requested or stored.

== Frequently Asked Questions ==

= Why do I need HTTPS? =

WordPress Application Passwords require a secure environment on production sites.

= Does this overwrite Yoast / Rank Math / AIOSEO? =

No. Rabbit SEO metadata is stored under `_rabbitseo_*` keys and does not silently overwrite third-party SEO plugin fields.

= Can I disable the script without disconnecting? =

Yes. Use the script checkbox on the Rabbit SEO admin page.

== Changelog ==

= 1.1.0 =
* Outbound site snapshot sync to Rabbit SEO (HMAC signed) for Cloudflare-safe audits.
* Sync now control, daily safety sync, and publish/update/delete incremental updates.
* Snapshot shared secret established during Approve and Connect.

= 1.0.0 =
* Initial production release.
* Secure Application Password connection flow.
* Frontend script embed with approved CDN allowlist.
* Custom REST API under `rabbitseo/v1`.
* Rabbit SEO owned SEO metadata endpoint and output.
