=== SiteGuard WP Plugin ===
Contributors: jp-secure
Donate link: -
Tags: security, login lock, login alert, captcha, pingback
Requires at least: 6.0
Tested up to: 7.0
Stable tag: 1.7.12
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Adds WordPress login and admin protections, including CAPTCHA, login lock, login alerts, renamed login URLs, and SiteGuard WAF tuning support.

== Description ==

SiteGuard WP Plugin helps protect WordPress sites by strengthening login and admin-area security. It helps reduce brute-force login attacks, password list attacks, comment spam, and unauthorized access to `/wp-admin/`.

= Main Features =

* Admin Page IP Filter: Restricts wp-admin access to IP addresses that have successfully logged in.
* Rename Login: Changes the URL of the login page from `wp-login.php` to a custom path.
* CAPTCHA: Adds CAPTCHA to login, comment, password reset, and user registration forms.
* Login Lock: Temporarily locks out IP addresses after repeated failed login attempts.
* Login Alert: Sends email notifications when users log in.
* Fail Once: Intentionally rejects the first valid login attempt and requires the user to try again shortly after.
* Protect XML-RPC: Disables pingbacks or all XML-RPC access to help prevent abuse.
* Block Author Query: Helps prevent username leakage through `/?author=<number>` requests.
* Update Notifications: Sends email notifications when updates are available for WordPress core, plugins, or themes.
* WAF Tuning Support: Creates exclusion rules to help prevent false positives when SiteGuard Server Edition WAF is installed.

= Requirements and Compatibility =

* WordPress multisite is not supported.
* Apache 1.3, Apache 2.x, and Nginx are supported.
* CAPTCHA requires the PHP extensions `mbstring` and `gd`.
* WAF Tuning Support requires SiteGuard Server Edition on Apache.

= Documentation =

Documentation, FAQs, and more details are available in [English](https://www.jp-secure.com/siteguard_wp_plugin_en/) and [Japanese](https://www.jp-secure.com/siteguard_wp_plugin/).

= Translations =

This plugin is translated by the community. We appreciate your help with translations on the [WordPress translation platform](https://translate.wordpress.org/projects/wp-plugins/siteguard/).

== Installation ==

= From the WordPress Dashboard =

1. In the WordPress dashboard, go to Plugins > Add New.
2. Search for "SiteGuard WP Plugin".
3. Install and activate the plugin.

= Manual Installation =

1. Search for and download "SiteGuard WP Plugin".
2. In the WordPress dashboard, go to Plugins > Add New > Upload Plugin.
3. Upload the downloaded ZIP file.
4. Install and activate the plugin.

== Screenshots ==

1. SiteGuard WP Plugin dashboard.

== Frequently Asked Questions ==

For FAQs, see the [English](https://www.jp-secure.com/siteguard_wp_plugin_en/faq.html) or [Japanese](https://www.jp-secure.com/siteguard_wp_plugin/faq.html) documentation.

== Changelog ==

= 1.8.0 =

* Added support for Nginx and Apache environments that do not use an .htaccess file.
* Improved Login Lock to apply to authentication attempts via XML-RPC.
* Reviewed and updated the English strings. Special thanks to abcdrew.

Special thanks to Daiki Honda for his contributions to this release.

= 1.7.12 =

* Fixed an authorization vulnerability in the login history. Special thanks to Ficus Inc.
* Mitigated CAPTCHA authentication failures in some environments.

= 1.7.11 =

* Fixed an issue where a syntax error occurred in PHP 5.6 or earlier.

= 1.7.10 =

* Fixed a Guessable CAPTCHA vulnerability (CVE-2026-27411). Special thanks to Patchstack.

= 1.7.9 =

* Fixed a deprecated notice for the get_currentuserinfo() function.

= 1.7.8 =

* Fixed a warning that occurred in version 1.7.7.

= 1.7.7 =

* Fixed a bug where the renamed login URL was leaked when wp-register.php was accessed.

= 1.7.6 =

* Fixed an issue where a warning occurred on the login screen in PHP 8.x environments.

= 1.7.5 =

* Fixed an issue where a fatal error occurred on the Update Notifications screen in PHP 8.x environments.

= 1.7.4 =

* Changed the directory for storing CAPTCHA image files to wp-content/siteguard/.
* Fixed some bugs.

= 1.7.3 =

* Fixed an issue where password reset emails could not be sent from the admin page when CAPTCHA was enabled.

= 1.7.2 =

* Reviewed and modified source code related to security.

= 1.7.1 =

* Fixed an issue where a syntax error occurred in PHP 5.6 or earlier.

= 1.7.0 =

* Removed the ability to get the client IP address from X-Forwarded-For due to IP spoofing risk.
