=== TrustBeacon Auditor ===
Contributors: fiatlux5775
Feedback: jmc@canon.org
Tags: security, dns, email security, headers, ssl, wordpress audit, trust score
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 0.1.7
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

TrustBeacon Auditor checks basic website trust signals and presents plain-English results for small website owners.

== Description ==

TrustBeacon Auditor is a simple WordPress plugin that reviews common trust, security, and configuration signals for the website where it is installed.

The goal is not to replace a full professional security audit. Instead, the plugin gives small business owners, bloggers, churches, nonprofits, and independent website operators a clear first-level report about issues that may affect visitor trust, email delivery, search engine confidence, and basic website safety.

The plugin currently focuses on checks such as:

* HTTPS and SSL availability
* HTTP security headers
* DNS-related trust signals
* Email authentication records such as SPF, DKIM, and DMARC
* Basic WordPress/site configuration signals
* Plain-English findings with recommendations and business impact notes
* A Trust Score and trust level to summarize the results

TrustBeacon Auditor is designed to explain technical issues in business language. Many website owners do not know what DNS, SPF, DKIM, DMARC, or HTTP headers mean. The plugin attempts to translate these checks into useful guidance.

== Important Notice ==

TrustBeacon Auditor provides informational checks only. A passing score does not guarantee that a website is secure, compliant, or free of vulnerabilities. A low score does not necessarily mean the site is compromised. Results should be treated as a starting point for review.

Some checks depend on server configuration, hosting provider behavior, PHP functions available on the host, DNS propagation, and third-party services. Results may vary by environment.

== Installation ==

1. Upload the `trustbeacon-auditor` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the WordPress Plugins screen.
3. Open the TrustBeacon Auditor menu item in the WordPress admin area.
4. Run the audit for the current website.
5. Review the Trust Score, trust level, findings, recommendations, and business impact notes.

== Frequently Asked Questions ==

= Is this a full security audit? =

No. TrustBeacon Auditor is a first-level trust and configuration review. It is intended to identify common problems and explain them clearly.

= Does this plugin fix issues automatically? =

No. The current version reports findings and recommendations. It does not automatically change DNS records, server headers, WordPress settings, or hosting configuration.

= Can I audit a website I do not own? =

The plugin is currently designed to audit the installed WordPress site. Future versions may support optional external domain checks, but the first version focuses on the current site.

= Why do some DNS checks say that additional review is recommended? =

Some hosting environments do not support all DNS record types through PHP. For example, DNSSEC/DNSKEY checks may not be fully available on every server. In those cases, the plugin avoids making a false claim and recommends additional review.

= Why does the score matter? =

The score gives a quick summary, but the individual findings are more important. A site owner should review the specific failed or warning checks and correct the most important issues first.

== Current Limitations ==

* The plugin does not perform vulnerability scanning.
* The plugin does not test every possible DNS or email configuration.
* Some checks may depend on the PHP functions available on the host.
* The plugin does not currently audit arbitrary external domains from the admin interface.
* The score is a guidance tool, not a certification.

== External services ==

TrustBeacon Auditor performs remote HTTPS requests to websites selected
by the site administrator in order to audit publicly available trust
signals.

The plugin connects directly to the website being audited to inspect
information such as:

* SSL certificate availability
* HTTP response headers
* Cloudflare detection
* Security plugin indicators

Data transmitted:

* The domain name entered by the administrator.
* Standard HTTP request headers, including a User-Agent string.

These requests occur only when an administrator initiates an audit.

No personal visitor information is collected, stored, or transmitted.

The plugin does not use any third-party commercial APIs.

Privacy Policy:
https://itechguide.com/privacy-policy/

Terms of Use:
https://itechguide.com/terms-of-use/

== Changelog ==

= 0.1.7 =
* Revised scoring so INFO findings do not affect the score and WARN findings receive partial credit.

= 0.1.0 =
* Initial development version.
* Added audit runner.
* Added scoring calculator.
* Added finding structure.
* Added admin results table.
* Added basic trust, DNS, email, and header checks.
* Added plain-English recommendation and business impact fields.
