TrustBeacon Auditor Roadmap
Version: 0.1.0

Purpose

This roadmap lists possible future improvements for TrustBeacon Auditor. It is not a promise that every feature will be built. The purpose is to guide development in a practical order.

Phase 1: Core MVP

Goal:
Create a working plugin that audits the installed WordPress site and produces a plain-English trust report.

Core items:

* Admin menu page
* Audit runner
* Finding structure
* Score calculator
* Results table
* HTTPS checks
* Basic HTTP header checks
* SPF check
* DKIM check
* DMARC check
* DNS-related checks where supported
* Plain-English messages
* Recommendations
* Business impact field
* Trust Score and grade

Status:
In development.

Phase 2: Documentation and Usability

Goal:
Make the plugin easier to understand, install, test, and improve.

Planned items:

* readme.txt
* findings.txt
* scoring.txt
* roadmap.txt
* changelog.txt
* Inline admin help text
* Better explanation of each finding
* Clearer handling of NOT EVALUATED checks
* Safer wording for uncertain DNS checks
* Better empty-state and error messages

Phase 3: Test Coverage and Validation

Goal:
Reduce false positives and false negatives before public release.

Planned test environments:

* Local macOS test site
* GhostBSD test environment
* Hostinger-hosted WordPress site
* At least one additional WordPress installation if available

Planned test items:

* Check behavior on PHP versions 7.4, 8.0, 8.1, and 8.2 where possible
* Test missing SPF
* Test valid SPF
* Test missing DMARC
* Test weak DMARC with p=none
* Test stricter DMARC with quarantine or reject
* Test missing security headers
* Test partial security headers
* Test HTTPS-only site
* Test site with redirects
* Test hosting environments without DNSKEY support

Phase 4: Admin Interface Improvements

Goal:
Make the report more useful for non-technical users.

Possible improvements:

* Color-coded results
* Expand/collapse details
* Separate sections by category
* Top priority fixes list
* Plain-English executive summary
* Copyable report text
* Export to text or CSV
* Print-friendly report
* Basic help links

Phase 5: External Domain Option

Goal:
Allow the site owner to audit a domain other than the installed WordPress domain.

Possible use cases:

* A business owner with multiple websites
* A consultant reviewing a client site
* A site owner checking a related domain
* Checking email/DNS records before migration

Important considerations:

* Avoid encouraging misuse
* Clearly state that external checks use public information only
* Do not perform aggressive scanning
* Rate-limit checks
* Keep the feature optional

Phase 6: Reporting and Lead Generation

Goal:
Support responsible business use without turning the plugin into spamware.

Possible features:

* Save audit history
* Show score changes over time
* Export a client-friendly report
* Generate a plain-English summary
* Optional contact form integration
* Optional email report to the site owner
* Optional newsletter signup controlled by the site owner

Important rule:
The plugin should provide real value first. Marketing and lead generation should remain secondary.

Phase 7: Public Release Preparation

Goal:
Prepare the plugin for wider use.

Tasks:

* Review code for WordPress coding standards
* Escape all output correctly
* Sanitize all input correctly
* Use nonces where forms are submitted
* Confirm no private data is collected unnecessarily
* Confirm no external calls are made without clear purpose
* Add screenshots if submitting to WordPress.org
* Finalize readme.txt for WordPress.org format
* Review GPL licensing
* Prepare stable release tag

Phase 8: Future Premium or Service Layer

Goal:
Explore whether TrustBeacon Auditor can support a sustainable business.

Possible directions:

* Free plugin with basic audit
* Paid report export
* Paid monitoring service
* White-label reports for consultants
* Monthly trust monitoring
* Email deliverability review service
* WordPress hardening service
* DNS/email setup service

Business caution:
A plugin alone may not produce significant income. The stronger business may be consulting, monitoring, reports, or managed correction services built around the plugin.

Long-Term Vision

TrustBeacon Auditor should become a plain-English website trust checker for small website owners who do not understand DNS, email authentication, headers, or technical security settings.

The plugin should help them answer:

* Can visitors trust my website?
* Can mail systems trust my domain?
* Are obvious security signals missing?
* What should I fix first?
* Why does this matter to my business?
