=== Ulasaslan Site Scanner ===

Contributors: ulasaslan
Tags: performance, seo, security, woocommerce, audit
Requires at least: 6.4
Tested up to: 7.0
Requires PHP: 8.2
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

AI-powered health auditor. Scans performance, SEO, images, security, and WooCommerce — explains every issue and tracks your score over time.

== Description ==

**Ulasaslan Site Scanner** is an AI-powered technical auditor for WordPress. Run a full scan in seconds and receive a structured health report covering six areas: performance, SEO, images, cache, security, and WooCommerce. Every issue includes a plain-language explanation and a fix recommendation. An optional AI analysis groups and prioritises the findings — explained in terms that make sense to both business owners and developers.

**Health Score**

Every scan produces a score from 0–100 for each category and an overall weighted score. Scores are tracked over time so you can see whether changes you make are actually improving site health.

**What it checks:**

= Performance =
* TTFB (Time To First Byte) — measured live by making a request to your homepage
* PHP version and memory limit
* Object cache (Redis/Memcached) detection
* Autoloaded options table size
* Active plugin count
* Overdue WP-Cron jobs

= SEO =
* Pages without SEO meta titles or descriptions (Yoast, Rank Math, AIOSEO aware)
* Images missing alt text
* Thin content pages (configurable word threshold)
* Duplicate page titles
* Homepage title check (flags "Just Another WordPress Site")
* robots.txt and XML sitemap detection
* Published pages set to noindex

= Images =
* Oversized images above your threshold (default 500KB)
* Very large images above 2MB
* WebP format adoption
* Native lazy loading status
* Uploads directory size
* Attachments with missing thumbnail metadata

= Cache =
* Page caching plugin detection (WP Rocket, W3 Total Cache, LiteSpeed, etc.)
* HTTP GZIP/Brotli compression header check
* Cache-Control header validation
* Expired transients accumulation

= Security =
* WP_DEBUG, WP_DEBUG_DISPLAY, SCRIPT_DEBUG enabled in production
* File editing enabled (DISALLOW_FILE_EDIT)
* Username "admin" exists
* SSL/HTTPS check
* XML-RPC accessibility
* readme.html public exposure
* Pending plugin, theme, and WordPress core updates
* Administrator account count

= WooCommerce =
* Products without featured images
* Products with thin descriptions
* Uncategorised products
* Products with 100+ variations
* Cart fragments AJAX awareness
* WooCommerce log file size
* Pending/failed orders accumulation
* Payment gateway count

**AI Recommendations**

After any scan, click *Run AI Analysis* to send the structured telemetry to your chosen AI provider. The AI returns a grouped, prioritised plain-language report with a 5-point action plan — no raw data, no jargon without explanation.

**Auto-Optimize**

Safe, reversible optimizations applied via WordPress hooks (no file modifications):
- Reduce WordPress heartbeat frequency
- Disable XML-RPC
- Remove emoji detection scripts
- Defer oEmbed discovery links

**Scheduled Scans**

Configure daily, weekly, or monthly automatic scans via WP-Cron. Receive email alerts when critical issues are detected.

**Report Export**

Export any scan as an HTML report (formatted for client delivery) or JSON (for integration with other tools or dashboards).

== Installation ==

1. Upload `ulasaslan-site-scanner` to `/wp-content/plugins/`
2. Activate through the **Plugins** menu
3. Go to **Site Scanner → Settings** and enter an API key for at least one AI provider (optional — scans work without AI)
4. Go to **Site Scanner → Dashboard** and click **Run Full Scan**

== Frequently Asked Questions ==

= Does it slow down my site? =
No. The scanner runs only when you click "Run Full Scan" or on a schedule you configure. Nothing runs on every frontend page load.

= Do I need an AI provider key? =
No. All scanning and scoring works without any AI key. The AI key is only required for the natural-language explanation feature.

= What happens to my data? =
All scan results are stored in your site's own database. No scan data is sent to any external service. AI providers only receive structured issue summaries (titles, types, counts) — never database contents, user data, or file contents.

= Is WooCommerce required? =
No. WooCommerce diagnostics are skipped automatically if WooCommerce is not active.

= Which AI providers are supported? =
OpenAI (GPT-4o, GPT-4o-mini), Anthropic Claude (Haiku, Sonnet, Opus), Google Gemini (Flash, Pro). API keys are encrypted at rest with AES-256-CBC.

== Third-Party Services ==

This plugin optionally connects to AI APIs when the admin clicks "Run AI Analysis":

* **OpenAI API** — https://openai.com — [Terms](https://openai.com/policies/terms-of-use) | [Privacy](https://openai.com/policies/privacy-policy)
* **Anthropic Claude API** — https://anthropic.com — [Terms](https://www.anthropic.com/legal/consumer-terms) | [Privacy](https://www.anthropic.com/legal/privacy)
* **Google Gemini API** — https://ai.google.dev — [Terms](https://ai.google.dev/gemini-api/terms) | [Privacy](https://policies.google.com/privacy)

The plugin also makes HTTP requests to your own site (homepage, robots.txt, sitemap.xml, xmlrpc.php, readme.html) as part of the scan. These requests do not leave your server environment.

== Screenshots ==

1. Dashboard — health score cards and top issues
2. Issues list — category tabs with severity badges
3. Auto-Optimize — toggle optimizations without code changes
4. Score History — trend table across 90 days
5. AI Analysis — plain-language recommendations
6. Settings — provider configuration and scan thresholds

== Changelog ==

= 1.0.0 =
* Initial release
* Performance scanner: TTFB, PHP version, memory, object cache, autoload size, plugin count, cron jobs
* SEO scanner: meta titles, descriptions, alt text, thin content, duplicate titles, robots.txt, sitemap, noindex
* Image analyzer: oversized files, WebP adoption, lazy loading, broken attachments
* Cache analyzer: caching plugin detection, GZIP/Brotli, Cache-Control, stale transients
* Security scanner: debug flags, admin username, SSL, XML-RPC, updates, file editing
* WooCommerce scanner: product images, descriptions, variations, cart fragments, pending orders
* Weighted health score with 90-day history tracking
* AI recommendations — OpenAI, Claude, Gemini
* Auto-Optimize: heartbeat, XML-RPC, emoji, oEmbed (hook-based, reversible)
* Scheduled scans with email alerts
* HTML and JSON report export
* AES-256-CBC API key encryption

== Upgrade Notice ==

= 1.0.0 =
Initial release.
