=== WebCommander Store ===
Contributors: webcommander, integrationwc
Tags: woocommerce, migration, api, connection key, store setup
Requires at least: 5.6
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Securely connect your WooCommerce store to WebCommander with a single encrypted copy-paste key — no technical knowledge required.

== Description ==

**WebCommander Store** makes it easy to connect your WooCommerce store to WebCommander so you can migrate it across. With one click the plugin generates the API credentials WebCommander needs, bundles them into a single encrypted connection key, and shows you that key to copy and paste — no manual REST API setup, no juggling keys and secrets.

Everything happens on your own server. The plugin does not send any data anywhere — you copy the generated key yourself and paste it into WebCommander.

= What it does =

* Generates a read-only WooCommerce REST API key for you automatically — no manual setup.
* Generates a WordPress Application Password for authenticated access.
* Bundles both into a single key, encrypted with AES-256, that you paste into WebCommander.
* Shows a clear requirements check so you know your store is ready before you start.
* Lets you revoke the generated credentials in one click once your migration is complete.
* Removes all generated credentials and stored data when you revoke or uninstall.

= How it works =

1. Install and activate the plugin (WooCommerce must be active).
2. Go to **WooCommerce → Store Setup**.
3. Review the requirements check, then click **Generate Connection Key**.
4. Copy the key and paste it into WebCommander, along with the Site Encryption Key shown on the page.
5. When your migration is finished, click **Revoke Access** to remove the generated credentials from your site.

The connection key is valid for 24 hours and can be regenerated at any time.

= Privacy and data =

This plugin does **not** collect personal data and does **not** transmit anything to external services. All credential generation and encryption happens locally on your WordPress server. The resulting connection key is a self-contained encrypted string that you manually copy into WebCommander — no data leaves your site automatically.

The plugin stores the following locally in your WordPress database:

* A read-only WooCommerce REST API key (in the `{prefix}woocommerce_api_keys` table) — deleted on revoke or uninstall.
* A WordPress Application Password (via the WordPress core API) — deleted on revoke or uninstall.
* A site-specific AES-256 encryption key in `wp_options` (`wcmc_site_key`) — deleted on uninstall.
* A short-lived transient (`wcmc_credentials`) holding the IDs needed for revocation — expires after 24 hours and is deleted on revoke or uninstall.

== Installation ==

= From the WordPress Plugin Directory (recommended) =

1. In your WordPress admin, go to **Plugins → Add New Plugin**.
2. Search for **WebCommander Store**.
3. Click **Install Now**, then **Activate**.
4. Go to **WooCommerce → Store Setup** to generate your connection key.

= Manual installation =

1. Upload the `webcommander-store` folder to `/wp-content/plugins/`.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Ensure WooCommerce is installed and active.
4. Go to **WooCommerce → Store Setup** to generate your connection key.

= Requirements =

* WordPress 5.6 or higher (required for Application Passwords)
* WooCommerce, installed and active
* PHP 7.4 or higher
* A WebCommander account to paste the key into

== Frequently Asked Questions ==

= Does the plugin send my credentials to an external server? =

No. The connection key is generated entirely on your own server using local encryption. No credentials are transmitted anywhere — you copy the key and paste it into WebCommander yourself.

= How is the connection key secured? =

The credentials are bundled and encrypted with AES-256 using a 32-character key that is unique to your site and generated on first use. The encryption key is stored in your WordPress options table and is never transmitted externally.

= What does the plugin create on my site? =

A read-only WooCommerce REST API key and a WordPress Application Password, both named "WebCommander Store". The API key is read-only, so the plugin never modifies your store data.

= What happens when I click "Revoke Access"? =

The plugin deletes the WooCommerce REST API key and the WordPress Application Password it created. The connection key immediately stops working.

= What data is removed when I uninstall the plugin? =

The generated API key, the Application Password, and the site encryption key stored in `wp_options`. No other site data is touched.

= Where do I find the Site Encryption Key? =

It is shown at the bottom of the **WooCommerce → Store Setup** page. You enter it in WebCommander under Site Settings → Encryption Key so it can decode your connection key.

== Screenshots ==

1. The Store Setup page — the requirements check and the Generate Connection Key button.
2. A generated connection key, ready to copy and paste into WebCommander.

== Changelog ==

= 1.0.0 =
* Initial release — one-click generation of an encrypted WooCommerce connection key for WebCommander, with a requirements check, one-click revoke, and full cleanup on uninstall.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
