=== Zombie Detector ===
Contributors: sahilwebsitedeveloper
Tags: security, plugins, cleanup, performance, audit
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Find every zombie installed on your site — inactive, abandoned, or outdated plugins — and clean up in one click.

== Description ==

The single biggest driver of hacked and slow WordPress sites isn't one bad plugin — it's dozens
of plugins nobody remembers installing. Zombie Detector scans every plugin on your site
and gives it a Risk Score based on:

* Whether it's active or has been sitting inactive for weeks/months
* How long it's been since the plugin was last updated on WordPress.org
* Whether it's compatible with the WordPress version you're currently running
* Whether it runs code on every front-end page load (bigger attack surface) or admin-only
* Whether it's even findable on WordPress.org at all (custom/premium plugins need manual review)

You get one dashboard: sorted by risk, with plain-English reasons for every score, and a
one-click "Deactivate" action (bulk or individual). Nothing is ever deleted automatically —
file deletion always happens from the standard Plugins page, on purpose.

= Features =

* Risk score (0-100) for every installed plugin
* Plain-English explanation of why each plugin is risky
* Tracks how long a plugin has been inactive
* Checks WordPress.org for staleness and core-version compatibility
* Dashboard widget with a quick high/medium risk count
* Bulk deactivate straight from the report
* No data leaves your site except plugin slugs sent to the public WordPress.org API (to check update dates)

== Installation ==

1. Upload the `zombie-detector` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to Plugins → Zombie Plugins to see your report

== Frequently Asked Questions ==

= Does this delete plugins? =

No. It only deactivates. Deleting files is left to the standard Plugins page, where WordPress
handles filesystem permissions safely.

= Will this slow my site down? =

No. All scanning happens only when you view the admin report page, and WordPress.org data is
cached for 12 hours.

= What about premium/custom plugins not on WordPress.org? =

They're flagged as "Not found on WordPress.org" with a small risk bump, since Zombie Detector
can't verify their update status automatically — you'll want to check those manually
with the plugin author.

== Changelog ==

= 1.0.0 =
* Initial release.
