=== AegisShield Security ===
Contributors: Chue Moua
Donate link: https://aitechave.com/
Tags: security, firewall, malware, login, hardening, headers, database, monitoring
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 7.4
Stable tag: 4.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

A lightweight but serious WordPress security suite with activity logging, login protection, file integrity monitoring, security headers, malware heuristics, and database tools.

== Description ==

AegisShield Security is an all-in-one security suite for WordPress with a strong focus on clarity, safety, and performance.
It is designed for site owners who want meaningful protection and visibility without bloat, dark patterns, or noisy promos.

AegisShield works entirely inside your WordPress install. It does **not** phone home, inject tracking beacons, or send any data
to third-party services. Any optional emails are sent only from your own site to addresses you control.

**Key modules included:**

* **Activity Log** – Track important security-related events, such as logins, role changes, settings updates, and more.
* **Login Guard** – Brute-force awareness with failure tracking, safer lockouts, and suspicious IP visibility.
* **MFA (Modern Authentication)** – Pluggable MFA foundation with TOTP enrollment, recovery flow scaffolding, and offline/local QR rendering (no external QR dependency).
* **File Integrity** – Monitor core, plugin, and theme files for unexpected changes that might indicate tampering.
* **Hardening** – Apply lightweight hardening rules, such as disabling the theme/plugin editor and tightening entry points.
* **Security Headers** – Send modern HTTP security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and optional HSTS/CSP).
* **Malware Heuristics** – Scan for suspicious or obfuscated PHP code.
* **DB Tools** – Safe database overview plus a guided DB Prefix Manager with backup snapshots, preview (no writes), and an optional apply flow.

All modules are optional and configurable. There are no forced defaults – the admin stays in control.

=== Highlights ===

* Clean, modular architecture that respects WordPress coding standards.
* No nags, no spam, no intrusive upsells – just security tools.
* Designed to run safely on typical shared hosting environments.
* Admin-first UX: the dashboard gives you a quick at-a-glance security overview.

== Features ==

= Activity Log =
* Records key security-related events.
* Helps you review what happened before or during an incident.
* Lightweight and designed not to flood your database unnecessarily.

= Login Guard =
* Watches login attempts and can help surface abusive IPs.
* Pairs well with hosting-level firewalls or external WAFs.
* Does not alter WordPress core authentication logic.

= File Integrity =
* Tracks unexpected changes in important files.
* Lets you review changes before deciding whether they are benign or suspicious.
* Can be run manually and according to your own schedule.

= Hardening =
* Provides a curated set of common WordPress hardening options.
* Avoids aggressive “one click fixes” that might break your site.
* Exposes options clearly so admins can choose what fits their environment.

= Security Headers =
* Sends headers such as:
  * `X-Frame-Options: SAMEORIGIN`
  * `X-Content-Type-Options: nosniff`
  * `Referrer-Policy: strict-origin-when-cross-origin`
  * Optional HSTS and CSP presets.
* All headers can be enabled/disabled explicitly in the admin UI.

= Malware Heuristics =
* Highlights suspicious code patterns.
* Detects obfuscation techniques and potentially dangerous functions.
* Designed as an early-warning analysis tool.

= DB Tools =
* Shows table sizes, engines, and basic growth info.
* Optional weekly optimization.
* Provides a safe DB prefix manager.
* Includes a dashboard widget and CSV export.

== Installation ==

= From within WordPress =

1. Visit **Plugins → Add New**.
2. Search for **“AegisShield Security”**.
3. Click **Install Now**, then **Activate**.

= Manual Installation =

1. Download the plugin ZIP file.
2. Upload the `aegisshield-security` folder to the `/wp-content/plugins/` directory.
3. Activate the plugin through the **Plugins** menu in WordPress.
4. Navigate to **AegisShield → Dashboard** to review the security overview and configure modules as desired.

== Frequently Asked Questions ==

= Does AegisShield send any data to external servers? =

No. AegisShield does not send your site data, user data, or logs to any external service.
Optional email alerts (for example, database growth warnings) are sent from your own server to email addresses you control.

= Does this plugin inject tracking or analytics on my public pages? =

No. The plugin does not add third-party tracking, analytics pixels, or marketing beacons on public pages.
If you ever enable any feature that communicates externally, it will require an explicit admin setting and will be documented in the UI.

= Is this a replacement for server-level security or a WAF? =

No. AegisShield is meant to complement, not replace, host-level firewalls, malware scanners, or WAF services.
It provides visibility (logging, DB statistics, file integrity) and gentle hardening from inside WordPress.

= Does it modify WordPress core files? =

No. The plugin does not modify WordPress core files.
File Integrity or Malware Heuristics may highlight suspicious changes, but do not change your files automatically.

= How does the DB prefix manager work? =

The DB prefix manager is intentionally conservative and focuses on renaming tables with the existing prefix to a new prefix and updating the `$table_prefix` value.
Always take a full database backup before using it and test thoroughly after any prefix change.

== Privacy ==

This plugin:
* Does not collect or transmit personal data to external services.
* Stores logs and configuration inside your own WordPress database only.
* May optionally send administrative emails (for example, growth warnings) to addresses you configure.

Site owners are responsible for updating their own privacy policies to reflect any logging they enable.

== User Consent & External Links ==

AegisShield does not add tracking cookies, analytics pixels, or external ads on public-facing pages.
If future versions introduce optional integrations that communicate with third-party services, those features will:

* Be disabled by default.
* Require explicit opt-in by an administrator.
* Be clearly labeled in the admin UI with a short explanation of what data is sent and why.

== Trademarks ==

“WordPress” and “WP” are trademarks of the WordPress Foundation.
This plugin is not affiliated with or endorsed by the WordPress Foundation or Automattic.



== Changelog ==
----------------------------------------------------

= 6.6 =
* Added purge database logs 

= 6.5 =
* Added Delete Database backups, download and restore

= 6.4 =
* Refine Malware and logs reports 

= 6.3 =
* Clean DB Tools Module, Malware, Security Headers enforcements and log settings 

= 6.3 =
* Clean Hardening Module and FIM and fix notifications and log settings 

= 6.2 =
* Clean Malware Module and fix notifications and log settings

= 6.1 =
* Fix Login Module bugs

= 6.0 =
* Fixing all static scan findings
* Clean up files and directories, removed unused files and directories
* Fix License slugs and endpoint redirection

= 5.7 =
* Malware Scanning autoscan bug
* Without Malware registering and auto scanning for the first time, the database fields are not populated for a successful run.

= 5.5 =
* Added SMTP services to Licensing
* Update licensing slugs and endpoint
* Incorporated SMTP services to all alerts, fallback to wordpress mail services
* Added Alert Recipient Emails
* Added SMTP services to Licensing
* Added Email Delivery Log

= 5.0 =
* Added SMTP services tab
* Stabilize minor bugs

= 4.3 =
* Remove google MFA QA scan

= 4.2 =
* Added offline/local QR generation for MFA enrollment (bundled QR renderer; no external QR services required).
* Added MFA helper shortcodes for registration and login flows.
* Registration shortcode now validates passwords against AegisShield Hardening password policy when available.
* DB Prefix Manager enhancements:
  * Backup snapshot creation (timestamped SQL export) and backup selection in UI.
  * Preview “proves correctness” for table renames plus prefix-bound keys in options/usermeta (no writes).
  * Apply flow updates internal prefix-bound keys (options.option_name + usermeta.meta_key) after table renames, with rollback attempts on failure.

= 3.3 =
* Transitioned from deprecated 2FA approach to a modern MFA framework.
* Introduced MFA foundation supporting pluggable authentication factors.
* Added enrollment UI with backup codes and recovery flow.
* Added MFA enforcement options (admin-only, role-based, or site-wide).
* Updated Login Guard to integrate with MFA challenge flow.
* Improved lockout logic to prevent MFA-related false positives.
* Prepared infrastructure for TOTP, WebAuthn, Security Keys, and Email OTP factors.

= 3.2 =
* Major Login Guard overhaul with new analytic layers.
* Added IP reputation scoring (local heuristic engine).
* Added login anomaly detection (velocity, pattern breaks, password spray).
* PRO features:
  * Login anomaly reporting.
  * High-risk IP auto-flagging.
  * Login heatmap analytics.
* Added new email alert triggers for login anomalies.
* Added updated Login Events UI and new Pro-only tabs.

= 3.1 =
* DB Tools received its largest upgrade yet.
* Added table pagination options: 25, 50, 100 rows.
* Added column sorting (Pro).
* Added DB Health Score (Pro).
* Added orphaned options scanner (Pro).
* Added deep index analysis (Pro).
* Improved DB prefix safety checks and rollback handling.
* Updated DB Tools UI to match new module layout.

= 3.0 =
* Complete Security Headers module rebuild.
* Added header presets:
  * Basic (Free)
  * Hardened (Pro)
  * Custom CSP Builder (Pro)
* Added Profiles & Health (Pro) with visual scoring.
* Added CSP Builder Pro tab with dimming for non-Pro users.
* Improved HSTS logic validation.
* Added malformed header rule detection.
* New tabbed UI for cleaner navigation.

= 2.9 =
* Hardening module fully modularized.
* New Free features:
  * Disable File Editor
  * Disable XML-RPC variations
  * Disable user enumeration
  * REST API exposure controls
* PRO features:
  * Role-based hardening profiles.
  * High-risk endpoint lockdown.
  * Writable directory analyzer.
  * Auto-healing rules and overrides.
* Added Hardening Scan Report (Pro).
* Improved compatibility with page builders.

= 2.8 =
* Complete File Integrity system overhaul.
* Introduced File Change Monitor v2 with structured baselines.
* Added Incremental Scan engine (Pro) with batching and rollover.
* New File Integrity tabs:
  * Baseline Status
  * File Change Monitor
  * Email Alerts (Pro)
  * Compare Changes (future diff)
* Added severity badges and improved metadata capture.
* Fixed PRO access gating issues.
* Improved performance for large sites.

= 2.6.7 =
* Phase 2: Completed Incremental Quick Scan (Pro) UI and wiring.
* Added a “Run Quick Scan Now” button on the Incremental Quick Scan tab plus a summary of the last incremental run.
* Tightened integration between the malware scanner and File Monitor so quick scans only touch new/modified files.
* Improved storage and display of incremental scan metadata (file counts, suspect counts, durations) for the admin.

= 2.6.5 =
* Introduced Incremental Quick Scan (Pro) helper that builds a targeted list from the File Monitor baseline.
* Added a Pro-only Incremental Quick Scan tab skeleton on the Malware Scan admin page.
* Improved performance and safety checks around incremental scan path selection.

= 2.6.3 =
* Added an “Attack Story” (Pro) tab to Malware Scan that shows timeline-style incident views.
* Introduced a Malware Incident helper that correlates malware detections with file monitor events, login guard activity, and admin actions.
* Added an Incident Report admin page for summarizing recent malware incidents.

= 2.5.6 =
* Phase 2: Hooked the alert engine into Activity Log events via AS_Alert_Engine::check_rules().
* All alert rules are now evaluated centrally against logged events (admin creation, settings changes, plugin/theme changes, role/cap changes).

= 2.5.5 =
* Updated File Change Monitor PRO settings to unlock fields when a valid license is active while keeping them locked and upsold in the free version.

= 2.5.3 =
* Updated the File Change Monitor tab to show the new Email Alerts (PRO) options and License & Upgrades upsell row.

= 2.5.2 =
* Added improved PRO Email Alerts UI and upsell behavior on the File Change Monitor tab.

= 1.3.2 =
* New security dashboard overview with a two-column grid of module cards.
* Added a simple security score and DB health summary to the dashboard.

= 1.3.1 =
* Fixed PHP 8.2 parse issues in the dashboard and DB Tools admin pages.
* Improved error messages and safety checks around DB prefix changes.

= 1.3.0 =
* Introduced DB Tools with table overview, weekly optimization, and a DB prefix manager.
* Added basic DB growth monitoring and optional email alerts.
* Added CSV export of table statistics.

= 1.2.x =
* Added Security Headers, Malware Heuristics, and core hardening controls.
* Extended Activity Log and Login Guard modules.
* General stability and compatibility improvements.

----------------------------------------------------

== Upgrade Notice ==

= 4.2 =
Recommended upgrade: Offline/local QR for MFA enrollment, MFA registration/login helper shortcodes, and a safer DB Prefix Manager lifecycle (backup + preview + apply + prefix-bound key updates).

= 3.3 =
Major authentication update introducing MFA foundation with enrollment, recovery, enforcement rules, and updated Login Guard integration.

= 3.2 =
Recommended upgrade: New login analytics, anomaly detection, IP heuristics, and expanded Pro protections.

= 3.1 =
DB Tools overhaul: pagination, DB health scoring, indexing analysis, and expanded Pro database insights.

= 3.0 =
Security Headers overhaul with new profiles, CSP Builder Pro, and improved diagnostics.

= 2.9 =
Hardening engine upgraded with role-based profiles, writable directory analysis, and new Pro automation.

= 2.8 =
File Integrity rebuilt with incremental scanning, new baseline engine, and improved metadata handling.

= 2.6.7 =