=== AegisWAF ===
Lightweight, rule-driven Web Application Firewall for WordPress.
Contributors: aegisify
Tags: security, firewall, waf, bot protection, hardening
Requires at least: 6.8
Tested up to: 6.9
Requires PHP: 8.2
Stable tag: 1.8.17
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

== Description ==

AegisWAF is a rule-based WordPress WAF that filters incoming HTTP requests to protect sites from bots, exploits, and malicious traffic.

== Key Features ==

* Request inspection before WordPress execution
* Rule-based filtering engine
* Protection against common attack patterns (SQLi, XSS, path traversal, malformed requests)
* Bot and abusive traffic detection
* Geo / ASN-based filtering support
* IP allow and deny lists
* Behavioral and request-timeline logging
* Lightweight logging system for diagnostics
* Admin-friendly dashboards and reports
* Optional free-installation registration for update and service notifications

== How It Works ==

AegisWAF evaluates incoming requests early in the WordPress lifecycle. Requests are compared against defined rule sets and heuristics. If a request violates a rule, it can be logged, challenged, or blocked before WordPress processes it.

This approach helps reduce attack surface, improve performance under abusive traffic, and provide visibility into suspicious behavior.

== Privacy & Data Handling ==

AegisWAF does not collect or transmit personal data by default.

Optional free-installation registration is provided to enable update checks and license-related services. Registration is explicit, opt-in, and requires administrator consent. Only minimal site metadata (site URL, domain, plugin version, and admin email) is transmitted.

No tracking or data collection occurs without user consent.

== Installation ==

1. Upload the `aegiswaf` folder to the `/wp-content/plugins/` directory, or install via the WordPress Plugins screen.
2. Activate AegisWAF through the Plugins menu.
3. Navigate to AegisWAF in the WordPress Admin menu to configure settings.

== Configuration ==

AegisWAF provides a structured admin interface with the following areas:

* Dashboard – Overview of recent activity and protection status
* Firewall – Rule inspection and request handling behavior
* Allow / Deny – IP and network-based controls
* Logs – Visibility into blocked or challenged requests
* Settings – Global behavior and performance options
* License – Optional license activation and free-installation registration

== Frequently Asked Questions ==

= Does AegisWAF block traffic before WordPress loads? =
Yes. AegisWAF evaluates requests early in the execution lifecycle to prevent malicious requests from reaching WordPress templates.

= Is AegisWAF fully functional without a paid license? =
Yes. The free version provides core firewall and request inspection functionality.

= Does AegisWAF require consent or registration? =
No. Registration is optional and requires explicit administrator consent.

= Where are logs stored? =
AegisWAF stores diagnostic logs locally within the WordPress environment. No logs are transmitted externally.

== Screenshots ==

1. Firewall dashboard overview
2. Request and activity logs
3. Allow and deny rules management
4. License and registration page

== Changelog ==
= 1.8.16 =
* Maintenance release: stability improvements, admin UX updates, and security-hardening updates.

= 1.8.13 =

* Improved license and free-installation registration logic
* Added persistent consent handling for registration
* Improved logging for CLM and registration failures
* Hardened request validation and rule evaluation
* Improved admin stability and error handling
* Updated documentation and marketplace readiness

= 1.8.12 =

* Expanded WAF rule coverage
* Improved request inspection performance
* UI refinements and internal cleanups

== Upgrade Notice ==

= 1.8.13 =
This release improves registration reliability, logging visibility, and overall stability. Update recommended.

== Support ==

Documentation and support resources are available at:
[https://aegisify.com](https://aegisify.com)

