=== PhoenixForge Security Monitor ===
Contributors: ryanpurvisphoenixforge
Tags: security, login monitoring, malware scan, firewall, ip blocking
Requires at least: 6.2
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 2.0.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Login monitoring, file change detection, malware scanning, and IP blocking without the bloat.

== Description ==

PhoenixForge Security Monitor provides essential WordPress security without the bloat. Login attempt monitoring, file integrity checking, malware scanning, and IP blocking — focused on what matters, without slowing your site down.

**The problem:** Most WordPress security plugins are enormous. They add dozens of features you don't need, rewrite your .htaccess, inject JavaScript on every page, and slow your site to a crawl. Many require a PhD in cybersecurity to configure.

**The solution:** PhoenixForge Security Monitor focuses on the security checks that actually prevent breaches. Lightweight login monitoring catches brute force attacks. File change detection spots unauthorised modifications. Malware scanning finds infections. IP blocking stops known bad actors. That is it — no bloat.

= Free Features =

* Login attempt monitoring with brute force detection
* File integrity checking against WordPress core checksums
* Lightweight malware scanning for known signatures
* IP blocking with manual and automatic rules
* Security event log with timeline view
* Email alerts for critical security events

= Pro Features =

* Real-time file change monitoring
* Advanced malware scanning with heuristic detection
* Web application firewall (WAF) rules
* Two-factor authentication integration
* Country-based IP blocking
* Priority support

= Part of the PhoenixForge Suite =

PhoenixForge Security Monitor integrates with PhoenixForge Auditor for comprehensive security auditing, PhoenixForge Compliance Checker for regulatory security requirements, and PhoenixForge Maintenance Reports for security activity reporting to clients.

== Installation ==

1. Upload the plugin files to `/wp-content/plugins/wp-security-monitor/`
2. Activate the plugin through the 'Plugins' screen in WordPress
3. Navigate to Security Monitor in the admin menu
4. Configure alert thresholds and email notification settings
5. The plugin begins monitoring immediately after activation

== Frequently Asked Questions ==

= Will this slow down my site? =
No. PhoenixForge Security Monitor is designed to be lightweight. Login monitoring is event-based, and scans run in the background during low-traffic periods.

= Does it conflict with other security plugins? =
PhoenixForge Security Monitor is focused and modular. It can run alongside other security plugins, though features may overlap. We recommend disabling overlapping features in one or the other.

= What happens when a brute force attack is detected? =
The offending IP is automatically blocked after a configurable number of failed attempts, and you receive an email alert.

= Is there a Pro version? =
Yes, Pro adds real-time monitoring, WAF rules, two-factor authentication, and country blocking. Visit phoenixforge.io for details.

= Does it protect against zero-day exploits? =
File integrity checking and malware scanning catch known threats. Pro's WAF rules provide broader protection. No security tool can guarantee protection against all zero-day exploits.

== Screenshots ==

1. Security dashboard showing login monitoring, file integrity, and malware scan status
2. Login attempt log with brute force detection alerts and blocked IP addresses
3. File integrity check results comparing core files against WordPress checksums
4. IP blocking management with manual and automatic block rules
5. Security event timeline with critical alerts and notification history

== Third-Party Services ==

This plugin connects to external services under certain conditions:

= PhoenixForge License Server =
When you activate a Pro license key, the plugin validates it with the PhoenixForge license server.
* Service URL: https://phoenixforge-licenses.phoenixforge.workers.dev
* Privacy Policy: https://phoenixforge.io/privacy
* Terms of Service: https://phoenixforge.io/terms
* Data sent: License key, site URL
* When: On license activation, deactivation, and daily revalidation

= PhoenixForge Update Server =
The plugin checks for new versions from the PhoenixForge update server. This is disabled in WordPress.org distributed builds.
* Service URL: https://phoenixforge-updates.phoenixforge.workers.dev
* Privacy Policy: https://phoenixforge.io/privacy
* Terms of Service: https://phoenixforge.io/terms
* Data sent: Plugin slug and current version
* When: During WordPress update checks (approximately every 12 hours)

= Outbound Webhooks (Pro Feature) =
Pro users can optionally configure webhook URLs to send event data to services like Zapier, Make, or n8n.
* Only active when explicitly configured by the site administrator
* Data sent: Event type, site URL, and event-specific data
* Destination URL is entirely user-controlled

== Changelog ==

= 2.0.0 =
* Initial public release
* Login attempt monitoring
* File integrity checking
* Malware scanning
* IP blocking
* Security event log

== Upgrade Notice ==

= 2.0.0 =
Initial release.
