=== Custonis – Security Exposure Scanner ===
Contributors: custonis
Tags: security, scanner, exposed files, backup scanner, debug log, wordpress security
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.7
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Detect publicly exposed backup files, debug logs and sensitive data on your WordPress site.

== Description ==

Custonis detects publicly exposed files that should never be accessible on the internet.

Many WordPress websites unintentionally expose sensitive files such as:

- database backups (.sql, .zip)
- exported user or customer data
- configuration files (.env, wp-config backups)
- debug logs and error logs
- development leftovers

These files are actively targeted by bots and attackers because they may expose:

- database credentials
- API keys
- user data
- internal system information

== Why Custonis? ==

Most security plugins focus on firewalls, malware or login protection.

Custonis focuses on a different but critical attack surface:

👉 Public file exposure

It helps you identify risks that are often overlooked and complements traditional security plugins.

== Features ==

✔ Detect exposed backup files (.zip, .sql, .gz)
✔ Detect debug logs and error logs
✔ Detect configuration backups and sensitive files
✔ Detect exposed Git repositories
✔ Detect directory listing vulnerabilities
✔ Database health checks (large tables, autoload size, transients, revisions)
✔ Severity classification (Critical / Elevated / Low)
✔ Security score calculation
✔ Risk level indicator
✔ Exposure age tracking (when issues first appeared)
✔ Detailed findings dashboard with explanations and fixes
✔ Scan history chart
✔ Fast and lightweight scanning
✔ 100% local scanning (no external API calls)

== How it works ==

1. Install and activate the plugin
2. Open the Custonis dashboard
3. Run a security scan
4. Review detected exposures and fix issues

Custonis performs read-only scans and does not modify your website.

== Screenshots ==

1. Dashboard overview
2. Findings table with severity levels
3. Security score and risk indicator
4. Scan progress with live status
5. Scan history chart

== Installation ==

1. Upload the plugin files to the /wp-content/plugins/custonis directory
2. Activate the plugin through the WordPress plugins screen
3. Open the Custonis dashboard
4. Run your first scan

== Frequently Asked Questions ==

= Does Custonis replace a full security plugin? =

No. Custonis focuses specifically on exposed files and data leaks.
It works best alongside firewall or malware protection plugins.

= Does Custonis modify my website? =

No. Custonis performs read-only scans and does not change any files or settings.

= Does the plugin connect to external services? =

No. All scans are performed locally on your server.
No data is transmitted externally.

= Is Custonis safe for production websites? =

Yes. The scanner is lightweight and designed to run safely on live websites.

== Changelog ==

== 1.1.7 ==
= Fixed =
* Fixed missing "first detected" timestamps for findings
* Fixed finding lifecycle persistence across repeated scans
* Fixed overly aggressive severity classification for transient cache findings

= Improved =
* Improved finding history tracking and exposure timeline accuracy
* Improved database health severity evaluation
* Improved consistency of finding status handling (new / existing)
* More reliable exposure age tracking between scans

= UX =
* Clearer exposure timeline information
* More accurate risk presentation for database-related findings

== 1.1.6 ==
= Fixed =
* Fixed detection regression for publicly exposed debug.log files
* Fixed exposure validation issues on hosting environments returning soft-404 responses
* Fixed multiple false positives for non-existing backup and environment files

= Improved =
* Improved HTTP exposure verification logic
* Improved detection accuracy for publicly accessible files
* Better filtering of invalid HTML fallback responses
* More reliable validation of exposed backup archives and configuration files
* Improved compatibility with modern hosting and caching setups

= Security =
* Improved exposure validation for debug logs and backup files
* Reduced risk of incorrect exposure reporting

= UX =
* Cleaner and more trustworthy scan results
* Reduced false positives and invalid findings

== 1.1.5 ==
= Improved =
* Significantly improved exposure detection accuracy
* Reduced false positives for backup and environment file detection
* Improved validation of publicly accessible files and directories
* Better handling of soft-404 and fallback responses on modern hosting environments
* More reliable exposure verification logic

= Security =
* Improved detection quality for exposed backup archives
* Improved ENV file validation using content-based verification
* Improved filtering of invalid exposure results

= UX =
* Cleaner and more trustworthy scan results
* Reduced noise from invalid findings

== 1.1.4 ==
= Improved =
* Fixed exposure timeline (first detected now tracked correctly)
* Improved consistency of finding history across scans
* Enhanced score accuracy for repeated findings

= Added =
* Score breakdown (critical / elevated issues) directly in dashboard
* More transparent risk evaluation for users

= UX =
* Improved clarity of exposure age and status
* Cleaner and more understandable dashboard feedback

== 1.1.3 ==
* Optimized false positives

== 1.1.2 ==
* Fixed version inconsistency in trunk

== 1.1.1 ==
* Fixed dashboard live stats not updating after scan
* Improved scan result persistence

== 1.1 ==
= Improved =
* Significantly improved scan stability and execution flow
* Optimized background scanning process
* More accurate live scan progress tracking
* Improved performance for large websites
* Enhanced scan result storage and reliability
* Refined dashboard UI and scan experience

= Added =
* Improved filesystem scanning coverage
* Enhanced database analysis
* More precise detection of exposed files and risks
* Better scan step handling and progress visualization

= Internal =
* Codebase cleanup and structural improvements
* Optimized AJAX handling and data flow

== 1.0.1 ==
= Fixed =
* Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines
* Replaced external CDN (Chart.js) with local asset
* Fixed nonce handling (sanitization and validation)
* Improved escaping for all output
* Improved file path handling using WordPress functions

== 1.0.0 ==
= Initial release =
* Exposure scanner
* Severity detection (Critical / Elevated)
* Security score calculation
* Exposure age detection
* Findings dashboard
* Scan history chart