=== LinkRail Redirects, 404 & Security ===
Contributors: devshujon
Tags: redirect, redirection, 301, 404, security, wp-login, seo
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 8.0
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

All-in-one redirect manager, broken-link repair and admin URL security for WordPress. 301/302/307/308/410, regex, hidden /wp-login, IP whitelist, emergency recovery.

== Description ==

**LinkRail Redirects, 404 & Security** is a fast, lightweight all-in-one URL redirect, broken-link repair and admin-URL security plugin for WordPress. Built for sites that need real redirect power, real login hardening, and real 404 recovery — without the bloat.

= Why LinkRail? =

Most redirect plugins do one thing. LinkRail bundles three things every serious WordPress site actually needs:

1. **Redirect Manager** — 301, 302, 307, 308, and 410 Gone redirects with exact, prefix, regex, and wildcard matching.
2. **Admin URL Security** — hide your `/wp-login.php` behind a custom slug, IP-whitelist `/wp-admin`, and recover with a one-time emergency URL if you ever lock yourself out.
3. **SEO 404 Broken Link Fixer** — auto-detects 404s across your site and suggests or one-click creates redirects to recover lost traffic.

All features are **100% free**. No license keys, no upsells, no feature gating.

= Core Features =

* Unlimited redirects (301, 302, 307, 308, 410 Gone)
* Match types: exact, prefix, regex (with capture groups), wildcard
* Hide wp-login behind a custom slug with IP whitelist and emergency recovery URL
* Automatic 404 broken link detection and smart redirect suggestions
* Full visit logs per redirect with hit counters
* CSV import/export for redirects
* JSON import/export for plugin settings (each module saved independently)
* Clean, native-feeling admin UI
* Translation-ready (text domain: `linkrail`)
* No external services — everything runs locally

= Built for Performance =

* Cached lookups via WordPress object cache
* Indexed database tables for sub-millisecond matching
* Runs on `template_redirect` — no interference with other plugins
* Zero frontend JS, zero frontend CSS

= Privacy =

LinkRail stores redirect rules, visit hit counts, and 404 log entries in your own WordPress database. Nothing is sent to external servers. Bot user-agents are ignored by default to keep logs clean.

== Installation ==

1. Upload the plugin files to `/wp-content/plugins/linkrail/`, or install through the WordPress Plugins screen.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Go to the **LinkRail** menu in your admin sidebar to create your first redirect.

== Frequently Asked Questions ==

= Does this replace the Redirection plugin? =

LinkRail is an independent plugin — it is **not affiliated with or endorsed by** the Redirection plugin or any other existing redirect plugin. It is a separate, standalone tool built from scratch.

= Will hiding wp-login lock me out? =

No. LinkRail provides an emergency recovery URL and IP whitelist so you always have a way back in. The custom slug is also saved in plain text in your database so it can be recovered via phpMyAdmin if needed.

= Does saving General Settings wipe my Security slug? =

No — that bug existed in 1.0.0 and is fixed in 1.1.0. Each settings module now saves in isolation; saving on one page can never overwrite another module.

= Does it slow down my site? =

No. Redirects are cached, lookups are indexed, and the plugin only hooks into `template_redirect`. On modern hosting the overhead is measurable in microseconds.

= Can I import redirects from another plugin? =

Yes, via CSV import. Export from your current plugin as CSV and import into LinkRail.

= Is regex really supported? =

Yes. Full PCRE regex with capture group support in the target URL.

== Screenshots ==

1. Redirect manager with list, filters, and bulk actions.
2. Admin URL security settings with custom slug and IP whitelist.
3. 404 broken link detector with one-click fix suggestions.
4. Visit logs and redirect stats.

== Changelog ==

= 1.1.0 =
* **Renamed**: Plugin is now **LinkRail Redirects, 404 & Security** (slug, text domain, and database keys are unchanged so updates from 1.0.0 are seamless).
* **FIXED (critical)**: Saving on the General Settings page no longer wipes the Custom Login Slug, IP Whitelist, or Security-enabled flag. Each settings form now has its own nonce action and a `linkrail_module` identifier; the save router writes only the option set belonging to the submitting module.
* **FIXED**: `Linkrail_Security::save_settings()` no longer clobbers fields absent from the payload — missing keys are treated as "no change", not "set to empty".
* **FIXED**: `Linkrail_Security::save_settings()` no longer regenerates the recovery token on every save (only generates one if missing) — your bookmarked recovery URL stays valid.
* **NEW**: JSON import/export for all plugin settings on the Import/Export page. Each module is imported independently — partial files cannot overwrite untouched modules.
* **NEW**: One-shot migrator (`Linkrail_Migrator`) safely upgrades any legacy `linkrail_settings` blob to the per-option layout without losing data. Old blob is archived as `linkrail_settings__migrated_backup` for one release cycle.
* **NEW**: Defaults are seeded on activation/upgrade so every option always has a known value.
* **NEW**: Custom login slug now also blocks the reserved words `wp-content` and `wp-includes` in addition to the existing list.
* **CHANGED**: `Requires PHP` bumped to 8.0 to honestly reflect language features already used in 1.0.0 (`match`, `str_contains`, union return types, `never`). PHP 7.4 reached end of life in November 2022.
* **CHANGED**: Saving on the Security page now redirects back to the Security page (was: redirected to Settings page).
* **CHANGED**: Removed the unused `linkrail_settings_save` hidden field.
* **CHANGED**: `linkrail_db_version` is now only written after both `install()` and `Linkrail_Migrator::run()` complete, so a partially-upgraded site cannot lock itself out of re-running the migrator.
* **CHANGED**: Internal — replaced PHP 8.1 `never` return type with `void` for slightly broader runtime compatibility.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.1.0 =
Critical fix: General Settings save no longer wipes Security slug. Rebranded to "LinkRail Redirects, 404 & Security". Auto-migrates 1.0.0 installs — no data loss.

= 1.0.0 =
Initial release.
