=== Lockspire – Limit Login And Smart Access Protection ===
Contributors: ghimireanil
Tags: security, login, protection, brute force, authentication
Requires at least: 5.0
Tested up to: 6.9
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Professional, lightweight WordPress security plugin with login protection, admin URL hiding, firewall, and more.

== Description ==

Lockspire – Limit Login And Smart Access Protection helps protect your WordPress site by limiting login attempts and blocking suspicious users. It makes your website safer and prevents unauthorized access easily.


**Core Features (Free):**
* ✅ **Login Attempt Limiting** - Configurable maximum attempts and lockout time
* ✅ **Admin URL Hiding** - Hide wp-admin with custom secret key
* ✅ **XML-RPC Protection** - Complete XML-RPC disabling
* ✅ **Basic Firewall** - Block bad bots and common exploit attempts
* ✅ **Email Notifications** - Get alerts when admin users log in
* ✅ **Activity Logging** - Simple admin activity log (last 10 events)

**Pro Features (Coming Soon):**
* 🔍 Malware Scanner
* 🚫 IP Address Blocking
* 🌍 Country Blocking

== Why Choose Lockspire? ==

* **Lightweight** - No database tables, minimal resource usage
* **Beginner Friendly** - Simple toggle switches and clear explanations
* **Install & Forget** - Set it up once and let it protect your site
* **Performance Optimized** - No slow queries or heavy processing
* **WordPress Standards** - Follows WordPress coding standards and best practices

== Installation ==

1. Upload the plugin files to the `/wp-content/plugins/lockspire-security` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the 'Plugins' screen in WordPress
3. Navigate to **Settings → Lockspire Security** to configure your security settings

== Configuration ==

**Basic Setup:**
1. Go to Settings → Lockspire Security
2. Enable the features you need using the toggle switches
3. Configure your preferred settings:
   - Set max login attempts (default: 5)
   - Set lockout time in minutes (default: 15)
   - Set custom admin secret key if hiding wp-admin

**Admin URL Hiding:**
When enabled, access your admin dashboard at:
`/wp-admin/?your-secret-key=1`

Replace `your-secret-key` with your custom secret key.

== Frequently Asked Questions ==

= Will this plugin slow down my website? =

No! Lockspire is designed to be extremely lightweight with minimal impact on site performance.

= Do I need technical knowledge to use this plugin? =

Not at all! Lockspire is designed for beginners with simple toggle switches and clear explanations for each feature.

= Does this plugin create database tables? =

No, Lockspire uses the WordPress Options API and doesn't create any additional database tables.

= Can I use this alongside other security plugins? =

Yes, Lockspire is designed to work well with other plugins, but for optimal performance, we recommend using it as your primary security solution.

= What happens if I forget my admin secret key? =

You can still access wp-admin by disabling the "Hide wp-admin URL" feature via FTP or file manager in the plugin file.

== Screenshots ==

1. Clean settings page with toggle switches
2. Activity log showing recent login events
3. Pro features placeholder section

== Changelog ==

= 1.1.0 =
* Complete UI/UX overhaul with modern dashboard
* Added One-Click Secure Mode
* Restructured code for better performance and maintainability
* Added detailed activity log and security score
* Improved firewall and login protection logic

= 1.0.0 =
* Initial release
* Core security features implemented
* Lightweight, beginner-friendly interface
* Performance optimized implementation

== Upgrade Notice ==

= 1.0.0 =
Initial release of Lockspire Security Plugin.

== Additional Information ==

**Plugin Website:** https://lockspire.com

**Support:** For support and feature requests, please visit our website or contact us through the WordPress support forums.

**Privacy Policy:** Lockspire Security does not collect or transmit any personal data. All data is stored locally on your WordPress installation.

== Developer Information ==

This plugin follows WordPress coding standards and best practices:
* Proper escaping of all output
* Input validation and nonce verification
* No database queries or heavy processing
* Uses WordPress Options API for settings storage
* Compatible with multisite installations

**Hooks and Filters:**
The plugin provides several hooks for developers to extend functionality:
* `lockspire_before_firewall_check` - Runs before firewall checks
* `lockspire_after_login_attempt` - Runs after failed login attempt
* `lockspire_admin_notification_subject` - Filter admin notification email subject
* `lockspire_admin_notification_message` - Filter admin notification email message
