=== Nyambush ===
Contributors: y1uda
Donate link: https://nyambush.app
Tags: security, vulnerability, scanner, attack-surface, monitoring
Requires at least: 4.0
Tested up to: 6.9
Requires PHP: 7.0
Stable tag: 1.0.2
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connect your WordPress site to Nyambush ASM platform for continuous vulnerability monitoring and security assessment.

== Description ==

Nyambush is an Attack Surface Management (ASM) plugin that connects your WordPress site to the [Nyambush platform](https://nyambush.app) for continuous security monitoring.

**Features:**

* **Automatic Environment Scanning** – Collects WordPress version, PHP version, installed plugins, themes, and security configuration
* **Vulnerability Detection** – Cross-references your plugins and themes against known vulnerability databases
* **Dashboard Widget** – View your security status at a glance from the WordPress admin dashboard
* **Scheduled Sync** – Automatically syncs your site data at configurable intervals
* **Encrypted API Key Storage** – Your API key is encrypted at rest using AES-256-GCM
* **Data Minimization** – Only collects configuration data; never collects passwords, database credentials, or post content

**How It Works:**

1. Sign up at [nyambush.app](https://nyambush.app) and add your domain
2. Generate a WordPress verification API key
3. Install this plugin and enter your API key
4. Your site will be automatically monitored for vulnerabilities

**Privacy:**

This plugin sends the following data to nyambush.app:

* WordPress and PHP versions
* List of installed plugins and themes (names, versions, active status)
* Number of users by role
* Debug mode and SSL status
* File permissions for critical files (wp-config.php, .htaccess)

No passwords, database credentials, post content, or personal user data is collected or transmitted.

* [Nyambush Terms of Service](https://nyambush.app/terms)
* [Nyambush Privacy Policy](https://nyambush.app/privacy)

== Installation ==

1. Upload the `nyambush` folder to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to Settings → Nyambush
4. Enter your API key from [nyambush.app](https://nyambush.app)
5. Click "Save Settings" to connect

== Frequently Asked Questions ==

= Where do I get an API key? =

Sign up at [nyambush.app](https://nyambush.app), add your domain, and select "WordPress Plugin" as the verification method. You will receive an API key.

= What data does this plugin collect? =

The plugin collects non-sensitive configuration data: WordPress/PHP versions, installed plugins and themes (names and versions), user role counts, debug mode status, SSL status, and file permissions for critical files. No passwords, database credentials, or post content is ever collected.

= Does this plugin slow down my site? =

No. Data collection only occurs during scheduled sync events (twice daily by default) or when you manually trigger a sync from the admin panel. It does not affect frontend performance.

= Is my API key stored securely? =

Yes. Your API key is encrypted using AES-256-GCM (authenticated encryption) before being stored in the database. The encryption key is derived from your WordPress auth salt.

= What WordPress versions are supported? =

This plugin supports WordPress 4.0 and above.

== Screenshots ==

1. Settings page with connection status and data preview
2. Dashboard widget showing vulnerability status

== Changelog ==

= 1.0.2 =
* Bump minimum PHP version from 5.6 to 7.0

= 1.0.0 =
* Initial release
* WordPress environment data collection
* Nyambush platform integration
* Dashboard vulnerability widget
* Scheduled and manual sync
* AES-256-GCM API key encryption
* Japanese language support

== Upgrade Notice ==

= 1.0.0 =
Initial release of the Nyambush Attack Surface Management plugin.
