=== Safe Sites ===
Contributors: hidayatsafewp
Tags: security, malware, site-protection, wp-security, security-scanner, 2fa, hardening
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.0
Stable tag: 1.0.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Safe Sites is a WordPress security plugin offering real-time monitoring, file permission control, malware scanning, and plugin & theme security.

== Description ==

Safe Sites provides advanced security features to help keep your WordPress website safe from threats. With real-time monitoring, detailed security insights, and easy-to-use permission management, you can ensure your site is always protected.

= Key Features =

* **Two-Factor Authentication (2FA)** – Secure your login with TOTP-based 2FA.
* **Smart File Permission Control** – Easily manage file permissions based on your server type (Windows/Linux).
* **Visual File Permissions Map** – See a color-coded structure of your site's file security.
* **Malware Scanner** – Analyze your domain, URLs, and HTML security headers for vulnerabilities via VirusTotal.
* **Security Dashboard** – View a complete overview of your site’s security health.
* **Plugin & Theme Security** – Detect vulnerabilities in plugins and themes and receive alerts.
* **Login & User Security** – Monitor login attempts and manage user sessions.
* **Site Hardening** – Apply recommended security tweaks to your WordPress installation.
* **Code Signing** – Verify the integrity of your plugin files.

== Detailed Features ==

**General Security & Server Health:**

* **SSL Status** – Check if SSL is active for secure connections.
* **Site Health & Server Info** – Displays PHP version, database version, and server details.
* **Panic Mode** – Quickly lock down your site in case of an emergency.

**Access & User Security:**

* **Two-Factor Authentication (2FA):**
  * **TOTP Support** – Use Google Authenticator, Authy, or any TOTP app.
  * **Configurable for All Roles** – Require 2FA for specific user roles.
  * **Backup Codes** – Generate backup codes for emergency access.
* **Login Monitoring** – Track failed login attempts and monitor user activity.

**Security Monitoring & Protection:**

* **File Permissions Management:**
  * **Windows Servers** – Show file read/write permissions.
  * **Linux Servers** – Display numeric file permissions along with current and recommended settings.
  * **Fix Permissions** – Select files and fix incorrect permissions directly.
* **Visual File Permission Map** – Interactive file structure with security indicators.
* **Hardening** – One-click security hardening for common WP vulnerabilities.
* **Code Signing** – Ensure plugin files haven't been tampered with.

**Malware & Security Scanner:**

* **Domain & URL Analysis** – Scan domain and URLs for malware using VirusTotal API.
* **Security Header & DNS Scan** – Check security headers and DNS settings.
* **Alert System** – Receive alerts for detected threats.

**WordPress Management & Security:**

* **Plugin & Theme Security:**
  * **Vulnerability Scanner** – Check for known security flaws.
  * **Inactive Plugin Alerts** – Warns about inactive components that pose risks.
* **Security Dashboard** – A centralized panel for all security settings.

== Installation ==

1. Download the plugin from WordPress.org.
2. Upload the `safe-sites` folder to the `/wp-content/plugins/` directory.
3. Activate the plugin via the WordPress ‘Plugins’ menu.
4. Navigate to the "Safe Sites" menu in your WordPress dashboard.
5. Configure your security settings and start monitoring.

== Frequently Asked Questions ==

= Is Safe Sites compatible with my hosting environment? =
Yes! Safe Sites works with all major hosting providers and is compatible with Apache, Nginx, and LiteSpeed servers. It requires WordPress 6.0+ and PHP 8.0+.

= Does Safe Sites affect site performance? =
No, Safe Sites is optimized for performance. It uses intelligent caching and efficient scans to minimize server load.

= How often should I run malware scans? =
We recommend weekly scans, but Safe Sites continuously monitors your site for threats. You can also schedule or manually run scans anytime.

== External Services Used ==

Safe Sites relies on the following third-party services for security analysis and malware detection. Below is a detailed breakdown of what each service does, what data is sent, and where you can review their policies:

### **1. VirusTotal API**  
**Purpose:** Used to scan domain, URLs, and file hashes for malware detection and security threats.  

**What data is sent & when?**  
- When a user initiates a manual malware or URL scan, the plugin sends the target URL or domain to VirusTotal for analysis.  
- No user private data is sent—only the target URLs/domains or hash values of files are transmitted.  

**Terms of Service & Privacy Policy:**  
- [VirusTotal Terms of Service](https://www.virustotal.com/terms-of-service)  
- [VirusTotal Privacy Policy](https://www.virustotal.com/privacy-policy)  

== Changelog ==

= 1.0.1 =
* Added Two-Factor Authentication (2FA) support
* Added site hardening and code signing
* Improved VirusTotal malware scanning integration
* Fixed minor security vulnerabilities

= 1.0.0 =
* Initial release
* Implemented core security monitoring features
* Added real-time threat detection
* Integrated malware scanning capabilities
* User activity monitoring
* Plugin and theme vulnerability scanning

== Upgrade Notice ==

= 1.0.1 =
Version 1.0.1 introduces Two-Factor Authentication (2FA), site hardening, and code signing to further secure your WordPress site.

= 1.0.0 =
The initial release of Safe Sites includes comprehensive security features to protect your WordPress website.

== Screenshots ==

1. Dashboard Overview – Complete security status summary
2. 2FA Configuration – Secure your account with TOTP
3. Malware Scanner – URL and Domain security analysis
4. File Permissions – Monitor and fix file permissions
5. Code Signing – Verify the integrity of your plugin files