=== SecuSeek ===
Contributors: secuseek
Tags: security, scan, findings, vulnerability
Requires at least: 5.0
Tested up to: 6.8
Stable tag: 1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

View and manage security scan results from SecuSeek in your WordPress dashboard.

== Description ==

**SecuSeek** brings comprehensive security scanning and vulnerability management directly into your WordPress admin dashboard. Monitor, analyze, and manage security findings from multiple scans in a centralized, user-friendly interface.

= 🔍 Comprehensive Security Scanning =

SecuSeek performs extensive security scans and aggregates all findings in one place. View vulnerabilities across your entire web infrastructure with detailed information about each security issue.

= ✨ Key Features =

* **Real-time Findings Dashboard** - Monitor all security vulnerabilities with live updates
* **Multi-Severity Classification** - Findings categorized by Critical, High, Medium, and Low severity levels
* **Advanced Filtering System** - Filter by category, severity, confidence level, status, domain, and custom groups
* **Detailed Vulnerability Information** - Complete details including CVE/CWE identifiers, confidence scores, and evidence
* **Actionable Remediation Steps** - Get specific guidance on how to fix each vulnerability
* **Reference Links** - Direct links to official security advisories and documentation
* **Export Capabilities** - Export findings for reports and documentation

= 📊 What You Get With Each Finding =

* **Overview** - Clear explanation of the vulnerability
* **Detailed Information** - CVE/CWE codes, confidence level, category, affected assets
* **Detection Details** - When and where the vulnerability was detected
* **Recommended Actions** - Immediate steps to take
* **Remediation Steps** - Detailed instructions to fix the issue
* **External References** - Links to security advisories and technical documentation

= 🎯 How It Works =

1. Install and activate the SecuSeek plugin
2. Enter your SecuSeek API key from your account
3. SecuSeek automatically performs security scans on your configured domains
4. View all findings organized by severity in your WordPress dashboard
5. Filter and analyze vulnerabilities
6. Follow remediation steps to fix security issues
7. Export reports for documentation or compliance purposes

= 🛡️ Who Should Use This? =

* **Website Administrators** - Monitor security across all your WordPress sites
* **Security Professionals** - Conduct regular security audits and vulnerability assessments
* **Development Teams** - Track and fix security issues during development
* **Business Owners** - Stay informed about your website's security status
* **Anyone using SecuSeek** - Seamlessly integrate scan results into WordPress admin

= 🔗 Privacy & External Services =

This plugin connects to SecuSeek's external API to fetch and display security scan results. For complete transparency:

* **Service**: SecuSeek API (https://api.secuseek.com)
* **Data Sent**: Your API key, site URL, and scan configuration
* **Data Received**: Security findings, vulnerability details, and scan status
* **When**: On schedule or manual refresh

Please review our [Terms of Service](https://secuseek.com/terms-and-conditions/) and [Privacy Policy](https://secuseek.com/privacy-policy/) for complete information.

= 💻 Modern Technology Stack =

Built with modern web technologies for a fast, responsive experience:
* Alpine.js for reactive UI components
* Font Awesome for clean iconography
* WordPress HTTP API for secure external requests
* WordPress Cron for scheduled scans

All source code is human-readable and available in the plugin directory.

== External services ==
This plugin connects to SecuSeek's external API to create scheduled scans, fetch scan status and results, validate API keys, and clean up schedules during uninstall.

- **Service**: SecuSeek API (Base URL: `https://api.secuseek.com`)
- **What it’s used for**:
  - Start a scan and create a schedule: `POST /api/v1/external/schedule-scan`
  - Get schedule info: `GET /api/v1/external/schedule-scan/{UserJobScheduleId}`
  - Get scan issues: `GET /api/v1/external/issues/{ScheduleId}`
  - Validate API key: `GET /api/v1/external/validate`
  - Remove schedule on uninstall: `DELETE /api/v1/external/schedule-scan/{UserJobScheduleId}`
- **What data is sent and when**:
  - When starting a scan: site URL (domain only) and scan frequency in request body.
  - On authenticated API calls: your API key in the `x-api-key` header.
  - When polling status and fetching results: the schedule/scan identifier in the request path.
  - During uninstall cleanup: the schedule identifier; WordPress may include a standard `User-Agent` header (e.g., `WordPress/{version}; {site_url}`).
- **Terms and Privacy**:
  - Terms of Service: `https://secuseek.com/terms-and-conditions/`
  - Privacy Policy: `https://secuseek.com/privacy-policy/`

== Used technologies ==
- Alpine.js 3.13.10 — Docs: `https://alpinejs.dev` — Source: `https://github.com/alpinejs/alpine` — Minified CDN: `https://cdn.jsdelivr.net/npm/alpinejs@3.13.10/dist/cdn.min.js`
- Font Awesome Free 6.5.0 — Site: `https://fontawesome.com` — Source: `https://github.com/FortAwesome/Font-Awesome` — CSS CDN: `https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.5.0/css/fontawesome.min.css`
- WordPress HTTP API (remote requests) — Docs: `https://developer.wordpress.org/plugins/http-api/`
- WordPress Cron API (scheduling) — Docs: `https://developer.wordpress.org/plugins/cron/`
- WordPress AJAX (admin-ajax) — Docs: `https://developer.wordpress.org/plugins/javascript/ajax/`

== Source and Human-Readable Code ==
This plugin ships with human-readable source code. All custom JavaScript and CSS are provided in unminified form under `assets/js/` and `assets/css/`.

The plugin also bundles a small number of third-party, minified assets. Their human-readable sources are publicly available here:

 - `assets/js/alpinejs.min.js` — Source: `https://github.com/alpinejs/alpine` (Docs/Homepage: `https://alpinejs.dev`)
- `assets/css/fontawesome.min.css` — Source: `https://github.com/FortAwesome/Font-Awesome`

Build tools are not required to work on this plugin. If build tooling is added in the future, instructions will be documented here.

=== Direct downloads (exact versions used) ===
- Alpine.js 3.13.10 (minified): `https://cdn.jsdelivr.net/npm/alpinejs@3.13.10/dist/cdn.min.js`
- Font Awesome Free 6.5.0 (fontawesome.min.css): `https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.5.0/css/fontawesome.min.css`

== Installation ==
1. Upload the plugin files to the `/wp-content/plugins/secuseek` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the 'Plugins' screen in WordPress.
3. Enter your SecuSeek API key in the plugin settings page.

== Frequently Asked Questions ==
= Where do I get an API key? =
You can obtain an API key from your SecuSeek dashboard.

= What does the plugin do? =
It fetches and displays security findings from SecuSeek's external scan services.

== Screenshots ==
1. Findings dashboard
2. API key entry screen

== Changelog ==
= 1.0 =
* Initial release.

== Upgrade Notice ==
= 1.0 =
First public release. 