=== GranTech IP Firewall for AbuseIPDB ===
Contributors:      marcgran
Tags:              security, firewall, ip blocker, brute force, abuseipdb
Requires at least: 6.0
Tested up to:      7.0
Requires PHP:      8.0
Stable tag:        1.0.3
License:           GPL-2.0-or-later
License URI:       https://www.gnu.org/licenses/gpl-2.0.html

Protect your WordPress site by detecting, blocking and reporting malicious IPs using the AbuseIPDB API. Includes brute-force protection.

== Description ==

**GranTech IP Firewall for AbuseIPDB** connects your WordPress installation to the community-driven [AbuseIPDB](https://www.abuseipdb.com/) database to automatically detect, block, and report abusive IP addresses before they can cause damage.

= Key Features =

* **Real-time IP checks** — Queries the AbuseIPDB API on sensitive endpoints (login, XML-RPC, comments).
* **Automatic blocking** — IPs exceeding the configured abuse score threshold are blocked instantly.
* **Brute-force protection** — Detects brute-force attacks on wp-login.php and XML-RPC and blocks the offending IP after N failed attempts.
* **Automatic reporting** — Reports aggressive IPs to AbuseIPDB (Brute-Force category) to contribute back to the community database.
* **Smart caching** — Caches API responses to minimise daily quota consumption.
* **Whitelist support** — Exempt individual IPs or CIDR ranges from checks.
* **Admin dashboard** — 30-day statistics, activity chart, and top offending IPs at a glance.
* **Event log** — Full history of all events, filterable by IP and event type.
* **Manual blocklist** — Block and unblock IPs manually from the admin panel.
* **Automatic cleanup** — Hourly cron job purges expired blocks and logs older than 90 days.
* **Cloudflare support** — Automatically reads the CF-Connecting-IP header to get the real visitor IP.

= How It Works =

1. When an IP accesses a sensitive endpoint (login, XML-RPC, comment submission), the plugin queries the AbuseIPDB API.
2. If the abuse confidence score meets or exceeds the configured threshold (default 50/100), the IP is blocked automatically.
3. If multiple failed login attempts are detected from the same IP, it is blocked and reported to AbuseIPDB as a brute-force attack.
4. All events are recorded in the admin dashboard.

= API Requirements =

A free account at [abuseipdb.com](https://www.abuseipdb.com/register) is required.
The free plan includes **1,000 checks per day**, which is sufficient for most sites when combined with the built-in caching system.

== Installation ==

1. Upload the `grantech-ip-firewall-for-abuseipdb` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Go to **GranTech IP Firewall → Settings** and paste your AbuseIPDB API key.
4. Adjust the score threshold and brute-force parameters to suit your needs.
5. Done — your site is now protected.

= Recommended Settings =

* **Block threshold:** 50 (blocks IPs with >50% abuse probability)
* **Block duration:** 24 hours
* **Attempts before block:** 5
* **Time window:** 10 minutes
* **API cache:** 60 minutes
* **Report brute-force:** Enabled

== Frequently Asked Questions ==

= Do I need a paid AbuseIPDB account? =

No. The free plan includes 1,000 checks per day, which is more than enough for most sites when the caching system is enabled.

= Will it block legitimate users? =

The plugin only queries the API on sensitive endpoints (login, XML-RPC, comments), not on every page visit. You can also add your own IP or CIDR ranges to the whitelist to prevent accidental blocks. It is recommended to add your IP before activating the plugin.

= What if my IP gets blocked? =

You can log into the admin panel and remove the IP from **GranTech IP Firewall → Blocklist**. If you cannot access the admin panel, add your IP to the whitelist directly in the database: `UPDATE wp_options SET option_value = 'a:1:{i:0;s:X:"YOUR.IP.HERE";}' WHERE option_name = 'granipfi_whitelist';`

= Is it compatible with Cloudflare? =

Yes. The plugin automatically detects the CF-Connecting-IP header from Cloudflare to obtain the real visitor IP.

= Does it work with WooCommerce? =

Yes. The plugin does not interfere with the checkout process. It only acts on authentication endpoints and comment submissions.

= Can I block IPs manually? =

Yes. From **GranTech IP Firewall → Blocklist** you can add any IP with a custom reason. Manual blocks are permanent by default.

= How do I uninstall cleanly? =

Deactivate and delete the plugin from the WordPress admin panel. All database tables (`wp_abuseipdb_log` and `wp_abuseipdb_blocklist`) and options are removed automatically via `uninstall.php`.

== External Services ==

This plugin connects to the **AbuseIPDB** API (https://api.abuseipdb.com/api/v2/) to check and report IP addresses.

**What is AbuseIPDB?**
AbuseIPDB is a community-driven project that maintains a database of IP addresses reported for abusive behavior (spam, hacking, brute-force attacks, etc.). This plugin uses their public API to protect your WordPress site.

**What data is sent and when?**

* **IP address check:** When a visitor accesses a sensitive endpoint (wp-login.php, xmlrpc.php, comment submission), the visitor's IP address is sent to AbuseIPDB to retrieve its abuse confidence score. This only happens when the endpoint is accessed — not on regular page visits.
* **IP address report:** When a brute-force attack is detected (configurable number of failed login attempts), the offending IP address is reported to AbuseIPDB along with a description of the attack and your site's URL. Reporting can be disabled in the plugin settings.

**No personal data** other than IP addresses is ever transmitted to AbuseIPDB.

* AbuseIPDB Terms of Service and Privacy Policy: https://www.abuseipdb.com/legal


== Privacy Policy ==

This plugin stores visitor IP addresses in the local WordPress database for the purpose of security logging and blocking. IP addresses are personal data under GDPR.

* **What is stored:** IP addresses, associated ISP, country, and event type (e.g. blocked, failed login).
* **Why:** To protect the site from malicious activity and brute-force attacks.
* **How long:** Log entries are automatically deleted after 90 days. Block entries expire based on the configured duration.
* **Third parties:** IP addresses may be sent to AbuseIPDB (https://www.abuseipdb.com) for reputation checks and reporting. See the External Services section for details.
* **User rights:** Site administrators can view and delete all stored data from the plugin's admin panel or by uninstalling the plugin.

== Screenshots ==

1. Dashboard with 30-day statistics and live IP lookup tool.
2. Blocklist with unblock options and manual block form.
3. Event log with filters by IP and event type.
4. Settings page with all plugin options.

== Changelog ==

= 1.0.3 =
* Fix: Removed .gitignore file not permitted in WordPress.org plugin repository.

= 1.0.2 =
* i18n: Full internationalization — all admin view strings wrapped in __() translation functions.
* i18n: Plugin now displays correctly in any WordPress language based on site settings.
* i18n: English as source language; Spanish (es_ES) loaded automatically via .mo file.
* Fix: Removed remaining hardcoded Spanish strings from all admin views.
* Fix: CSS prefix updated — all classes renamed from shield- to granipfi-.
* Fix: JS global object renamed from AbuseIPDBShield to GranIPFI.

= 1.0.1 =
* Fix: Blocklist page showing empty despite IPs being blocked — fixed by adding automatic DB table creation/repair on every plugin load.
* Fix: Added DB version check (granipfi_db_version) to ensure tables are always present and up to date after updates or migrations.
* Improvement: Added database repair tool in Settings page for manual recovery.
* Fix: Admin panel title text color now correctly displays white on dark background.
* Accessibility: Added aria-hidden="true" to all decorative dashicons.
* Accessibility: Added scope="col" to all table header cells (17 instances).
* Accessibility: Added aria-label to all data tables.
* Accessibility: Added aria-live="polite" and aria-atomic to AJAX result region.
* Accessibility: Added role="status" to success notices and role="alert" to error notices.
* Accessibility: Added aria-busy state to Verify IP button during async requests.
* Accessibility: Replaced <strong> with <label for=> on IP check input field.
* Accessibility: Added for= attribute to filter labels in event log.
* Accessibility: Added aria-describedby to all settings form fields.
* Accessibility: All font sizes increased to minimum 12px (previously 10-11px).
* Accessibility: Removed outline:none from focus states — now shows visible 2px blue outline.
* Accessibility: Fixed focus-visible selector pointing to non-existent .shield-field class.
* Accessibility: Added focus and focus-visible styles for all interactive elements.
* Accessibility: Added border to score badges and event chips (non-color visual cue, WCAG 1.4.1).
* Accessibility: Added text-decoration:underline to pagination links (WCAG 1.4.1).
* Accessibility: Improved color contrast ratio of muted text: #8b949e → #a0aab8 (~5.2:1).
* Accessibility: Added prefers-reduced-motion support — disables transitions/animations.
* Accessibility: Added forced-colors (Windows High Contrast) support with borders and forced-color-adjust.
* Accessibility: Added minimum touch target size 44x44px to buttons and pagination links (WCAG 2.5.8).
* Accessibility: Added screen-reader-text utility class (WordPress standard).

= 1.0.0 =
* Initial release.
* Real-time IP checks against the AbuseIPDB v2 API.
* Automatic blocking based on configurable score threshold.
* Brute-force protection for wp-login.php and XML-RPC.
* Automatic reporting of aggressive IPs to AbuseIPDB.
* Admin dashboard with statistics and activity chart.
* Event log with filters.
* Manual blocklist with configurable expiry.
* Whitelist with CIDR range support.
* API response caching via WordPress transients.
* Cloudflare and reverse proxy support.
* Spanish (es_ES) translation included.

== Upgrade Notice ==

= 1.0.3 =
Minor fix: removes .gitignore file. Update recommended.

= 1.0.2 =
Full internationalization — plugin now works correctly in any WordPress language. Update recommended.

= 1.0.1 =
Fixes a bug where the blocklist page showed empty even when IPs were being blocked. Update recommended.

= 1.0.0 =
First stable release. No previous versions exist.
