=== Vulnity Security ===
Contributors: manuelgalan
Requires at least: 5.8
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.1.9
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
Tags: security, siem, monitoring, intrusion-detection

Security monitoring and SIEM integration that keeps your WordPress sites safe in real time.

== Description ==
Vulnity Security brings enterprise-grade threat detection to WordPress. It connects your site to Vulnity's SIEM platform, correlates events, and alerts you before issues become incidents.

= Features =
* Real-time security event collection and forwarding to Vulnity SIEM.
* Dashboard widgets that highlight critical findings and remediation steps.
* Scheduled security scans for core files, plugins, and themes.
* Centralized logging compatible with major SOC workflows.

= Integration Requirements =
To receive alerts, configure an Site ID and Pair Code provided by your Vulnity SIEM account. All documentation and explanations can be found in the official documentation: https://vulnity.gitbook.io/vulnity-docs/instalaciones/quickstart.

= External Services =
This plugin connects to Vulnity's external API hosted on Supabase Edge Functions (domain: `euxnoekqasvzwfcbybkg.supabase.co`, base URL `https://euxnoekqasvzwfcbybkg.supabase.co/functions/v1`) to power SIEM alerts, inventory sync, and mitigation updates.

* **What the service is and what it is used for:**
  * Vulnity SIEM API for pairing/unpairing, heartbeat checks, sending alerts, testing connectivity, syncing inventory, and receiving mitigation policies.
* **Endpoints used:**
  * `/pair-plugin`, `/unpair-plugin` (pairing and disconnecting the site).
  * `/heartbeat` (periodic health check).
  * `/connection-test` (manual connection test).
  * `/scan-site-info` (inventory sync).
  * `/generic-alert`, `/brute-force-alert`, `/file-security-alert`, `/manage-user`, `/user-management-alert`, `/permission-change-alert`, `/file-editor-alert`, `/plugin-change-alert`, `/theme-change-alert`, `/core-update-alert`, `/suspicious-query-alert`, `/scanner-detected-alert` (security alerts).
  * `/mitigation-config`, `/mitigation-update` (mitigation policy sync and block/unblock updates).
* **What data is sent and when:**
  * Pairing/unpairing: site ID, pair code, plugin/WordPress/PHP versions, and timestamp when pairing or disconnecting occurs.
  * Heartbeat: site ID, URLs, site metadata (name, language, timezone, theme), and runtime info (plugin/WordPress/PHP versions, latency) on a scheduled interval.
  * Alerts: site ID, alert type/severity, timestamps, and event details (such as IP address, user/action metadata, or file change context) whenever a security event is detected.
  * Inventory sync: site inventory details (installed plugins/themes/core metadata) when inventory sync runs.
  * Mitigation: site ID, block/unblock actions, IP address, reason, duration, and rule metadata when mitigation rules are synced or enforcement actions occur.
* **Why the data is sent:**
  * To associate the site with your Vulnity account, deliver security alerts to the SIEM, validate connectivity, synchronize inventory and mitigation policies, and keep firewall enforcement consistent.
* **Policies:** See the Vulnity [Terms of Service](https://vulnity.io/terms) and [Privacy Policy](https://vulnity.io/privacy) for details on how data is handled.

== Installation ==

Installation steps: https://vulnity.gitbook.io/vulnity-docs/instalaciones/quickstart

== Frequently Asked Questions ==

= Do I need a Vulnity SIEM subscription? =
Yes. The plugin requires an active Vulnity SIEM account to collect and analyze events.

= Will the plugin slow down my site? =
No. Event collection runs asynchronously and offloads processing to the Vulnity cloud platform.

= Can I disable certain alerts? =
Absolutely. Use the **Alert Policies** section within the plugin settings to mute or reclassify events.

== Screenshots ==
1. Dashboard 
2. Alerts
3. Mitigation
4. Hardening
5. Synchronization
6. settings

== Changelog ==
= 1.1.9 =
* Send whitelist IPs (user public IP + localhost) to the SIEM during pairing so the whitelist persists after synchronization.

= 1.1.8 =
* Fixed Nginx warning notice appearing repeatedly on every admin page load; it now displays only once.
* Improved notice format: each protected path is shown on its own line for better readability.
* Added link to solution documentation for Nginx .htaccess compatibility.

= 1.1.7 =
* Fixed deactivation not clearing all cron jobs (4 missing hooks, plus events re-scheduled by late-firing alert hooks).
* Added `final_deactivation_cleanup` at priority 9999 to ensure complete cron and .htaccess cleanup after all hooks fire.
* Replaced `wp_clear_scheduled_hook` with `wp_unschedule_hook` to clear single events with arguments.
* Added native PHP fallback for .htaccess marker removal when WP_Filesystem is unavailable.
* Fixed Plugin Check error: replaced direct `is_writable()` with `vulnity_path_is_writable()` and `WP_Filesystem_Direct`.

= 1.1.5 =
* Fix uninstall multisite cleanup query when `sitemeta` table is not available to prevent SQL warnings in debug.log.

= 1.1.4 =
* Ensure uninstall removes Vulnity firewall/log folders recursively so no plugin-owned folders are left behind.

= 1.1.3 =
* Ensure uninstall removes Vulnity firewall/log folders even when permissions are restrictive by attempting safe chmod before cleanup.

= 1.1.2 =
* Added a dedicated Vulnity log with line-based rotation and safe fallbacks when uploads are not writable.
* Added admin warning when firewall storage cannot be written, with clear remediation guidance.
* Expanded uninstall cleanup to remove Vulnity log files and firewall artifacts across fallback paths.

= 1.1.1 =
* Fixed deactivation cleanup so Vulnity hardening marker blocks are removed fully from `.htaccess` without modifying user-defined rules.
* Improved deactivation safety in shared hosting environments with conservative, marker-only rollback behavior.

= 1.1.0 =
* Improved admin UI consistency across Dashboard, Synchronization, Mitigation, Hardening, and Setup screens.
* Hardened plugin lifecycle behavior for shared hosting compatibility and safer deactivation/uninstall flows.
* Added conservative server integration safeguards to reduce side effects in Apache/Nginx environments.

= 1.0.5 =
* Version bump to 1.0.5.

= 1.0.4 =
* Version bump to 1.0.4.

= 1.0.3 =
* Standardized admin asset enqueues and AJAX URL localization for compliant loading.
* Hardened nonce and capability checks across alerts and admin handlers.
* Improved path resolution using WordPress APIs for non-default installs.
* Documented external Supabase services used for alerts and mitigation updates.

= 1.0.2 =
* Initial release.

== Upgrade Notice ==
= 1.1.9 =
Whitelist IPs are now sent to the SIEM during pairing to prevent them from being lost on sync.

= 1.1.8 =
Nginx warning now shows only once and includes a link to the solution documentation.

= 1.1.7 =
Deactivation now fully clears all cron jobs and .htaccess markers, including events re-scheduled by alert hooks.

= 1.1.5 =
Fixes a multisite uninstall query edge case that could log an SQL warning.

= 1.1.4 =
Uninstall cleanup now removes Vulnity firewall/log folders recursively so nothing is left behind.

= 1.1.3 =
Improved uninstall cleanup for firewall/log folders in restrictive hosting environments.

= 1.1.2 =
New rotating Vulnity logs plus safer firewall storage warnings and cleanup behavior for shared hosting.

= 1.1.1 =
Conservative `.htaccess` cleanup update: Vulnity now removes only its own marker blocks on deactivation and leaves user rules untouched.

= 1.1.0 =
Stability and compatibility update focused on safer lifecycle handling and cleaner admin UX.

= 1.0.5 =
Version bump to 1.0.5.

= 1.0.4 =
Version bump to 1.0.4.

= 1.0.3 =
Compliance-focused update to align asset loading, documentation, and escaping with WordPress.org guidelines.

= 1.0.2 =
Initial public release featuring Vulnity SIEM integration and security monitoring dashboard.

== License ==
This plugin is licensed under the GNU General Public License v2.0 or later. You are free to redistribute and/or modify it under the terms of the GPL as published by the Free Software Foundation. The complete license text is included in the bundled `license.txt` file and is also available online at https://www.gnu.org/licenses/gpl-2.0.html.
