=== Guard Dog Security & Site Lock ===
Contributors: wpfixit
Donate link: https://www.wpfixit.com
Tags: wordpress security, site lock, file permissions, malware scanner
Requires at least: 5.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 7.5
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Audit your site to keep WordPress clean and secure. Enable our one-of-a-kind SITE LOCK to give your site the ultimate security.

== Description ==

**Guard Dog Security & Site Lock** helps WordPress administrators keep websites cleaner, safer, and easier to audit from the WordPress dashboard.

Guard Dog combines file auditing, Site Lock protection, Watch Dog file change monitoring, WordPress core integrity checks, infection scanning, cleanup tools, setup guidance, and security reporting into one practical WordPress security suite.

Use Guard Dog to review leftover plugin folders, abandoned theme files, old uploads, temporary files, suspicious scripts, modified files, unexpected core files, and other items that can create clutter or security risk.

= Key Features =

* Site Lock to make important files and folders read-only
* Watch Dog baseline scans for new, modified, and deleted files
* WordPress core integrity checks using official checksums
* Infection scanning for suspicious file content
* Scheduled scans and automated security reports
* File change and core change email notifications
* Abandoned file and folder review tools
* File preview, download, approve, ignore, delete, and bulk actions
* Recommended setup guide with progress tracking
* Cleanup tools for old backups, temporary files, logs, and cache files
* Security tools for permissions, XML-RPC, author scans, debug exposure, and more

= Site Lock =

Site Lock helps prevent unwanted file additions, injected scripts, unauthorized edits, and accidental deletions by locking selected WordPress files and folders. Unlock the site for legitimate updates, then apply Site Lock again when finished.

= Watch Dog =

Watch Dog creates a trusted file baseline and compares future scans against it. It reports new, modified, and deleted files so administrators can quickly review changes after updates, maintenance, cleanup, or suspicious activity.

= Core Check =

Core Check compares installed WordPress core files against the official WordPress.org checksum API and reports modified, missing, unreadable, or unexpected files in core areas.

= Infection Scanner =

The infection scanner reviews site files for suspicious patterns commonly associated with malware, backdoors, obfuscated scripts, spam injections, and unwanted code.

= Setup Guide =

The Setup Guide helps administrators complete recommended Guard Dog security settings, including Site Lock, scheduled infection scans, automated reports, file change monitoring, and core change notifications.

== Installation ==
1. Upload the plugin files to the /wp-content/plugins/ directory, or install through the WordPress Plugins screen.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Navigate to **Guard Dog** to begin auditing and protecting your site.
4. Use **Site Lock** to lock files when your site is clean and stable.
5. Use **Watch Dog > File Change Monitor** to create a trusted baseline and scan for file changes.
6. Use **Watch Dog > Core Check** to verify WordPress core file integrity.

== Frequently Asked Questions ==

= Why do I need this plugin? =
Guard Dog helps you identify leftover folders, suspicious files, unexpected changes, weak security settings, and WordPress core file issues. It gives administrators better visibility into what exists on the server and what may need review.

= Does Guard Dog automatically delete orphaned folders or suspicious files? =
No. Guard Dog is built to help you review and take informed action. Files and folders are shown with action buttons so you can decide whether to view, download, ignore, include, delete, or approve them.

= What is Site Lock? =
Site Lock makes protected files and folders read-only to help prevent unauthorized changes. You can unlock the site when updates or maintenance are needed, then lock it again when finished.

= What is Watch Dog File Change Monitor? =
Watch Dog File Change Monitor creates a trusted baseline of your site files. Future scans compare the current site against that baseline and report new, modified, or deleted files.

= What is Watch Dog Core Check? =
Watch Dog Core Check compares your installed WordPress core files against the official WordPress.org checksum API. It helps detect modified, missing, unreadable, or unexpected files in WordPress core areas.

= Does Core Check scan plugins and themes? =
No. Core Check only verifies WordPress core files in the WordPress root, wp-admin, and wp-includes areas. Plugins, themes, uploads, and custom content are handled by other Guard Dog tools.

= Will Watch Dog work when Site Lock is enabled? =
Yes. Watch Dog stores baseline and scan data in its protected uploads storage folder, and Guard Dog allows that required Watch Dog path to remain writable while Site Lock is active.

= Where is Watch Dog baseline data stored? =
Watch Dog stores protected baseline data under wp-content/uploads/guard-dog/watch-dog/. This keeps baseline data outside the plugin folder so it is not removed during plugin updates.

= Does Watch Dog email me when file changes or core issues are found? =
Yes. File Change Monitor and Core Check each include email alert settings. Emails are sent only when the related scan finds issues.

= Will this slow down my website frontend? =
No. Guard Dog tools run inside the WordPress admin area and do not run on the public frontend during normal page visits.

= Does it work on multisite? =
Guard Dog is currently designed for single-site WordPress installations. Multisite support may be added in a future release.

== Screenshots ==
1. **Dashboard tab** showing security score and important folder issues present on your site.
2. **Main Folder Auditor** displaying folders and files in the root of your WordPress installation.
3. **Content Folder Auditor** listing folders and files found inside the wp-content directory.
4. **Plugins Folder Auditor** showing installed plugin folders and hidden or orphaned plugin directories.
5. **Themes Folder Auditor** displaying theme folders on disk and alerting you to invalid or unrecognized themes.
6. **Uploads Folder Auditor** showing upload folders and identifying PHP files present in uploads.
7. **.htaccess Auditor** listing every .htaccess file detected across your site for review and management.
8. **Security Settings** page where you can configure Site Lock, security headers, and user hardening features.
9. **Infection Scanner** selection screen allowing you to choose which areas of your site to scan.
10. **Security Tools** section providing access to File Finder & Remover, Blacklist Checker, SSL Checker, and Plugin Refresher.
11. **File Finder & Remover** tool for searching specific filenames or detecting files with no extension.
12. **Blacklist Checker results** showing your domain/IP status across multiple blacklist and reputation services.
13. **Plugin Refresher** tool for reinstalling a fresh copy of a WordPress.org plugin.
14. **Site Lock prevention notice** informing you that Site Lock is enabled and blocking file changes.
15. **Folder & File Scanner** interface allowing full-site, wp-content, plugin, theme, or uploads scanning.
16. **Export Report screen** displaying the generated audit and security report that can be downloaded.
17. **Settings screen** for auto lock, Site Lock admin bar status, scheduled scans, and automated reports.
18. **Watch Dog area** for file change monitor and core check security tools.
19. **File Change Monitor** to create a trusted file baseline, scan for changes, review individual files.
20. **Core Check** to compare WordPress core files against the official WordPress.org core checksum API.
21. **Theme Refresher** tool for reinstalling a fresh copy of a WordPress.org theme.
22. **Permissions Check** to view important file and folder permissions.
23. **Setup Guide** to complete recommended protection for your site.
24. **Software Health** to find installed plugins and themes that may no longer be maintained.
25. **Risk Review** to check local site risk signals and common security configuration concerns.

== Changelog ==

= 7.5 =
* Added a new Setup Guide page with recommended Guard Dog security setup steps, progress tracking, completion percentage, and quick actions.
* Added setup cards for Auto Site Lock, Folder & File Audit, Scheduled Infection Scans, Automated Security Reports, File Change Baseline, File Change Notifications, Core Change Notifications, Software Health Alerts, and Risk Review Alerts.
* Added dismiss, undo, completed, recommended, and dismissed states for Setup Guide items with live AJAX progress updates.
* Added a recommended setup banner when setup is incomplete, plus automatic redirect to the Setup Guide after plugin activation.
* Added a global Email Notification Settings form to apply the same notification frequency and recipient email for all alert notifications.
* Added a combined Guard Dog Security Summary digest to reduce multiple scheduled alert emails being sent at the same time.
* Added a new Watch Dog Software Health tool to identify installed plugins and themes that may no longer be maintained.
* Added scheduled Software Health checks with optional email alerts.
* Added Software Health delete actions for abandoned plugins and themes, including bulk delete support with safety checks.
* Added a new Watch Dog Risk Review tool for local site risk checks.
* Added scheduled Risk Review checks with optional email alerts.
* Added Risk Review severity sorting, ignore/include controls, and bulk ignore/include actions.
* Added direct Setup Guide actions for enabling Auto Site Lock and building the File Change Baseline without leaving the Setup Guide page.
* Added Watch Dog Defense as the updated Watch Dog section label with a new four-card layout.
* Updated plugin navigation labels, including Hub, Audit, Secure, Watch Dog, Tools, and Scan.
* Updated Guard Dog left admin submenu labels for clearer section naming.
* Removed Dashboard from the Guard Dog left admin submenu and made the main Guard Dog menu open the Hub/dashboard tab.
* Updated Audit and Tools dropdowns into cleaner two-column layouts.
* Standardized Guard Dog admin styling with consistent purple accents, green action buttons, card borders, shadows, and branded layouts.
* Standardized Save Settings button styling across plugin admin pages.
* Removed folder path and copy button clutter from Site Lock folder/file cards.
* Added Site Lock modal behavior for blocked plugin uploads when the uploads folder is locked.
* Updated permissions results so Site Lock-protected files and folders are not flagged as high risk.
* Added Protected by Site Lock status handling for locked files and folders.
* Improved permissions results layout by removing extra columns, improving permission number display, and prioritizing actionable results.
* Added Lock buttons for permission entries that are not already protected by Site Lock.
* Added bulk Ignore All support for non-core root files.
* Added Delete All support for orphaned plugin and theme folders.
* Disabled Delete All actions when Site Lock is active for protected areas.
* Improved Watch Dog baseline rebuilding so existing baselines are reused safely, replacements are built before old baselines are removed, and only one baseline file is kept at a time.
* Improved Watch Dog baseline storage compatibility with locked uploads folders, FTP filesystem transports, and Site Lock exclusions.
* Kept Watch Dog baseline storage in wp-content/uploads/guard-dog/watch-dog/ while keeping the uploads root locked.
* Updated Watch Dog scans to exclude media files and ZIP archives while keeping uploaded PHP, JS, and other non-media files visible.
* Fixed Watch Dog review actions so deleting or approving detected files immediately refreshes counts and tables without a full browser tab reload.
* Confirmed core, plugin, theme, upload, and delete actions rebuild the Watch Dog baseline immediately without relying on the auto-rebuild cron fallback.
* Added translator comment fixes and Plugin Check compatibility improvements.

= 7.1 =
* Added Plugin Refresher tool to securely refresh WordPress.org plugins with clean copies.
* Added queued native WordPress upgrader process for safer and more reliable plugin refreshes.
* Added bulk plugin refresh support with selectable plugins.
* Added individual plugin refresh support with branded progress feedback.
* Added branded Bulk Refresh Running window with progress tracking.
* Added refreshed count, remaining count, percentage complete, and progress bar to bulk refresh progress.
* Added navigation protection during bulk refreshes to help prevent users from leaving before completion.
* Added automatic window close behavior once refresh processes complete.
* Added installed version and available version details to the Plugin Refresher table.
* Added Update column to show whether each plugin is current or needs an update.
* Added Last Updated column using WordPress.org plugin data.
* Added separate manual refresh/install table for plugins not available on WordPress.org.
* Added stronger detection for WordPress.org plugin availability.
* Added Theme Refresher tool to securely refresh WordPress.org themes with clean copies.
* Added queued native WordPress upgrader process for safer and more reliable theme refreshes.
* Added bulk theme refresh support with selectable themes.
* Added individual theme refresh support with branded progress feedback.
* Added installed version and available version details to the Theme Refresher table.
* Added Update column to show whether each theme is current or needs an update.
* Added Last Updated column using WordPress.org theme data.
* Added separate manual refresh/install table for themes not available on WordPress.org.
* Added stronger detection for WordPress.org theme availability.
* Added Theme Refresher card to the main Tools page.
* Added Theme Refresher item to the Tools dropdown menu.
* Added Permissions Check tool to review important WordPress file and folder permissions.
* Added Permissions Check card to the main Tools page.
* Added Permissions Check item to the Tools dropdown menu.
* Added permission status counts for Good, Needs Attention, and High Risk items.
* Added current and recommended permission values to the Permissions Check table.
* Added Actions column to the Permissions Check table.
* Added permission repair actions for files and folders that can be safely updated.
* Added 403-safe fallback handling for permission repair requests blocked by admin-ajax.php.
* Added special handling for wp-config.php permission checks.
* Added support for detecting wp-config.php in the WordPress root or parent directory.
* Added High Risk status for wp-config.php when permissions are not set to 0644.
* Added High Risk status for unsafe writable files.
* Added Needs Attention status for folders that are not using recommended permissions.
* Added sorting to show High Risk items first, then Needs Attention, then Good.
* Improved Plugin Refresher table styling and layout.
* Improved Plugin Refresher helper text to better explain its infection-cleanup purpose.
* Improved bulk refresh messaging and completion behavior.
* Improved button hover styling so text and icons remain readable.
* Improved Theme Refresher table styling and layout to match Plugin Refresher.
* Improved Watch Dog baseline exclusion handling.
* Improved dashboard badge icon contrast.
* Improved Tools page card layout for a cleaner six-tool grid.
* Improved Plugin Check compatibility by adding missing translator comments.
* Improved Plugin Check compatibility by escaping settings page output.
* Improved Plugin Check compatibility by sanitizing request values.
* Improved Plugin Check compatibility by cleaning nonce handling warnings.
* Improved Plugin Check compatibility by cleaning prefix and naming warnings.
* Removed unnecessary summary stat cards from the Plugin Refresher page.
* Removed plugin folder slugs from the Plugin Refresher table for a cleaner interface.
* Removed Recommended Baseline card from Permissions Check.
* Removed bottom “No obvious world-writable wp-content items found” card from Permissions Check.
* Excluded Support Plugin - WP Fix It from the manual fresh install list.
* Excluded Guard Dog Security & Site Lock from the Plugin Refresher table.
* Changed inactive status icons from a dash to an X.
* Changed Permissions Checker text to Permissions Check.
* Changed Blacklist Checker text to Blacklist Check.
* Changed SSL Checker text to SSL Information.
* Reordered navigation so Scanner appears after Tools in both the top menu and WordPress admin side menu.
* Reordered Tools menu items so File Finder & Remover appears after Theme Refresher.
* Added File Finder & Remover card ordering improvements on the main Tools page.
* Fixed scanner success messages so they only display on the Scanner page.
* Fixed Watch Dog handling for wp-config.php review actions.
* Fixed wp-config.php exclusion saving and detection behavior.
* Fixed Site Lock menu icon hover color behavior.
* Fixed Theme Refresher fatal error caused by loading WordPress theme install functions more than once.
* Fixed visible translator comment text appearing on the dashboard.
* Fixed mixed line ending warnings across plugin files.
* Improved PHPCS compliance across refreshed plugin files.

= 7.0 =
* Added Watch Dog File Change Monitor.
* Added trusted file baseline creation and rebuild workflow.
* Added file change scanning for new, modified, and deleted files.
* Added scheduled Watch Dog file change scans.
* Added branded email alerts when file changes are detected.
* Added Watch Dog detected changes review table with view, download, approve, delete, and bulk actions.
* Added file details modal with readable size and modified date values.
* Added expandable file paths for long detected file paths.
* Added baseline exclusions for folders, individual files, wildcards, and server paths.
* Added protected Watch Dog baseline storage under wp-content/uploads/guard-dog/watch-dog/.
* Added Site Lock compatibility for Watch Dog storage while Site Lock is enabled.
* Added automatic internal exclusions for Watch Dog storage, report helpers, and error_log files.
* Added AJAX actions and loading overlays for baseline creation, baseline deletion, baseline rebuilds, and change scans.
* Added scan completion scrolling and success confirmation messages.
* Added Watch Dog Core Check.
* Added WordPress core file verification against the official WordPress.org checksum API.
* Added detection for modified, missing, unreadable, and unexpected WordPress core files.
* Added Core Check review actions to view, download, delete, and ignore reported files.
* Added scheduled Core Check scans.
* Added branded Core Check email alerts when core issues are found.
* Added dedicated Core Check settings for scan frequency, email alerts, and recipient.
* Updated Watch Dog navigation with File Change Monitor and Core Check tools.
* Improved Watch Dog styling, buttons, cards, status badges, modals, and admin workflow.
* Improved AJAX navigation and pagination handling.
* Improved compatibility with Plugin Check security and coding standard recommendations.

= 6.8 =
* Now compatible with hosting environments that auto lock WordPress core files.
* Improved site lock conditions to isolate certain folders and files.

= 6.7 =
* Removed Site Lock status in admin bar on site frontend.
* Added bulk database actions to infection scanner.
* Added select file actions to file remover tool.

= 6.6 =
* Fixed auto lock/unlock with MainWP.

= 6.5 =
* Made plugin code run only in admin area where needed.

= 6.4 =
* Fixed styling issue on scanner page.

= 6.3 =
* Added a database infection scanner to find harmful data.
* Added a setting to disable the admin bar Site Lock status display.

= 6.2 =
* Corrected typo in plugin description.

= 6.1 =
* Added AJAX loading content notice.

= 6.0 =
* Changed user interface to AJAX for faster navigation on Guard Dog pages.
* Added SSL checker tool to get details about the site SSL certificate.
* Improved infection scanner and added saved previous scan view.
* Made all tables responsive on all screen sizes.
* Improved blacklist checker tool.

= 5.6 =
* Added scheduled infection scans emailed directly to designated email addresses.

= 5.5 =
* Added additional lock exceptions for folders that need write permissions.

= 5.4 =
* Improved API REST endpoint call for cache bypass.

= 5.3 =
* Fixed permissions issue with Site Lock and MainWP.

= 5.2 =
* Added integration with MainWP to manage Site Lock during remote updates.

= 5.1 =
* Added a plugin refresher to reinstall fresh plugins when the current version is corrupted.

= 5.0 =
* Added an all-new Tools section to expand WordPress site auditing capabilities.
* Introduced the Find & Remove Files tool for locating, filtering, and deleting unwanted or suspicious files.
* Added a built-in Blacklist Checker to scan URLs, domains, and site status against major reputation lists.
* Added internal optimizations for future feature expansion.

= 4.9.2 =
* Can now exclude single plugins from Site Lock.

= 4.9.1 =
* Added new infection patterns to reduce false positives.

= 4.9 =
* Added new infection patterns to find bad files.

= 4.8 =
* Added new infection patterns to find bad files.

= 4.7 =
* Improved scanner performance.

= 4.6 =
* Added new infection patterns to find bad files.

= 4.5 =
* Temporarily removed MainWP integration to correct timeout issues during updates.

= 4.4 =
* Added new infection patterns to find bad files.

= 4.3 =
* Set up MainWP bridge for unlock/relock when running updates.

= 4.2 =
* Minor style changes.

= 4.1 =
* Added Site Lock Auto Enable.
* Added automated security reports.

= 4.0 =
* Rebranded plugin as a full security suite.

= 3.7 =
* Updated infection scanner patterns.

= 3.6 =
* Added infection scanner for site files.

= 3.5 =
* Fixed bulk delete action.
* Updated button styling.

= 3.4.4 =
* Fixed report fatal error.

= 3.4.3 =
* Fixed report hyperlinks.

= 3.4.2 =
* Fixed font styling on report download.

= 3.4.1 =
* Fixed typo.

= 3.4 =
* Added ability to download folder audit and security report.

= 3.3 =
* Added per-folder lock exclusion.
* Added new UI on main menu.

= 3.2 =
* Added locked item count to dashboard display.

= 3.1 =
* Fixed Site Health issue when Site Lock is on.

= 3.0 =
* Added user security settings to lock down account attacks.

= 2.9.4 =
* Added Site Lock under Tools menu.
* Added area for new settings tab.
* Added dropdown to security tab.
* Added style changes.

= 2.9.3 =
* Corrected bulk delete actions.

= 2.9.2 =
* Enhanced Site Lock conditioning.

= 2.9.1 =
* Fixed conflict with WP Rollback.

= 2.9 =
* Added view file action buttons.

= 2.8 =
* UI improvements.

= 2.7 =
* Fixed security header defaults.

= 2.6 =
* Fixed bulk ignore and delete functions.

= 2.5 =
* Added security area to lock folders and files and set security headers.

= 2.0 =
* New UI.

= 1.3.1 =
* Improved plugin header and descriptions.
* Added Author URI and GPL license URI.
* Enhanced escaping for better security compliance.

= 1.3.0 =
* Added auditing of wp-content and WordPress root folder.
* Improved error handling for unreadable directories.

= 1.2.0 =
* Added uploads and themes auditing.
* Improved plugin rows to match the Plugins screen exactly.

= 1.0.0 =
* Initial release. Added plugin folder auditing.

== Upgrade Notice ==

= 7.5 =
Major update with new Setup Guide, global alert notification settings, combined security digest, Software Health checks, Risk Review checks, improved Watch Dog baseline handling, cleaner admin navigation, refreshed styling, and Plugin Check compatibility fixes.
= 7.1 =
Added Plugin Refresher reloaded, Theme Refresher, and Permissions Check tools, plus improved Watch Dog handling, cleaner tool navigation, stronger infection-cleanup workflows, safer bulk refresh processing, and expanded Plugin Check compatibility fixes.

= 7.0 =
Major Watch Dog release. Adds File Change Monitor, trusted baselines, scheduled file change scans, email alerts, baseline exclusions, protected Watch Dog storage, and WordPress Core Check using the official checksum API.

= 6.8 =
Now compatible with hosting environments that auto lock WordPress core files. Improved Site Lock conditions to isolate certain folders and files.

= 6.7 =
Removed Site Lock status in admin bar on site frontend. Added bulk database actions to infection scanner and select file actions to file remover tool.

= 6.6 =
Fixed auto lock/unlock with MainWP.

= 6.5 =
Made plugin code run only in admin area where needed.

= 6.4 =
Fixed styling issue on scanner page.

= 6.3 =
Added a database infection scanner and a setting to disable the admin bar Site Lock status display.

= 6.2 =
Corrected typo in plugin description.

= 6.1 =
Added AJAX loading content notice.

= 6.0 =
Faster AJAX navigation, better scanners/checkers, and responsive tables.

= 5.6 =
Added scheduled infection scans.

= 5.5 =
Added additional lock exceptions.

= 5.4 =
Improved API REST endpoint call for cache bypass.

= 5.3 =
Fixed permissions issue with Site Lock and MainWP.

= 5.2 =
Added integration with MainWP.

= 5.1 =
Added a plugin refresher.

= 5.0 =
New Tools section.