wpban/readme.txt

=== wpban Pro ===
Contributors: wpban
Tags: security, firewall, ban, geo-blocking, rate-limiting, crawler-blocking, brute-force, ip-blocking
Requires at least: 6.7.2
Tested up to: 6.7.2
Stable tag: 5.0
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Advanced WordPress security plugin with geo-blocking, rate limiting, AI crawler blocking, and intelligent threat detection.

== Description ==

wpban Pro is a comprehensive security solution for WordPress that protects your site from various threats including malicious bots, brute force attacks, content scrapers, and unauthorized access attempts.

= Key Features =

**🛡️ IP Management**
* Ban IPs with wildcard support (e.g., 192.168.*.*)
* IP range blocking (CIDR and range notation)
* Whitelist trusted IPs
* Automatic reverse proxy detection

**🌍 Geographic Blocking**
* Block or allow specific countries
* Real-time IP geolocation
* Cached country lookups for performance
* Whitelist/blacklist modes

**⚡ Rate Limiting**
* Protect against DDoS and flood attacks
* Separate limits for general requests, login attempts, and API calls
* Automatic temporary bans for violators
* Customizable thresholds

**🤖 Crawler Control**
* Block 40+ AI crawlers (GPTBot, ClaudeBot, etc.)
* Control SEO crawler access
* Protect content from AI training datasets
* robots.txt integration

**📊 Advanced Logging**
* Detailed security event logs
* Filter by date, action, IP, or country
* Export logs to CSV
* Automatic log rotation

**📧 Email Notifications**
* Real-time security alerts
* Customizable alert thresholds
* Multiple event types
* Test email functionality

**🚪 Login Protection**
* Restrict wp-login.php access by IP
* Brute force detection
* Failed login tracking
* Emergency bypass URL

**🎯 Security Templates**
* Quick setup with pre-configured templates
* Basic, Strict, Content Protection, and Performance modes
* One-click application
* Customizable settings

**🔧 Additional Features**
* Browser restrictions (block WeChat/QQ)
* User agent filtering
* Referer blocking
* Host-based banning
* Import/export settings
* Database optimization tools

= Performance Optimized =

* Smart caching system
* Optimized database queries with indexes
* Minimal performance impact
* Lazy loading of features

= Emergency Access =

Never get locked out! WPBan provides an emergency bypass URL that allows you to access your site even if your IP gets banned accidentally.

== Installation ==

1. Upload the `wpban` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to 'WPBan Security' in your admin menu
4. Choose a security template or configure settings manually
5. Save your emergency bypass URL in a safe place

= Minimum Requirements =

* WordPress 6.7.2 or higher
* PHP 7.4 or higher
* MySQL 5.7 or higher

== Frequently Asked Questions ==

= Will this plugin slow down my website? =

No. WPBan is designed with performance in mind. It uses intelligent caching, optimized database queries, and only loads features when needed.

= What happens if I accidentally ban myself? =

Use the emergency bypass URL provided in the dashboard. This special URL allows you to access your site and disable the ban. Always save this URL in a secure location.

= Can I block entire countries? =

Yes! WPBan includes geographic blocking that allows you to block or exclusively allow specific countries. The plugin uses free IP geolocation services for this feature.

= Will blocking SEO crawlers hurt my rankings? =

Yes, blocking major search engine crawlers (Googlebot, Bingbot) will negatively impact your SEO. The plugin shows warnings for these critical crawlers. Only block SEO crawlers if you have a specific reason.

= How do I protect against AI content scraping? =

Use the "Content Protection" template which blocks major AI crawlers, or manually select AI crawlers to block in the Crawlers settings. The plugin blocks access and adds robots.txt rules.

= Can I import/export settings? =

Yes! Go to Tools > Import/Export to backup your settings or migrate them to another site.

= How long are logs kept? =

Logs are automatically cleaned after 30 days to prevent database bloat. You can export logs before they're deleted or manually clear them at any time.

= Does it work with Cloudflare? =

Yes! Enable the "Reverse Proxy" option in General settings to properly detect visitor IPs when using Cloudflare or other proxy services.

== Screenshots ==

1. Dashboard - Overview of security statistics and quick actions
2. Security Templates - One-click security configurations
3. IP Rules - Manage banned IPs, ranges, and whitelists
4. Rate Limiting - Configure request limits
5. Geographic Blocking - Block or allow countries
6. Crawler Management - Control bot access
7. Security Logs - Detailed event tracking
8. Email Notifications - Real-time alerts

== Changelog ==

= 5.0 =
* Added geographic blocking with real-time IP geolocation
* Implemented advanced rate limiting system
* Added email notifications for security events
* Improved logging with country tracking and pagination
* Added import/export functionality
* Optimized database performance with indexes
* Added emergency bypass URL feature
* Improved UI with WordPress native design
* Added security templates for quick setup
* Fixed array structure issue in templates

= 4.0 =
* Complete rewrite with improved architecture
* Added caching system
* Enhanced performance
* Better code organization

= 3.3 =
* Initial public release
* Basic IP blocking functionality
* Crawler blocking
* Simple logging

== Upgrade Notice ==

= 5.0 =
Major update with geographic blocking, rate limiting, and email notifications. Backup your settings before upgrading.

== Advanced Usage ==

= Custom Templates =

You can create custom security templates by hooking into the `wpban_templates` filter:

`
add_filter('wpban_templates', function($templates) {
    $templates['custom'] = [
        'name' => 'My Custom Template',
        'description' => 'Custom security configuration',
        'settings' => [
            'banned_ips' => ['1.2.3.4'],
            'rate_limits' => [
                'requests_per_minute' => 45
            ]
        ]
    ];
    return $templates;
});
`

= Custom Country Detection =

Integrate with premium GeoIP services:

`
add_filter('wpban_ip_country', function($country, $ip) {
    // Your custom country detection logic
    return $detected_country;
}, 10, 2);
`

= Whitelist Specific Pages =

Exclude certain pages from security checks:

`
add_filter('wpban_skip_checks', function($skip) {
    if (is_page('special-page')) {
        return true;
    }
    return $skip;
});
`

== Support ==

For support, feature requests, or bug reports, please visit our [support forum](https://wordpress.org/support/plugin/wpban/) or [GitHub repository](https://github.com/wpban/wpban).

== Privacy Policy ==

This plugin stores:
* Security logs containing IP addresses, user agents, and geographic data
* Your security configuration settings

This plugin may connect to external services:
* IP geolocation APIs (ip-api.com, ipinfo.io) for country detection
* These services only receive IP addresses for lookup

All data is stored locally in your WordPress database and is not shared with third parties.