=== Abmahn-Shield === Contributors: abmahnshield Tags: abmahnung, dsgvo, gdpr, impressum, compliance Requires at least: 5.8 Tested up to: 6.9 Stable tag: 1.0.6 Requires PHP: 7.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Protect your WooCommerce store from German legal compliance risks. Automated check for imprint, privacy policy, cookie banner, terms, and more. == Description == **Abmahn-Shield** prüft deinen WooCommerce-Shop auf die häufigsten Abmahnrisiken im deutschen E-Commerce: = Kostenloser Quick-Scan = * Impressum vorhanden und im Footer verlinkt? * Datenschutzerklärung vorhanden und verlinkt? * AGB-Seite konfiguriert? * Widerrufsbelehrung vorhanden? * Versandinformationen vorhanden? * Google Fonts extern geladen? (BGH-Urteil 2022) * Tracking-Scripte ohne Cookie-Consent? * Grundpreis-Plugin (PAngV) aktiv? = Deep-Scan (optional, 9,90 EUR einmalig) = * KI-gestützte Analyse des vollständigen HTML-Codes * Impressum-Inhaltsprüfung (fehlen Pflichtfelder?) * DSGVO-Konformität der Datenschutzerklärung * Cookie-Banner-Funktionstest * BFSG-Barrierefreiheitsprüfung (21+ WCAG 2.1 AA Regeln) * Streitwert-Einschätzung pro Verstoß * Priorisierte Fix-Empfehlungen = Rechtliche Grundlage = Basierend auf aktueller Rechtsprechung (BGH, EuGH) und Gesetzeslage: * DDG §5 (Impressumspflicht) * DSGVO Art. 13 (Datenschutzerklärung) * TDDDG §25 (Cookie-Einwilligung) * §355 BGB (Widerrufsrecht) * PAngV (Grundpreisangaben) * BFSG (Barrierefreiheitsstärkungsgesetz, ab Juni 2025) * BGH-Urteil Google Fonts 2022 = Hinweis = Dies ist eine technische Compliance-Einschätzung, keine Rechtsberatung im Sinne des RDG. Für rechtsverbindliche Prüfung bitte einen Fachanwalt hinzuziehen. == Installation == 1. Lade das Plugin hoch oder installiere es über das WordPress Plugin-Verzeichnis. 2. Aktiviere das Plugin unter "Plugins". 3. Gehe zu WooCommerce > Abmahn-Shield. 4. Klicke "Jetzt scannen" für den kostenlosen Quick-Scan. == Frequently Asked Questions == = Werden Kundendaten übertragen? = Nein. Der Quick-Scan läuft komplett lokal in deiner WordPress-Installation. Beim Deep-Scan wird nur die URL deines Shops an den Abmahn-Shield Server übertragen. Kunden-, Bestell- oder Produktdaten werden niemals übermittelt. = Funktioniert das Plugin auch ohne WooCommerce? = Nein. Abmahn-Shield ist speziell für WooCommerce-Shops entwickelt und prüft WooCommerce-spezifische Einstellungen wie AGB-Seite und Grundpreis-Plugins. = Was kostet das Plugin? = Das Plugin und der Quick-Scan sind kostenlos. Der optionale Deep-Scan kostet einmalig 9,90 EUR (kein Abo). == Screenshots == 1. Quick-Scan Ergebnisse mit Risiko-Übersicht 2. Deep-Scan Upsell mit Feature-Übersicht == External services == This plugin connects to the Abmahn-Shield API to perform Deep-Scans and process payments. The Quick-Scan runs entirely locally within your WordPress installation and does not send any data to external servers. = Abmahn-Shield API (Deep-Scan) = When you initiate a Deep-Scan, the plugin sends your shop's URL to the Abmahn-Shield API for a comprehensive compliance analysis. No customer data, order data, or product data is ever transmitted. * **What data is sent:** Your shop's URL (home_url), your admin email address (for account registration and scan result delivery), and the scan ID. * **When data is sent:** Only when you explicitly click "Deep-Scan starten" or "Jetzt kaufen" in the plugin admin page. * **Service provider:** Abmahn-Shield, Dennis Stahlhut, Holsen 7a, 59075 Hamm, Germany. * **API endpoints used:** * `https://abmahn-shield.de/api/wc/register` — One-time site registration. Called only on the first Deep-Scan or first Deep-Scan checkout (never during the local Quick-Scan). * `https://abmahn-shield.de/api/wc/scan` — Sends the shop URL for Deep-Scan analysis. * `https://abmahn-shield.de/api/wc/checkout` — Initiates the payment process for the Deep-Scan report. * **Terms of service:** [https://abmahn-shield.de/agb](https://abmahn-shield.de/agb) * **Privacy policy:** [https://abmahn-shield.de/datenschutz](https://abmahn-shield.de/datenschutz) = Stripe (Payment Processing) = When you purchase a Deep-Scan report, the payment is processed by Stripe. The plugin does not handle any payment credentials directly. You are redirected to Stripe's secure payment page. * **What data is sent:** Your email address and the scan ID are passed to Stripe via the Abmahn-Shield API to create a payment session. * **When data is sent:** Only when you click "Jetzt kaufen" to purchase a Deep-Scan report. * **Service provider:** Stripe Technology Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. * **Terms of service:** [https://stripe.com/de/legal/consumer](https://stripe.com/de/legal/consumer) * **Privacy policy:** [https://stripe.com/de/privacy](https://stripe.com/de/privacy) = Local-only pattern matching (no external connections) = The Quick-Scan analyzes your shop's HTML output **locally within WordPress** to identify whether common third-party tracking scripts or font CDNs are loaded by your theme or other plugins. The plugin performs string comparisons against well-known domain names but **does not connect to, transmit data to, or otherwise interact with** any of these services. The domain names below appear in the plugin source code (`includes/class-scanner.php`) only as literal string arguments to PHP's `strpos()` function. We document them here together with their terms and privacy policies so that you, as the shop operator, can make an informed compliance decision if the Quick-Scan reports that any of these scripts are present on your store. * **Google Fonts CDN** — detected domains: `fonts.googleapis.com`, `fonts.gstatic.com` * Service: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. * Terms: [https://policies.google.com/terms](https://policies.google.com/terms) * Privacy: [https://policies.google.com/privacy](https://policies.google.com/privacy) * **Google Analytics / Google Tag Manager** — detected domains: `google-analytics.com`, `googletagmanager.com` (and `gtag(` function call) * Service: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. * Terms: [https://policies.google.com/terms](https://policies.google.com/terms) * Privacy: [https://policies.google.com/privacy](https://policies.google.com/privacy) * **Meta Pixel (Facebook)** — detected domains: `connect.facebook.net`, `facebook.com/tr` (and `fbevents.js`) * Service: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. * Terms: [https://www.facebook.com/legal/terms](https://www.facebook.com/legal/terms) * Privacy: [https://www.facebook.com/privacy/policy](https://www.facebook.com/privacy/policy) * **TikTok Pixel** — detected domain: `tiktok.com/i18n/pixel` * Service: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. * Terms: [https://www.tiktok.com/legal/page/eea/terms-of-service/en](https://www.tiktok.com/legal/page/eea/terms-of-service/en) * Privacy: [https://www.tiktok.com/legal/page/eea/privacy-policy/en](https://www.tiktok.com/legal/page/eea/privacy-policy/en) * **Hotjar** — detected domain: `hotjar.com` * Service: Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta. * Terms: [https://www.hotjar.com/legal/policies/terms-of-service/](https://www.hotjar.com/legal/policies/terms-of-service/) * Privacy: [https://www.hotjar.com/legal/policies/privacy/](https://www.hotjar.com/legal/policies/privacy/) * **Microsoft Clarity** — detected domain: `clarity.ms` * Service: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. * Terms: [https://www.microsoft.com/legal/terms-of-use](https://www.microsoft.com/legal/terms-of-use) * Privacy: [https://privacy.microsoft.com/privacystatement](https://privacy.microsoft.com/privacystatement) To repeat: **the plugin does not connect to, request from, or send any data to the services listed above.** These domain strings exist only to recognize when those services are already embedded by the shop operator's theme or other plugins, so the Quick-Scan can warn about consent-related compliance risks under TDDDG §25 and GDPR Art. 6. == Changelog == = 1.0.6 = * Privacy: Removed the implicit site-key registration call from the local Quick-Scan. The Quick-Scan is now strictly local and performs zero outbound HTTP requests to Abmahn-Shield servers. Site registration only happens on the first Deep-Scan (which is an explicit, opt-in user action triggered by clicking "Deep-Scan starten" or "Jetzt kaufen"). Readme "External services" entry for `/api/wc/register` updated to reflect this. = 1.0.5 = * Readme: extended "External services" section to explicitly document all third-party domains referenced in the local pattern-matching scanner (Google Fonts, Google Analytics/GTM, Meta Pixel, TikTok Pixel, Hotjar, Microsoft Clarity). Each entry now includes the provider, terms of service, and privacy policy URL. No code changes; the plugin still does not connect to any of these services. * Pricing: Deep-Scan price reduced from 14,90 EUR to 9,90 EUR (single one-time charge, still no subscription). Admin UI label updated accordingly. = 1.0.4 = * Readme: short description rewritten in English per WordPress.org guidelines * Readme: reduced tags to 5 (within plugin directory limit) = 1.0.3 = * Security: Removed unused public REST endpoint `/webhook/stripe` that lacked Stripe signature verification. Stripe webhooks are handled exclusively by the Abmahn-Shield API server (with full signature verification); the plugin no longer exposes a webhook receiver. * Removed unused `/payment-status` REST endpoint (no consumers in the plugin UI). = 1.0.2 = * Payment-Provider von Mollie auf Stripe umgestellt * Readme: External-Services-Dokumentation für Stripe statt Mollie (gültige ToS- und Privacy-URLs) * Internes Webhook-Routing entsprechend angepasst = 1.0.1 = * External services documentation added to readme.txt * Plugin URI updated to working landing page = 1.0.0 = * Erster Release * Quick-Scan: Impressum, Datenschutz, AGB, Widerruf, Versand, Google Fonts, Tracker, PAngV * Deep-Scan Integration via Abmahn-Shield API * Stripe-Payment für Deep-Scan * WordPress Admin-Seite unter WooCommerce-Menü == Upgrade Notice == = 1.0.6 = Privacy fix: the Quick-Scan no longer triggers any background site registration with Abmahn-Shield servers. Site registration is now strictly opt-in via the Deep-Scan flow. = 1.0.5 = External-services documentation extended (per-domain terms/privacy links) and Deep-Scan price reduced to 9,90 EUR. = 1.0.4 = Readme cleanup for WordPress.org plugin directory compliance (English short description, tag limit). = 1.0.3 = Security fix: removed an unused public REST endpoint to harden payment-status handling. = 1.0.2 = Payment-Provider auf Stripe umgestellt, External-Services-Dokumentation aktualisiert. = 1.0.1 = Readme update: external services documentation for WordPress.org compliance. = 1.0.0 = Erster Release von Abmahn-Shield für WooCommerce.