=== Breach Radar via verisizintisi.com === Contributors: verisizintisi Donate link: https://verisizintisi.com Tags: security, data breach, privacy, breach, users Requires at least: 5.6 Tested up to: 6.8 Requires PHP: 7.2 Stable tag: 1.0.2 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Check your WordPress users’ emails against known breaches via verisizintisi.com and act on risks. Language: English | Türkçe → readme-tr_TR.txt == Description == Breach Radar helps WordPress site owners monitor whether their users’ email addresses appear in known data breaches. Features: - Dashboard overview with risk summary and insights - Manual and scheduled scans (daily) - Logs with filters (email, found, HTTP, date range) - Admin notifications on breach count increases (configurable threshold) - Protection badge shortcode and Theme Customizer integration - i18n: English and Turkish included; Azerbaijani and Russian supported via PO files = How it works = 1. Get your API key at get.verisizintisi.com/wordpress and paste it in Settings. 2. Start a manual scan or enable the daily scan. The plugin sends, over HTTPS: - Your site domain (to validate token usage) - The email addresses selected for scanning 3. The API authenticates, rate‑limits, and checks a breach dataset. It returns per‑email status and counts (no breach contents). 4. Results are summarized in your dashboard and stored locally as scan logs. Breach contents remain user‑private on verisizintisi.com. = Language & translations = - Text Domain: breach-radar (auto‑loaded from WordPress.org) - Bundled translations: English, Turkish. PO fallbacks provided for az_AZ and ru_RU under `wordpress/languages/`. - Plugin UI language can be forced at Breach Radar → Settings → Language. Default is “Auto (Site language)”. - Language: English | Türkçe → readme-tr_TR.txt = Data sent to the service = - Site domain (host) to validate token usage - The email addresses you submit for lookup (transmitted for lookup; not persisted by the API) - Usage metadata (request time, status code, counters) for rate‑limiting and abuse prevention = Privacy and Terms = - No tracking scripts are added to your WordPress frontend or admin. - Lookups only run when you initiate them or via your scheduled task. Visitors are not tracked. - Review: https://verisizintisi.com/privacy and https://verisizintisi.com/terms = Security model = - Admin pages require `manage_options` capability. - All state‑changing actions use nonces (`check_admin_referer`). - Inputs sanitized and validated; outputs escaped (`esc_html`, `esc_attr`, `esc_url`, `wp_kses_post`). - HTTP host is derived via a safe helper instead of raw `$_SERVER`. = Consent = Depending on your local laws and policies, you may need to inform users and/or obtain consent before checking their email addresses against breach datasets. This plugin provides the tools, but responsibility for lawful use remains with the site owner. == Installation == From your WordPress admin: 1. Plugins → Add New → Upload Plugin → select the ZIP → Install Now → Activate 2. Get your API key at get.verisizintisi.com/wordpress 3. Go to Breach Radar → Settings and paste your API key 4. (Optional) Configure scan filters, notifications, language 5. Start a manual scan or enable daily scans == Frequently Asked Questions == = Does this show breach contents inside WordPress? = No. Breach contents are user‑private on verisizintisi.com. Admins see presence and counts only. = Does the API store my users’ emails? = Emails are transmitted for lookup and not stored in usage logs. The service records minimal metadata for rate‑limiting and abuse prevention. = How often can I call the API? = Default daily limit is 10 requests per token (subject to change by plan). See the dashboard usage card. = How do I add the protection badge? = Use the shortcode: [verisizintisi_badge size="medium" theme="light" align="left" lang="auto"] Or use Appearance → Customize → Breach Radar Badge. = Can I force the plugin language? = Yes. Go to Breach Radar → Settings → Language. “Auto” follows the site language. You can force Turkish, English, Azerbaijani, or Russian. == Screenshots == 1. Dashboard overview and insights 2. Logs with filters 3. Badge examples == Changelog == = 1.0.2 = - Added first‑run Setup Wizard (activation redirect, two‑step flow) - API key connectivity test with clear status; daily scan toggle - Admin notice until setup is completed - Fixed redirects by processing setup via admin‑post to avoid "headers already sent" - Minor UX copy and layout improvements = 1.0.1 = - Compliance and security improvements for Plugin Check - Replaced raw $_SERVER usage with safe `get_site_url_safe()` - Escaped flagged outputs (esc_html/esc_attr/esc_url/wp_kses_post) - Confirmed sanitization/validation of GET/POST data - Self‑healing scheduling for daily scans and last run tracking - rand() → wp_rand(); parse_url() → wp_parse_url(); date() → gmdate() - Always use $wpdb->prepare() with placeholders in Logs queries - i18n fixes (Text Domain breach-radar), updated POT/PO files - Removed chart embeds and unused assets = 1.0.0 = - İlk kararlı sürüm: risk özeti, öngörüler, günlük tarama, kayıt filtreleri, bildirimler, rozet sayfası == Upgrade Notice == = 1.0.2 = Setup Wizard, admin‑post redirect fix to avoid header warnings, and UX improvements. = 1.0.0 = Kararlı ilk sürüm.