=== Mimic Guard ===
Contributors: aoto0328
Tags: spam, honeypot, security, contact-form, comments
Requires at least: 5.8
Tested up to: 6.9
Stable tag: 1.3.3
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Block spam submissions with honeypot fields and submission timing checks.

== Description ==

Mimic Guard is an anti-spam plugin for WordPress mail and contact forms. It uses dynamic honeypots, submission time monitoring, and integration with major form plugins to reduce automated bot submissions.

* **Honeypot** — Detects bots that fill hidden form fields
* **Time check** — Flags submissions that are unrealistically fast after the form is shown
* **Form integration** — Works with WPForms, Contact Form 7, comments, and more
* **Page caching** — Optional AJAX honeypot injection when HTML is cached
* **Privacy** — Optional IP anonymization when logging events

Configure minimum submission time, token lifetime, log list size, and more from the admin screens.

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/mimicguard/` or install from the ZIP file.
2. Activate Mimic Guard on the Plugins screen in WordPress.
3. Open the Mimic Guard menu to review settings and logs.

== Frequently Asked Questions ==

= I use a full-page caching plugin =

Enable “Insert honeypot via AJAX (cache-friendly)” so honeypots can still be loaded even when HTML is cached.

= Legitimate submissions are being blocked =

Try increasing the minimum submission time slightly, or disable “Require time-check token” if you do not need it.

= Where are logs stored? =

In a dedicated database table. You can run cleanup from the admin area based on retention settings.

== Screenshots ==

1. Dashboard (statistics and log list)
2. Settings screen

== Changelog ==

= 1.3.3 =
Reduced honeypot false positives from browser/password manager autofill by hardening honeypot field attributes and narrowing dynamic prefix checks; also improved detailed block reason logging and frontend guard checks.

= 1.3.2 =
Further hardening for WordPress.org review: sanitize request data used for spam checks, escape admin template output, sanitize server variables for IP logging, Prime Form AJAX callback naming, remove bundled PHPUnit bootstrap from the distribution package.

= 1.3.1 =
WordPress.org review: enqueue scripts, sanitization/escaping, readme contributor, translations loading.

= 1.3.0 =
Internal improvements, security, and code quality updates.