# SecuSeek WordPress Plugin A WordPress plugin that integrates SecuSeek's external security scan services into your WordPress admin panel. ## Features - 🔍 **Security Scanning**: Automated security vulnerability scanning - 📊 **Findings Dashboard**: View and manage security findings with filtering - 🔐 **API Integration**: Secure API key management with encryption - 🎨 **Modern UI**: Alpine.js powered responsive interface - ⚡ **Real-time Updates**: Live scan progress monitoring ## Installation 1. Upload the plugin files to `/wp-content/plugins/secuseek/` 2. Activate the plugin through WordPress admin 3. Enter your SecuSeek API key in the plugin settings ## Development ### Prerequisites - WordPress 5.0+ - PHP 7.4+ - Modern web browser with JavaScript support ### File Structure ``` secuseek/ ├── assets/ │ ├── css/ # Stylesheets │ ├── js/ # JavaScript files │ └── img/ # Images and icons ├── includes/ # PHP classes and functions ├── templates/ # Template files ├── languages/ # Translation files ├── secuseek.php # Main plugin file ├── uninstall.php # Uninstall handler └── readme.txt # WordPress.org readme ``` ### Minified Files and Source Code This plugin includes the following minified files with their corresponding source code: **Alpine.js (alpinejs.min.js)** - Source: https://github.com/alpinejs/alpine - Version: 3.13.10 - License: MIT - The minified version is included for performance, but the full source code is available at the GitHub repository above. - Build process: The minified file is downloaded from the official Alpine.js CDN and included directly. **Font Awesome (fontawesome.min.css)** - Source: https://github.com/FortAwesome/Font-Awesome - Version: 6.5.0 - License: Font Awesome Free License - The minified version is included for performance, but the full source code is available at the GitHub repository above. - Build process: The minified file is downloaded from the official Font Awesome CDN and included directly. **Note:** All minified files are third-party libraries. The plugin's own JavaScript and CSS files are not minified and are included in their readable form in the assets directory. ### Source and Human-Readable Code This plugin ships with human-readable source code. All custom JavaScript and CSS are provided in unminified form under `assets/js/` and `assets/css/`. The plugin also bundles a small number of third-party, minified assets. Their human-readable sources are publicly available here: - `assets/js/alpinejs.min.js` — Source: `https://github.com/alpinejs/alpine` (Docs/Homepage: `https://alpinejs.dev`) - `assets/css/fontawesome.min.css` — Source: `https://github.com/FortAwesome/Font-Awesome` Build tools are not required to work on this plugin. If build tooling is added in the future, instructions will be documented here. ### Direct downloads (exact versions used) - Alpine.js 3.13.10 (minified): `https://cdn.jsdelivr.net/npm/alpinejs@3.13.10/dist/cdn.min.js` - Font Awesome Free 6.5.0 (fontawesome.min.css): `https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.5.0/css/fontawesome.min.css` ### Build Process The plugin uses standard WordPress enqueue methods. No build tools are required as all JavaScript and CSS files are included directly in their readable form. The minified files are third-party libraries included for performance optimization. ### Naming Convention This plugin follows WordPress.org naming guidelines to prevent conflicts with other plugins: - All functions, classes, and global variables use the `secuseek_` prefix - Class names are descriptive and unique (e.g., `Secuseek_Fetcher_Service`) - Global variables are namespaced (e.g., `$GLOBALS['secuseek_findings_data']`) - No generic names like `Fetcher`, `$findings`, or `$template` are used ### Security This plugin implements WordPress.org security best practices: - All PHP files include `ABSPATH` checks to prevent direct file access - Template files are protected from unauthorized execution - Includes proper nonce verification and capability checks - Sanitizes all user inputs and escapes all outputs - API keys are encrypted using AES-256-CBC encryption ### Used technologies - Alpine.js 3.13.10 — Docs: `https://alpinejs.dev` — Source: `https://github.com/alpinejs/alpine` — Minified CDN: `https://cdn.jsdelivr.net/npm/alpinejs@3.13.10/dist/cdn.min.js` - Font Awesome Free 6.5.0 — Site: `https://fontawesome.com` — Source: `https://github.com/FortAwesome/Font-Awesome` — CSS CDN: `https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.5.0/css/fontawesome.min.css` - WordPress HTTP API (remote requests) — Docs: `https://developer.wordpress.org/plugins/http-api/` - WordPress Cron API (scheduling) — Docs: `https://developer.wordpress.org/plugins/cron/` - WordPress AJAX (admin-ajax) — Docs: `https://developer.wordpress.org/plugins/javascript/ajax/` ### API Integration The plugin integrates with SecuSeek's external API: - **Base URL**: `https://api.secuseek.com` - **Authentication**: API key via `x-api-key` header - **Endpoints**: - `GET /api/v1/external/schedule-scan` - Validate API-Key - `POST /api/v1/external/schedule-scan` - Create scan - `GET /api/v1/external/schedule-scan/{id}` - Get scan status - `GET /api/v1/external/issues/{id}` - Get scan results - `DELETE /api/v1/external/schedule-scan/{id}` - Delete scan ### Frontend Architecture - **Alpine.js**: Reactive UI framework - **Vanilla JavaScript**: Custom functionality - **CSS3**: Modern styling with responsive design - **Font Awesome**: Icon library ### Contributing 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Test thoroughly 5. Submit a pull request ### License GPLv2 or later - https://www.gnu.org/licenses/gpl-2.0.html ## Changelog ### 1.0.3 - Minor layout adjustments. ### 1.0.2 - **UI Enhancement**: Improved signup link visibility in login form - **Styling**: Added subtle but prominent styling for "Sign In / Register at Secuseek" link - **UX**: Better visual hierarchy to encourage user registration ### 1.0.1 - Initial release - Core security scanning functionality - API key management - Findings dashboard with filtering - Alpine.js powered interface ### Support For support and questions, please contact the plugin author or visit the SecuSeek documentation.