=== WebKernelAI Security === Contributors: aamirsahil Tags: security, file-integrity, seo, headers, csp Requires at least: 6.2 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 1.0.1 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Connects your WordPress site to WebKernelAI as a secure data collector and policy executor. == Description == WebKernelAI Security connects your WordPress site to the WebKernelAI platform. The plugin can: * expose secure token-authenticated REST endpoints for WebKernelAI dashboard actions * enforce signed requests with HMAC + timestamp + nonce replay protection * restrict API access to trusted WebKernelAI hosts * apply rate limiting for authentication attempts and security reporting endpoints * provide file hash inventory for integrity checks (hashes only, no file contents) * sync SEO metadata (title, description, canonical, OG fields) * apply security header and CSP configuration * support advanced CSP controls including manual policy editing for advanced users * apply robots.txt and llms.txt controls * apply random-page and taxonomy archive controls * enable granular per-endpoint feature controls for safer operations * support production lock profile and advanced security policy rollback history All analysis and recommendations run in WebKernelAI cloud. == Installation == 1. Upload the plugin folder to `/wp-content/plugins/` or install via the WordPress plugin screen. 2. Activate the plugin. 3. Go to **Settings -> WebKernelAI Security**. 4. Generate a site token and copy Site URL, API endpoint, and token into your WebKernelAI dashboard. == Frequently Asked Questions == = Does this plugin send file contents to WebKernelAI? = No. The plugin sends file metadata and hashes (for supported scan modes), not raw file contents. = Can I disable headers or CSP? = Yes. Header and CSP controls are configured from the WebKernelAI dashboard. = Can I customize CSP manually? = Yes. Advanced users can manually edit CSP policy directives from the dashboard integration and choose enforcement mode. = Does the plugin protect against replayed API requests? = Yes. Signed requests include freshness validation and nonce replay defense when advanced security mode is enabled. = Can I roll back security policy changes? = Yes. Advanced security policy versioning keeps history and supports rollback to a previous known-good configuration. == External services == This plugin connects to WebKernelAI cloud services. It sends data to: * `https://webkernelai.com` * your configured WebKernelAI dashboard/backend endpoint What data is sent: * site connection data (site URL, API endpoint, token-authenticated requests) * file integrity data (path, SHA-256 hash, file size, modification time) * SEO sync payloads (IDs and configured metadata fields) * security/text control payloads (selected options and policy text) When data is sent: * when an administrator connects the site from WebKernelAI dashboard * when dashboard actions request scans, sync, or configuration apply operations Service links: * Terms of Service: https://webkernelai.com/terms * Privacy Policy: https://webkernelai.com/privacy == Changelog == = 1.0.2 = * Added advanced security mode with signed request validation (HMAC, nonce replay protection, and timestamp freshness checks). * Added trusted-origin host validation for plugin API access. * Added rate limiting controls for authentication and selected security endpoints. * Added production lock profile support and advanced security policy versioning with rollback history. * Added advanced CSP management support including optional manual policy editing. * Improved dashboard-facing error messaging and security configuration controls. = 1.0.1 = * WordPress.org compliance: unique `webkernelai_security_*` option keys, `WebKernelAI_Security_*` class names, `X-WebKernelAI-Security-Token` auth header, automated migration from legacy option names. = 1.0.0 = * Initial release.