=== BoonRisk – Site Security Check & Report ===
Contributors: boonband
Tags: security, security check, security audit, security report, risk assessment
Requires at least: 5.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Get a clear security report for your WordPress site in minutes. Safe, read-only check with no scanning or changes to your site.

== Description ==

BoonRisk gives you a **clear security and readiness report** for your WordPress site. See exactly what security risks exist, why they matter, and what to do about them – all explained in plain language.

**Safe & Read-Only:** This plugin only reads your site configuration. It does not scan files, block traffic, or make any changes to your WordPress installation.

= What You Get =

* **Security Check Report** — See your site's security status: PHP version, WordPress updates, user settings, HTTPS, and 25+ more checks
* **Clear Explanations** — Every finding explains "why this matters" and "what to do about it" in plain language
* **Prioritized Risks** — Top risks ranked by impact so you know what to fix first
* **Printable Report** — Professional HTML report you can view, print, or share directly from WordPress admin

= What This Plugin Does NOT Do (100% Safe) =

* **No file scanning** — Does not scan your files or look for malware
* **No traffic blocking** — Does not act as a firewall or block visitors
* **No site changes** — Does not modify settings, files, or database
* **No active testing** — Does not simulate attacks or run security scans
* **Read-only analysis** — Only reads your configuration, never writes or changes anything

= Free Security Check (No Account Required) =

Run a complete security and readiness check instantly – 100% local, no data sent anywhere:

* **Overall Risk Level** — Clear Low/Medium/High rating with explanation of what it means
* **Top Risks First** — See your biggest security issues ranked by impact
* **30+ Configuration Checks** — WordPress updates, PHP version, HTTPS, user permissions, backups, 2FA, debug mode, and more
* **Action Plan** — Every issue includes "why it matters" and "how to fix it"
* **Professional Report** — Printable HTML report you can view in WordPress admin or share with your team

**What you'll learn:** "Is my site at risk?" and "What should I fix first?"

**100% Private:** All checks run on your server. Nothing is sent externally. No account or email required.

= Optional: Enhanced Reports (Web Dashboard) =

Connect to the BoonRisk web dashboard for additional features (optional, requires free account):

* **Vulnerability Details** — See known security issues for your installed plugins and themes
* **Severity Ratings** — Understand how serious each risk is based on public security databases  
* **Track Over Time** — See how your site security improves (or changes) month over month
* **PDF Reports** — Download professional reports to share with clients or management

**Enhanced analysis answers:** "Why is this a risk?" and "How serious is it based on known vulnerabilities?"

**Note:** The local security check is fully functional on its own. The web dashboard is completely optional.

== Installation ==

1. Upload the plugin to `/wp-content/plugins/boonrisk/` or install through WordPress plugins
2. Activate through the 'Plugins' screen
3. Navigate to **BoonRisk** → **Local Assessment**
4. Click **Run Assessment Now** — no setup required

== How It Works ==

= Local Mode (Default) =

1. Install and activate the plugin
2. Go to **BoonRisk** → **Local Assessment**
3. Click **Run Assessment Now**
4. View your Security Posture Summary and Top Risks
5. Click **View Full Report** for a printable HTML report

All analysis happens on your server. Nothing is sent externally.

= Cloud Mode (Optional) =

1. Go to **BoonRisk** → **Connect (Optional)**
2. Enter your API key
3. Enable Cloud Analysis and PDF Reports

External API calls only happen when you explicitly request them.

== Data Usage ==

= Local Mode =

In local mode, **no data is sent externally**. All checks run inside WordPress.

= Cloud Mode (Optional) =

When you run Cloud Analysis, the following is sent:

* PHP and WordPress versions
* Active plugin and theme names/versions
* Configuration flags (debug mode, file editor status, etc.)

What you get in return:

* Vulnerability intelligence from external sources
* Severity context for identified risks
* Historical trend data

**What is never collected:**

* User data or personal information
* Passwords or credentials
* Post/page content
* Database contents
* File contents

Data is sent **only when you click** Run Cloud Analysis or Generate Report. No background transmission. No personal data is collected.

== Privacy Policy ==

Read our full privacy policy at https://boonrisk.com/privacy

== Frequently Asked Questions ==

= Do I need to register to use this plugin? =

No. Local assessment works immediately without any registration or API key.

= What's the difference between local and cloud analysis? =

Local analysis runs entirely on your server and provides a complete security posture assessment. Cloud analysis (optional) adds vulnerability database cross-referencing and trend tracking.

= Does this plugin slow down my site? =

No. The plugin is read-only and only runs when you trigger an assessment from the admin panel. It has no impact on frontend performance.

= Is this a security plugin like Wordfence? =

No. BoonRisk is a security posture assessment tool, not a protection tool. It explains your configuration and risks but does not block traffic, scan for malware, or auto-fix issues.

= Does this plugin make external connections? =

Only when you explicitly click a button in Cloud Analysis (optional). Local assessment makes no external connections.

== Screenshots ==

1. Security Posture Summary with risk level explanation
2. Top Risks prioritized by impact
3. All Findings with explainability
4. Printable Local Report

== Changelog ==

= 1.0.0 =
* Initial public release
* Local assessment mode (no registration required)
* Security Posture Summary with human-readable risk level
* Top Risks section prioritized by impact
* 30 configuration checks across Security, Trust & Readiness
* Printable HTML reports
* Optional cloud integration for vulnerability intelligence
* Read-only assessment with clear "what to do" guidance

== Upgrade Notice ==

= 1.0.0 =
Initial public release. Security posture assessment with 30 checks, prioritized findings, and printable reports.