=== Zenlabra Site Connector ===
Contributors: zenlabra
Tags: audit, security, maintenance, zenlabra, health check
Requires at least: 5.6
Tested up to: 6.7
Requires PHP: 7.4
Stable tag: 1.1.0
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connects your WordPress site to the free Zenlabra website health checker. Install, copy your token, run your audit, then delete.

== Description ==

This plugin is part of the free website health check at zenlabra.uk/free-site-audit. It generates a unique read-only token so Zenlabra can securely read your site's technical health data — no admin password required.

**What it checks:**
* WordPress core version vs latest release
* PHP version and end-of-life status
* All installed plugins — names, versions, active/inactive status, and any updates available
* Active theme and whether a child theme is in use
* Security settings: login URL, XML-RPC, file editing, debug mode, database prefix
* Whether backup, security, caching, and SEO plugins are active
* Whether user enumeration is open via the REST API

**What it does NOT do:**
* Does not modify, create, or delete any site data
* Does not store or transmit passwords or user data
* Does not run in the background — only responds when called with your token
* Does not send data anywhere unless you initiate an audit

**How to use:**
1. Install and activate this plugin
2. Go to Tools → Zenlabra Audit — your token is shown there
3. Copy the token and paste it at zenlabra.uk/free-site-audit
4. After your audit, deactivate and delete this plugin

== Installation ==

1. Upload the plugin zip via Plugins → Add New → Upload Plugin
2. Activate via the Plugins menu
3. Go to Tools → Zenlabra Audit
4. Copy your token and paste it into the analyser at zenlabra.uk/free-site-audit
5. After your audit is complete, deactivate and delete this plugin

== Frequently Asked Questions ==

= Is my data safe? =
Yes. The plugin only responds to requests that include your unique token. The token is stored only on your server and is deleted when you deactivate the plugin.

= Does it work with security plugins like Wordfence? =
Yes — unlike WordPress Application Passwords, this plugin works regardless of security plugin settings, SSL configuration, or hosting environment.

= Can I use it more than once? =
Yes. The token works for multiple requests until you deactivate the plugin. Use Regenerate Token if needed.

= What if I want to re-run the audit later? =
Simply re-install the plugin, generate a new token, and run the audit again.

== Changelog ==

= 1.1.0 =
* Updated Plugin URI to zenlabra.uk/free-site-audit
* Improved admin page with numbered step-by-step instructions and copy button
* Added cache and SEO plugin detection
* Added token usage timestamp
* Code improvements and tightened security checks

= 1.0.0 =
* Initial release
