=== WPMC Plugin Seatbelt ===
Contributors: wpmissioncontrol
Tags: plugins, security, updates, monitoring, admin
Requires at least: 6.0
Tested up to: 6.6
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

WPMC Plugin Seatbelt monitors trust signals for installed WordPress plugins and warns administrators when a plugin changes in a way that may deserve review before updating.

== Description ==

WPMC Plugin Seatbelt is a lightweight trust change monitor for installed WordPress plugins. It is not a malware scanner and does not claim that a plugin is safe or unsafe.

Created by WPMissionControl: https://wpmissioncontrol.com/

The plugin records a baseline for installed plugins, checks public WordPress.org metadata where available, and highlights changes that may deserve an administrator's attention.

WPMC private repository plugins distributed from WPMissionControl infrastructure are recognized as a known plugin source when their update metadata points to the WPMC repository.

It can detect signals such as:

* New baseline needed
* Unknown source
* Previously found WordPress.org plugin no longer found
* Author changes
* Contributor changes
* Plugins that appear abandoned based on last updated date
* Plugins with available updates and existing trust warnings

Before plugin updates, WPMC Plugin Seatbelt can show an admin notice when plugins waiting for update have warning or critical trust signals.

== Installation ==

1. Upload the `wpmc-plugin-seatbelt` folder to `/wp-content/plugins/`.
2. Activate WPMC Plugin Seatbelt from the Plugins screen.
3. Go to Tools > WPMC Plugin Seatbelt.
4. Review the first baseline scan or run a manual scan.

== Frequently Asked Questions ==

= Is this a malware scanner? =

No. WPMC Plugin Seatbelt monitors trust signals and metadata changes. It does not scan code for malware.

= Are premium or custom plugins marked as dangerous? =

No. Plugins that are not clearly hosted on WordPress.org are shown as unknown source. That means they should be reviewed in context, not that they are dangerous.

= Why does the plugin contact WordPress.org? =

It retrieves public plugin metadata such as version, author, contributors, and last updated date.

= How often does it scan? =

The plugin schedules a daily WP-Cron scan. Administrators can also run a manual scan from Tools > WPMC Plugin Seatbelt.

= Can I disable email alerts? =

Yes. Email alerts can be enabled or disabled on the WPMC Plugin Seatbelt admin page.

== Screenshots ==

1. WPMC Plugin Seatbelt admin page with plugin trust status summary.
2. Plugin table showing status, severity, source, update state, and details.
3. Update warning notice before plugin updates.

== Privacy ==

WPMC Plugin Seatbelt contacts WordPress.org to retrieve public plugin metadata. It does not send personal data to third-party services.

The plugin stores scan snapshots, settings, scan events, and notification hashes in WordPress options on the local site.

== Changelog ==

= 1.0.0 =

* Initial release.
