=== WPMC Plugin Seatbelt ===
Contributors: wpmissioncontrol
Tags: plugins, security, updates, monitoring, admin
Requires at least: 6.0
Tested up to: 6.6
Requires PHP: 7.4
Stable tag: 1.1.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

WPMC Plugin Seatbelt monitors trust signals for installed WordPress plugins and warns administrators when a plugin changes in a way that may deserve review before updating.

== Description ==

WPMC Plugin Seatbelt is a lightweight trust change monitor for installed WordPress plugins. It is not a malware scanner and does not claim that a plugin is safe or unsafe.

Created by WPMissionControl: https://wpmissioncontrol.com/

The plugin records a baseline for installed plugins, checks public WordPress.org metadata where available, and highlights changes that may deserve an administrator's attention.

WPMC private repository plugins distributed from WPMissionControl infrastructure are recognized as a known plugin source when their update metadata points to the WPMC repository.

For verified WPMC repository status, configure signed release metadata in the repository server and define the matching public key for Seatbelt with `WPMC_PLUGIN_SEATBELT_WPMC_REPO_PUBLIC_KEY`.

It can detect signals such as:

* New baseline needed
* Unknown source
* Previously found WordPress.org plugin no longer found
* Author changes
* Contributor changes
* Plugins that appear abandoned based on last updated date
* Plugins with available updates and existing trust warnings

Before plugin updates, WPMC Plugin Seatbelt can show an admin notice when plugins waiting for update have warning or critical trust signals.

== Installation ==

1. Upload the `wpmc-plugin-seatbelt` folder to `/wp-content/plugins/`.
2. Activate WPMC Plugin Seatbelt from the Plugins screen.
3. Go to WPMC Seatbelt in the WordPress admin menu.
4. Review the first baseline scan or run a manual scan.

== Frequently Asked Questions ==

= Is this a malware scanner? =

No. WPMC Plugin Seatbelt monitors trust signals and metadata changes. It does not scan code for malware.

= Are premium or custom plugins marked as dangerous? =

No. Plugins that are not clearly hosted on WordPress.org are shown as unknown source. That means they should be reviewed in context, not that they are dangerous.

= Why does the plugin contact WordPress.org? =

It retrieves public plugin metadata such as version, author, contributors, and last updated date.

= How often does it scan? =

The plugin schedules a daily WP-Cron scan. Administrators can also run a manual scan from WPMC Seatbelt in the WordPress admin menu.

= Can I disable email alerts? =

Yes. Email alerts can be enabled or disabled on the WPMC Seatbelt Settings screen.

== Screenshots ==

1. WPMC Plugin Seatbelt admin page with plugin trust status summary.
2. Plugin table showing status, severity, source, update state, and details.
3. Settings screen for scan thresholds, alerts, footprint review, and activation receipt retention.
4. Update warning notice before plugin updates.

== Privacy ==

WPMC Plugin Seatbelt contacts WordPress.org to retrieve public plugin metadata. It does not send personal data to third-party services.

The plugin stores scan snapshots, settings, scan events, and notification hashes in WordPress options on the local site.

== Changelog ==

= 1.1.4 =

* Align table header tooltips and show a distinct Update needed severity label when a plugin has an available update without warning or critical trust risk.

= 1.1.3 =

* Add consistent logo headers to the Plugin Footprint and Activation Receipts admin screens.

= 1.1.2 =

* Add a dedicated Settings screen and scoped admin styling for Seatbelt pages, buttons, tables, cards, and settings controls.

= 1.1.1 =

* Fix WP Admin Menu Organizer Dev group placement when a saved menu profile already marked Seatbelt as ungrouped.

= 1.1.0 =

* Add top-level admin navigation, plugin footprint review, activation receipts, and admin UI tooltips.
* Improve footprint ownership matching for plugin-specific database tables and options.
* Add automatic Dev group placement for WP Admin Menu Organizer when available.

= 1.0.4 =

* Improve WPMC repository manifest diagnostics.

= 1.0.0 =

* Initial release.
