WebDecoy
diff --git a/‎.gitattributes‎
Lines changed: 14 additions & 0 deletions b/‎.gitattributes‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 62 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 31 additions & 0 deletions b/‎.gitignore‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 73 additions & 0 deletions b/‎CONTRIBUTING.md‎
Lines changed: 73 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 66 additions & 0 deletions b/‎README.md‎
Lines changed: 66 additions & 0 deletions
@@ -0,0 +1,14 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Exclude from release archives (git archive / GitHub ZIP downloads)
+/.github            export-ignore
+/assets             export-ignore
+/.gitattributes     export-ignore
+/.gitignore         export-ignore
+/phpcs.xml.dist     export-ignore
+/phpstan.neon       export-ignore
+/composer.json      export-ignore
+/composer.lock      export-ignore
+/CONTRIBUTING.md    export-ignore
+/README.md          export-ignore
@@ -0,0 +1,62 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  phpcs:
+    name: PHP Coding Standards
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.1'
+          tools: composer, cs2pr
+
+      - name: Install dependencies
+        run: composer install --no-progress --prefer-dist
+
+      - name: Run PHPCS
+        run: vendor/bin/phpcs
+
+  phpstan:
+    name: Static Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.1'
+          tools: composer
+
+      - name: Install dependencies
+        run: composer install --no-progress --prefer-dist
+
+      - name: Run PHPStan
+        run: vendor/bin/phpstan analyse
+
+  php-compat:
+    name: PHP 7.4 Compatibility
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.1'
+          tools: composer
+
+      - name: Install dependencies
+        run: composer install --no-progress --prefer-dist
+
+      - name: Check PHP 7.4 compatibility
+        run: vendor/bin/phpcs --standard=PHPCompatibilityWP --runtime-set testVersion 7.4- .
@@ -0,0 +1,31 @@
+# Dependencies
+/vendor/
+/sdk/vendor/
+/node_modules/
+
+# Build artifacts
+/build/
+/dist/
+
+# IDE
+.idea/
+.vscode/
+*.code-workspace
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Composer
+composer.lock
+
+# PHP tools cache
+.phpcs-cache
+.phpunit.result.cache
+
+# Environment
+.env
+.env.*
+
+# Logs
+*.log
@@ -0,0 +1,73 @@
+# Contributing to WebDecoy
+
+Thank you for your interest in contributing to WebDecoy! This guide covers setup, coding standards, and the pull request process.
+
+## Development Environment
+
+1. A local WordPress installation (5.6+) with PHP 7.4 or higher.
+2. [WooCommerce](https://woocommerce.com/) installed if working on payment protection features.
+3. Clone or symlink this plugin into `wp-content/plugins/webdecoy/`.
+4. Install dev dependencies:
+
+```bash
+composer install
+```
+
+## Code Style
+
+This project follows the [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/). All PHP files are checked automatically by PHPCS.
+
+Run the linter:
+
+```bash
+vendor/bin/phpcs
+```
+
+Auto-fix what can be fixed:
+
+```bash
+vendor/bin/phpcbf
+```
+
+## Static Analysis
+
+PHPStan is configured at level 5. Run it with:
+
+```bash
+vendor/bin/phpstan analyse
+```
+
+## PHP Compatibility
+
+The plugin supports PHP 7.4 and above. Check compatibility with:
+
+```bash
+vendor/bin/phpcs --standard=PHPCompatibilityWP --runtime-set testVersion 7.4- .
+```
+
+## Submitting a Pull Request
+
+1. Fork the repository and create a feature branch from `main`.
+2. Make your changes, keeping commits focused and well-described.
+3. Ensure all checks pass: PHPCS, PHPStan, and PHP compatibility.
+4. Open a pull request against `main` with a clear description of the change.
+
+## Testing Checklist
+
+Before submitting, manually verify:
+
+- [ ] Plugin activates and deactivates without errors.
+- [ ] Settings page loads and saves correctly.
+- [ ] Detections page displays data properly.
+- [ ] Dashboard widget renders without errors.
+- [ ] No PHP notices, warnings, or errors in the debug log.
+- [ ] If WooCommerce-related: checkout and order flow work normally.
+
+## Reporting Issues
+
+Open an issue with:
+
+- WordPress and PHP versions.
+- Steps to reproduce.
+- Expected vs. actual behavior.
+- Any relevant error log output.
@@ -0,0 +1,66 @@
+# WebDecoy Bot Detection
+
+[![WordPress Version](https://img.shields.io/badge/WordPress-5.6%2B-blue.svg)](https://wordpress.org/)
+[![PHP Version](https://img.shields.io/badge/PHP-7.4%2B-8892BF.svg)](https://php.net/)
+[![License](https://img.shields.io/badge/License-GPLv2%2B-green.svg)](https://www.gnu.org/licenses/gpl-2.0.html)
+[![CI](https://github.com/user/webdecoy-wordpress/actions/workflows/ci.yml/badge.svg)](https://github.com/user/webdecoy-wordpress/actions)
+
+Zero-configuration bot protection for WordPress. Works immediately on activation with no account, no API key, and no external dependencies. Multi-layer detection uses invisible proof-of-work challenges so legitimate visitors are never interrupted.
+
+## Features
+
+- **Zero friction** -- Humans never see CAPTCHAs or challenges
+- **Zero configuration** -- Install, activate, done
+- **Multi-layer detection** -- Server-side analysis, client-side fingerprinting, and proof-of-work challenges
+- **Good bot verification** -- Reverse DNS verification for Googlebot, Bingbot, and other legitimate crawlers
+- **MITRE ATT&CK path analysis** -- Detects admin probing and config file access attempts
+- **Rate limiting** -- Automatic blocking with configurable thresholds
+- **IP blocking** -- Individual and CIDR ranges, IPv4/IPv6, with optional expiration
+- **WooCommerce integration** -- Checkout protection against carding attacks
+- **Dashboard & statistics** -- Detection trends, threat breakdown, and recent activity
+
+## Installation
+
+### From WordPress.org
+
+1. Go to **Plugins > Add New** in your WordPress admin
+2. Search for "WebDecoy Bot Detection"
+3. Click **Install Now**, then **Activate**
+
+### Manual Installation
+
+1. Download the latest release ZIP from the [Releases](https://github.com/user/webdecoy-wordpress/releases) page
+2. Go to **Plugins > Add New > Upload Plugin**
+3. Upload the ZIP file and click **Install Now**
+4. Activate the plugin
+
+## Development
+
+### Prerequisites
+
+- PHP 7.4+
+- [Composer](https://getcomposer.org/)
+
+### Setup
+
+```bash
+composer install
+```
+
+### Coding Standards
+
+```bash
+composer run phpcs
+```
+
+### Static Analysis
+
+```bash
+composer run phpstan
+```
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for detailed contribution guidelines.
+
+## License
+
+This project is licensed under the GPL v2 or later. See [license.txt](license.txt) for details.