=== Exploitify WordPress Security ===
Contributors: icryptic, billgelwick
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2ASL2YTVPVK6W
Requires at least: 3.6
Tested up to: 4.3
Stable tag: 2.4
License: GNU General Public License v2.0
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Tags: security,ddos,spam,bot,botnet,spammers,spam mail,protection,hide login errors,firewall,ip filter,proxy,login notification,remove author url,logout,session,comment links

Stop annoying botnets and spammers from exploiting your website with Exploitify.

== Description ==
**The fastest way to stop botnets and spammers from attacking your WordPress website.**

Block IP addresses of known botnets from accessing your site. Stop requests with no UserAgent, and mitigate spam comments and registration. As of July 2015, database consists of over 1.1M IP and 2.4M email addresses. 

Furthermore, you can also disable XMLRPC, receive email login notification, and hide login error messages.

If you'd like to contribute to this plugin, please take a look at our [Github repo](https://github.com/belkincapital/exploitify/).

Developed by: Jason Jersey - Artwork by: Bill Gelwick

== Installation ==
1. Download and unzip the plugin into your WordPress plugins directory (usually /wp-content/plugins/).
2. Activate the plugin through the 'Plugins' menu in your WordPress Admin.
3. Change the settings via the Exploitify admin menu.

== Frequently Asked Questions ==
1. **Is this plugin completely free?**
Yes, Exploitify is a free open-source WordPress plugin and doesn't have any extra premium features.

2. **How many IP address are in the database?**
The database consists of over 1.1 million IP addresses.

3. **How many email address are in the database?**
The database consists of over 2.4 million email addresses.

4. **What are the dependencies of this plugin?**
allow_url_fopen needs to be enabled since we use fopen() within the plugin.

5. **Does this IP Filtering and Backend Filtering work with Cloudflare or reverse proxies?**
At this time, we do not support Cloudflare or reverse proxies for any IP filtering features. It is strongly recommended that you do-not use IP Filtering with a reverse proxy or Cloudflare.

6. **Does this plugin make any callbacks to a remote database?**
Yes, we make two callbacks (not at the same time). The first is cleantalk.org where we are currently using their blacklist database to check email addresses submited to your site and IP addresses for filtering. We do also report email/IPs and log how many times the offender(s) have been marked as spam or engaged in such type activity globally to exploitify.com. Such callbacks are strictly used for reporting and helping you mitigate your site from spammers and botnets. We do not track any of your personal information and never pass any data as to personally identify your website what-so-ever. Your confidentiality is very important to us because we know how important it is to you.

7. **Does this plugin work for WordPress multisite?**
Yes, Exploitify is for standard as well as multisite WordPress websites. Multisite is the exact reason we originally created this plugin. We maintain a network of over 1,000 websites and Akismet wasn't an option since all of the sites use Domain Mapping and Akismet is one API key per domain and we couldn't depend on our users to subscribe to Akismet. This plugin follows the WordPress best practices for network activating a plugin on Multisite as well as upon deactivation we delete any options that are saved into your database. This way in case you decide later to not use Exploitify, you can deactivate and remove the plugin without leaving your database a bloody mess.

== Screenshots ==
1. Settings 1
2. Settings 2
3. Blocked message

== Changelog ==
= 2.4 =
* Sanitized email input and $_POST data.

= 2.3 =
* Added options: Remove the authors URL from comments, and Destroy Session on User Logout.

= 2.2 =
* Initial public release

== Upgrade Notice ==
= 2.4 =
Upgrade to fix bug in sanitized email input and post data.

= 2.3 =
Upgrade to add new options: Remove the authors URL from comments, and Destroy Session on User Logout.

= 2.2 =
This is the official first public release of this plugin. If you managed to get a copy before it went public, now is your chance to update to the latest stable version.