Local firewall protection (pattern matching, brute-force detection, method filtering, User-Agent checks) now runs unconditionally without any account or API key required. Obsyde dashboard reporting remains an optional add-on service.
Inline <style> block on the 403 block page replaced with element-level style attributes (no <style> tag).
Settings-page <script> moved to a separate file at assets/js/settings.js and enqueued via wp_enqueue_script with wp_localize_script supplying the AJAX URL and nonce.
API key sanitization no longer uses sanitize_text_field() which could alter valid secrets — input is now trimmed and validated against the expected key format, with invalid submissions rejected via add_settings_error() without overwriting the stored key.
Documented the optional Obsyde external service in the readme (data flows, terms, privacy policy links).
1.0.0
Initial release
Real-time threat detection with 50+ attack patterns
Automated IP blocking with blocklist sync
WordPress-specific protections (brute force, xmlrpc, user enumeration)
