=== Badger ===

Contributors: badgerwp
Tags: security, ai, bots, crawler, honeypot, gptbot, claudebot, wordpress security
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.0
Stable tag: 0.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Don't just block AI bots. Trap them.

== Description ==

Badger is the first WordPress plugin with AI honeypot technology. It detects, traps, and identifies the AI agents crawling your site — so you know exactly who's taking your content.

**Features:**

* **AI Agent Detection** — Identifies GPTBot, ClaudeBot, Bytespider, PerplexityBot, and more
* **Honeypot Trap Pages** — Invisible links that AI agents follow; when they do, we log them
* **Real-time Dashboard** — See which agents visited, when, and how often
* **One-click Blocking** — Block specific AI crawlers with 403 Forbidden
* **robots.txt Management** — Auto-add Disallow rules for AI crawlers
* **Security Hardening** — Login protection (limit attempts, lockout), security headers, XML-RPC disable, file editor disable, user enumeration protection
* **Rate Limiting** — Optional per-IP request throttling to limit brute force and DoS

Every other plugin blocks bots with a blocklist. Badger deploys intelligent traps that AI agents can't resist — then shows you exactly which ones fell in.

== Installation ==

1. Upload the plugin files to `/wp-content/plugins/badger`
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to Badger in the admin menu to view the dashboard
4. Configure blocking and honeypot settings under Badger → Settings

== Frequently Asked Questions ==

= Does this work with Cloudflare? =

Yes. Badger runs at the WordPress layer and complements CDN-level protection.

= Will it slow down my site? =

No. Detection runs locally with minimal overhead.

= What about legitimate bots like Googlebot? =

Whitelisted by default. You only block the AI crawlers you choose.

== Changelog ==

= 0.1.0 =
* Initial release
* AI agent detection
* Honeypot trap system
* Dashboard and blocking
* Security hardening (login protection, headers, XML-RPC, file editor, enumeration)
* Rate limiting
* Security status in dashboard
