A WordPress security plugin that locks down installations by preventing unauthorized changes, while allowing legitimate updates and admin overrides.

== Description ==

Ron Secure Lockdown is designed to harden your WordPress installation against unauthorized modifications and malicious activity. By activating this plugin, you can significantly reduce the attack surface and protect critical files and user data.

Key features include:

Global Lockdown: A single switch to enable or disable all lockdown features.

User Management Control: Prevents the creation of new users and restricts password changes on the backend.

File and Folder Protection: Prevents unauthorized plugin and theme installations and disables file editing from the WordPress dashboard.

Strict Folder Control: An optional but powerful setting that sets key directories and files (including .htaccess and index.php) to read-only permissions (555 for directories, 444 for files), preventing the addition or modification of files by outside processes.

Secure Bypass System: Allows administrators to temporarily disable all restrictions for a set time (e.g., 1 hour) using a unique password, making it easy to perform legitimate updates or maintenance without compromising security.

This plugin provides a robust layer of defense by focusing on the most common vectors for unauthorized access and modification.

== Installation ==

Upload the ron-secure-lockdown folder to the /wp-content/plugins/ directory.

Activate the plugin through the ‘Plugins’ menu in WordPress.

Go to ‘Settings’ > ‘Secure Lockdown’ to configure your options and set a bypass password.

== Frequently Asked Questions ==

= What does “Strict Folder Control” do? =

When enabled, this feature changes the file permissions of key WordPress directories and files to make them non-writable. This prevents a wide range of attacks, as it blocks malicious scripts from injecting code or adding new files to your site. This is a powerful feature, but remember to use the bypass password to make files writable again for updates.

= How do I use the bypass password? =

After activating the plugin, you can set a bypass password on the settings page. When you need to perform an update or make a change that the plugin is blocking, simply enter this password on the settings page. The restrictions will be temporarily lifted for 1 hour.