=== AdminLocks ===
Contributors: adminlocks
Tags: client management, admin restriction, white label, agency, security
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 8.0
Stable tag: 2.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Client-safe admin controls — policy engine, client portal, snapshots, rollback, and audit trail for agencies.

== Description ==

**AdminLocks** keeps client-managed WordPress sites safe by blocking access to plugins, themes, settings, and other risky admin areas — with real enforcement, not just menu hiding.

Perfect for freelancers and agencies who hand off WordPress admin access to clients but want to prevent accidental breakage.

= What Lite Includes =

* **Client Safe Mode** — One-click preset that blocks client access to Plugins, Themes, Settings, Tools, and Users with real route guarding (not just hidden menus)
* **Content Editor Mode** — Even stricter: clients can only access Posts, Pages, and Media
* **Client Dashboard** — A branded landing page for client users with quick links to allowed areas and a "Request a Change" email form
* **Activity Feed** — View the last 14 days of blocked actions so you know what clients tried to access
* **Basic White Label** — Add your agency brand name and logo to the client dashboard and blocked screens
* **Configurable Client Roles** — Choose which WordPress roles are treated as "client" users (default: Editor + Author)

= How It Works =

1. Install and activate the plugin
2. Go to AdminLocks > Settings
3. Enable Client Safe Mode and choose a preset
4. Select which roles should be treated as clients
5. Optionally add your brand name and logo

Client users will be redirected to a branded dashboard and blocked from risky areas with a friendly branded message.

= No External Account Required =

AdminLocks Lite works entirely within your WordPress installation. No SaaS account, no API keys, no external data transmission. Your data stays on your server.

== Frequently Asked Questions ==

= Does this actually block access or just hide menus? =

Both. AdminLocks Lite uses four layers of enforcement: menu removal, screen-level access gates, direct URL blocking, and WordPress capability filtering. Typing a blocked URL directly still results in a branded "Access Restricted" page.

= Which admin areas are blocked? =

**Client Safe preset** blocks: Plugins, Themes, Customizer, Site Editor, all Settings pages, Tools, Import/Export, Site Health, Updates, and User management.

**Content Editor preset** blocks everything above plus Comments and Links.

= Can clients still edit pages and posts? =

Yes. Both presets allow full access to Pages, Posts, Media Library, and user Profile.

= What happens if a client tries to access a blocked page? =

They see a branded "Access Restricted" page with your agency logo and a link back to the client dashboard. No errors, no broken pages.

= Does this work on WordPress multisite? =

AdminLocks Lite supports single-site WordPress installations only. On multisite, enforcement is disabled and an admin notice is shown. Upgrade to AdminLocks Pro for multisite support.

= Will this conflict with my page builder? =

No. AdminLocks Lite blocks admin-level pages (plugins.php, themes.php, etc.) but does not interfere with frontend page builders like Elementor, Divi, or Beaver Builder.

= What does the "Request a Change" form do? =

It sends a simple email to your site's admin email address with the client's request details and reply-to header. No external services needed — uses WordPress's built-in wp_mail().

== Screenshots ==

1. Settings page with Client Safe Mode toggle
2. Client Dashboard with branded header and quick links
3. Activity Feed showing blocked actions
4. Branded "Access Restricted" screen

== Upgrade to Pro ==

Need more control? **AdminLocks Pro** adds:

* **Policy Engine** — 6 policy templates + fully custom screen/route/capability rules with history tracking
* **Safety Net** — Automatic snapshots, one-click rollback, and environment health checks (PHP version, SSL, WP_DEBUG, file permissions)
* **Temporary Elevation** — Grant clients temporary access with auto-expiry timers
* **Approval Workflows** — Approval gates and a built-in ticket system for change requests
* **White Label** — Complete admin reskin (colors, sidebar, login page, custom footer)
* **Declutter Controls** — Hide admin notices, WP logo, help tabs, screen options, and update nags from clients
* **Maintenance Reports** — Branded PDF reports generated and delivered via SaaS
* **Client Portal** — Frontend portal with post editor, media uploads, and ticket management
* **Cloud Connector** — Hourly heartbeat, audit event sync, and cloud-initiated commands for portfolio management
* **Team Roles** — Owner / Manager / Viewer with SSO (OAuth/SAML) and IP restrictions
* **Compliance** — Audit chain, retention policies, and GDPR data export/erasure
* **Incident Detection** — Automatic detection and notification of risky client actions
* **WP-CLI Commands** — Full CLI access for automation and recovery
* **Multi-site Support** — Agency-grade multi-site management
* **Activity Log** — Full audit trail with CSV/PDF export and configurable retention
* **Break-glass Recovery** — Emergency recovery URL that bypasses all restrictions

[View Pro plans at adminlocks.com](https://adminlocks.com/#pricing)

== Privacy ==

**AdminLocks Lite does not transmit any data externally.** All settings, logs, and enforcement run entirely within your WordPress installation. No analytics, no tracking, no external API calls.

AdminLocks Pro (sold separately) optionally connects to the AdminLocks Cloud for branded maintenance report generation, portfolio heartbeat, and audit event sync. These features are off by default and require explicit configuration via an API key.

== Changelog ==

= 2.0.0 =
* Unified codebase from AgencyGuard + AdminLocks into a single plugin identity
* All existing data preserved with backward-compatible internal identifiers
* New: Cloud Connector module (heartbeat, audit sync, webhook commands)
* New: Declutter UI controls (hide notices, WP logo, help tabs, screen options, update nags)
* New: Environment health checks (PHP version, SSL, WP_DEBUG, file permissions)
* New: REST API available under both adminlocks/v1 and legacy agencyguard/v1 namespaces
* Updated plugin URI and author information

= 0.2.0 =
* Initial Lite release for WordPress.org
* Client Safe Mode with real 4-layer enforcement
* Content Editor preset
* Client Dashboard with quick links and change request form
* Activity Feed (14 days, blocked actions)
* Basic white label (brand name + logo)
* Multisite detection with graceful disable
* Upgrade page with Pro feature comparison

= 0.1.0 =
* Internal development release (Pro only)

== Upgrade Notice ==

= 2.0.0 =
Rebranded to AdminLocks. All settings and data are preserved automatically.
