=== ALTCHA: Spam Protection ===
Tags: altcha, captcha, recaptcha, hcaptcha, spam, anti-spam, anti-bot
Author: Altcha.org
Author URI: https://altcha.org
Version: 3.0.1
Stable tag: 3.0.1
Requires at least: 5.0
Requires PHP: 8.1
Tested up to: 6.9
License: END-USER LICENSE AGREEMENT (EULA)
License URI: https://altcha.org/docs/v2/wordpress/eula

ALTCHA for WordPress delivers professional, invisible spam protection that works with any form plugin, handles heavy traffic, and keeps your site safe without annoying visitors. With built-in firewall, rate limiting, and GDPR-compliant security, it’s the all-in-one solution for fast, reliable, and privacy-first WordPress protection.

== Description ==

**ALTCHA for WordPress** is the professional solution for keeping your website safe from spam, bots, and abuse — without frustrating your visitors. Unlike traditional CAPTCHAs that interrupt the user experience, ALTCHA runs silently in the background, delivering **invisible, privacy-first protection** for all your forms.

Whether you’re running a blog, an online store, or a high-traffic business site, ALTCHA makes sure your site stays fast, secure, and compliant.

## Why ALTCHA?

* **Unlimited**: no third-party dependencies, unlimited verifications
* **Privacy-first**: fully GDPR-compliant and accessible by design
* **Invisible Protection**: seamless security with no puzzles or CAPTCHAs
* **Analytics**: detailed dashboard and activity logs
* **Advanced Firewall**: block malicious traffic by country, IP, or user agent
* **Under Attack Mode**: keep your site online during active threats with under attack mode

[Learn more](https://altcha.org/docs/v2/wordpress).

## Perfect for Professionals

ALTCHA is designed for serious WordPress site owners who need **reliable, production-grade security**. It’s a complete protection layer that scales with your website, backed by professional support when you need it.

## Get Started

To get started, see the [documentation](https://altcha.org/docs/v2/wordpress).
 
== Installation ==
 
Download and install the plugin manually:

1. Download the `.zip` from the [Releases](https://github.com/altcha-org/altcha-wordpress-next/releases).
2. Upload `altcha` folder to the `/wp-content/plugins/` directory  
3. Activate the plugin through the 'Plugins' menu in WordPress  
4. Review the settings

== Changelog ==

= 3.0.1 =
* Fix: WP Login protection with custom action (compatibility with other login protection plugins)

= 3.0.0 =
* BREAKING: Requires PHP 8.1 or higher
* Action Required: Review and test all integrations before deploying to production
* New: ALTCHA Widget v3, introducing a new Proof-of-Work (PoW) mechanism
* New: Simplified settings for plugins and integrations

= 2.6.1 =
* Fix auto-updated and wp cli warning
* Fix interceptor - handle invalid GET requests with content-type headers

= 2.6.0 =
* Added option to bypass verification by User-Agent
* Added Independent Analytics and Optimization Detective default paths
* Fixed PHP warning in IP address detection
* Fixed ModSecurity false positives when saving settings [#24]

= 2.5.0 =
* Added option to configure challenge expiration
* Added filter `altcha_get_settings`

= 2.4.2 =
* Fixed handling of malformatted altcha payload

= 2.4.1 =
* Fixed wp_scripts initialization error

= 2.4.0 =
* Added TranslatePress and PixelYourSite default actions

= 2.3.1 =
* Fixed possible replay attacks via salt splicing.

= 2.3.0 =
* Removed enforcement of default actions/paths during other plugins activation to avoid overwriting user configuration
* Fixed the enqueue order of the obfuscation script
* Added missing legacy and less commonly used timezones for geo-detection

= 2.2.0 =
* Introduced advanced event filtering for logs.
* Added a new "Bot" event type to differentiate between bot and failed attempts.
* Added request body logging for failed or bot attempts (can be enabled in Analytics settings).
* Added "Trusted Proxies" settings to improve security with IP detection from the HTTP_X_FORWARDED_FOR header.

= 2.1.2 =
* Add EventPrime plugin defaults
* Add "Tested up to" with WP 6.9
* Fix minor UI issues

= 2.1.1 =
* Add WooCommerce default exclusion path !/wc-api/*
* Fix SAPI CLI bypass

= 2.1.1 =
* Add WooCommerce default exclusion path !/wc-api/*
* Fix SAPI CLI bypass

= 2.1.0 =
* Multi-site support
* Obfuscation shortcode
* Ability to hide ALTCHA menu item from the sidebar
* Add meta tags for Git-Updater

= 2.0.11 =
* Fix analytics timezone mismatch issues
* Improve events table pagination

= 2.0.10 =
* Add altcha_inject filter
* Fix auto-updater issues

= 2.0.9 =
* Fix: Add missing timezones for geo-location
* UI improvements

= 2.0.8 =
* Fix MainWP compatibility
* Add bypass cookies

= 2.0.7 =
* Fix translation domain notice

= 2.0.6 =
* Fix Wordfence login issues

= 2.0.5 =
* Add missing timezones for geo-location
* UI improvements and fixes

= 2.0.4 =
* Auto-apply recommended actions and paths when plugins are activated
* Login protection is enabled by default
* Fix login protection with paths without wildcard
* UI improvements and fixes

= 2.0.3 =
* UI improvements and fixes

= 2.0.2 =
* Under Attack Mode is now disabled on excluded actions and paths
* Default excluded paths for "Real Cookie Banner"
* Enable debugging mode using local storage variable

= 2.0.1 =
* Fix login issues related to "hide login" plugins

= 2.0.0 =
* First public release
