=== Siteward Child ===
Contributors: omniswp
Tags: site management, remote management, monitoring, updates, backups
Requires at least: 5.8
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 0.6.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Securely connects this site to a Siteward dashboard for monitoring, updates and UpdraftPlus backup visibility.

== Description ==

Siteward Child is the companion plugin for **Siteward**. Install it on any WordPress site you want to manage centrally, then connect it to your dashboard with a one-time secure handshake.

Once connected, it exposes a single signed REST endpoint that your dashboard uses to read update status, UpdraftPlus backup history and site health, and to apply one-click updates. The dashboard always initiates the traffic — this plugin never calls out on its own.

* Signed, replay-protected REST endpoint (verified against your dashboard's public key).
* Reports core, plugin and theme updates.
* Reports UpdraftPlus backup history and status.
* Reports basic site health (WP-Cron, load).

This plugin does nothing on its own until paired with a Siteward dashboard.

== Installation ==

1. Upload the `siteward-child` folder to `/wp-content/plugins/`, or install it from the Plugins screen.
2. Activate the plugin through the Plugins screen.
3. Open **Siteward Child** in the menu, copy the connection key, and paste it into your Siteward's Add Site screen.

== Frequently Asked Questions ==

= Does this plugin do anything by itself? =
No. It only responds to a paired Siteward after a secure handshake.

= Is the connection secure? =
Yes. Every request is verified against the dashboard's stored public key, with timestamp and nonce replay protection.

= How do I disconnect? =
Disconnect the site from the dashboard, or deactivate this plugin. The stored public key is removed on disconnect.

== Changelog ==

= 0.6.0 =
* Fleet plugin management: signed actions to inventory, activate, deactivate, uninstall and install (from ZIP or URL) plugins from the dashboard. Every slug is traversal-guarded.

= 0.5.3 =
* Hardening: constrain update/reactivate targets to installed plugins/themes (validate_file + membership checks); restrict the auto-login redirect to a known allow-list of admin screens.

= 0.5.2 =
* Update reliability: keep active plugins active through updates (define DOING_CRON so core never deactivates mid-update), snapshot/restore the active set with a shutdown reconciler, and dependency-order reactivation so WooCommerce and its extensions come back together.

= 0.5.1 =
* Fix: plugins could be left deactivated after an update in unattended runs.

= 0.5.0 =
* Public release.

== Upgrade Notice ==

= 0.5.3 =
Security hardening for the update and auto-login paths.

= 0.5.2 =
Important update-reliability fix — prevents plugins being left deactivated after updates.

= 0.5.0 =
First public release.
