Breach Radar via verisizintisi.com

Breach Radar helps WordPress site owners monitor whether their users’ email addresses appear in known data breaches.

Features:
– Dashboard overview with risk summary and insights
– Manual and scheduled scans (daily)
– Logs with filters (email, found, HTTP, date range)
– Admin notifications on breach count increases (configurable threshold)
– Protection badge shortcode and Theme Customizer integration
– i18n: English and Turkish included; Azerbaijani and Russian supported via PO files

How it works

1. Get your API key at get.verisizintisi.com/wordpress and paste it in Settings.
2. Start a manual scan or enable the daily scan. The plugin sends, over HTTPS:
   • Your site domain (to validate token usage)
   • The email addresses selected for scanning
3. The API authenticates, rate‑limits, and checks a breach dataset. It returns per‑email status and counts (no breach contents).
4. Results are summarized in your dashboard and stored locally as scan logs. Breach contents remain user‑private on verisizintisi.com.

Language & translations

• Text Domain: breach-radar (auto‑loaded from WordPress.org)
• Bundled translations: English, Turkish. PO fallbacks provided for az_AZ and ru_RU under wordpress/languages/.
• Plugin UI language can be forced at Breach Radar → Settings → Language. Default is “Auto (Site language)”.
• Language: English | Türkçe → readme-tr_TR.txt

Data sent to the service

• Site domain (host) to validate token usage
• The email addresses you submit for lookup (transmitted for lookup; not persisted by the API)
• Usage metadata (request time, status code, counters) for rate‑limiting and abuse prevention

Privacy and Terms

• No tracking scripts are added to your WordPress frontend or admin.
• Lookups only run when you initiate them or via your scheduled task. Visitors are not tracked.
• Review: https://verisizintisi.com/privacy and https://verisizintisi.com/terms

Security model

• Admin pages require manage_options capability.
• All state‑changing actions use nonces (check_admin_referer).
• Inputs sanitized and validated; outputs escaped (esc_html, esc_attr, esc_url, wp_kses_post).
• HTTP host is derived via a safe helper instead of raw $_SERVER.

Consent

Depending on your local laws and policies, you may need to inform users and/or obtain consent before checking their email addresses against breach datasets. This plugin provides the tools, but responsibility for lawful use remains with the site owner.