Installation

For official CRS plugin installation instructions, see https://coreruleset.org/docs/concepts/plugins/#how-to-install-a-plugin.

File Path Configuration
=====================

This plugin uses @pmFromFile / @ipMatchFromFile for efficient pattern matching.
The following .data files must all be deployed alongside the .conf files (or
referenced with an absolute path):

  - wordpress-hardening-files.data            (direct-access block list)
  - wordpress-hardening-scanners.data         (scanner UA block list, PL2)
  - wordpress-hardening-login-countries.data  (GeoIP allow list — LOWERCASE)
  - wordpress-hardening-ip-reputation.data    (IP reputation block list)
  - wordpress-hardening-trusted-proxies.data  (XFF trusted-proxy CIDRs)

The files must be in one of:

1. The same directory as `wordpress-hardening-before.conf`, OR
2. ModSecurity's configured rules directory, OR
3. Referenced with an absolute path in the rules file:
     @pmFromFile /full/path/to/wordpress-hardening-files.data

See [README](README.md) for complete installation documentation.
