=== R2 Media Offload (Multi-Cloud) ===
Contributors: rise2studio
Tags: media, offload, s3, r2, cloudflare, backblaze, wasabi, digitalocean, bunny, gcs, cdn
Requires at least: 6.0
Tested up to: 6.6
Requires PHP: 8.0
Stable tag: 1.0.1
License: GPLv2 or later

Offload WordPress media to Amazon S3, Cloudflare R2, Backblaze B2, Wasabi, DigitalOcean Spaces, Bunny.net or Google Cloud Storage and serve via CDN.

== Supported providers ==
- Amazon S3
- Cloudflare R2 (zero egress)
- Backblaze B2
- Wasabi (no egress fees)
- DigitalOcean Spaces
- Bunny.net Edge Storage + CDN
- Google Cloud Storage

S3-compatible providers and Bunny.net use the built-in WordPress HTTP transport with native AWS Signature V4 / Bunny auth — no SDK or `composer install` required. Google Cloud Storage uses the official SDK.

== Features ==
- Settings page: pick a provider, set bucket/keys/region, prefix, CDN domain.
- Offload on new upload (async via Action Scheduler or WP-Cron).
- URL rewriting for attachments, image src, srcset.
- Byte-preserving: no re-encoding; offloads sidecar webp/avif variants.
- Resumable bulk migration: scan, dry-run, queue, verify, prune, restore.
- Providers & Pricing page: per-provider registration guides, pros/cons, and a live cost estimate (storage + egress + ops + hidden costs) based on your library size.
- WP-CLI commands and a logs viewer.

== Install ==
1. Activate the plugin.
2. (Google Cloud Storage only) run `composer install` to fetch `google/cloud-storage`, or use the in-admin "Install dependencies" button.
3. Open Settings → choose a provider → follow the inline setup guide → Save & Test connection.
4. Use the Migration page to bulk-offload an existing library.

== Changelog ==
= 1.0.1 =
* Security hardening: the file log directory (wp-content/plugins/r2-offload/logs/) now ships an .htaccess deny rule + index.php so the offload log cannot be fetched directly (it contains server paths/object keys/errors — never credentials). The offload log no longer records absolute server file paths (basename only). A full SQLi/SSRF/secrets/CSRF/file-path audit found no other issues.

= 1.0.0 =
* First release on the RISE2 self-hosted update server.

== Roadmap ==
- Signed/private URLs per provider.
- Per-attachment object-key map for prune-safe remote cleanup and key rename.
- Setup wizard, auto-tuning, observability bundle.
