From 2a7042bb4e1dfac7f9aa05c63de26d4d9ba2c15b Mon Sep 17 00:00:00 2001
From: M_Viper <admin@m-viper.de>
Date: Tue, 15 Apr 2025 18:41:59 +0000
Subject: [PATCH] wp-multi.php aktualisiert

---
 wp-multi.php | 1529 ++++++++++++++++++++++++++++++++------------------
 1 file changed, 968 insertions(+), 561 deletions(-)

diff --git a/wp-multi.php b/wp-multi.php
index e3139cb..62631d0 100644
--- a/wp-multi.php
+++ b/wp-multi.php
@@ -3,7 +3,7 @@
  * Plugin Name: WP Multi
  * Plugin URI: https://git.viper.ipv64.net/M_Viper/wp-multi
  * Description: Erweiterter Anti-Spam-Schutz mit Honeypot, Keyword-Filter, Link-Limit und mehr. Jetzt mit Statistik im Dashboard und HappyForms-Integration.
- * Version: 2.9
+ * Version: 3.0
  * Author: M_Viper
  * Author URI: https://m-viper.de
  * Requires at least: 6.7.2
@@ -60,10 +60,6 @@ if (wp_multi_check_dependency()) {
 }
 
 
-
-
- 
-
 /*
  * Admin - Panel Banner
  */
@@ -421,14 +417,19 @@ add_action( 'wp_login', 'wp_multi_block_login_if_disabled', 10, 2 );
  
  
 /*
-* Auto Tag
-*/
+ * Verbessertes Auto-Tag-Plugin mit optimierter Sicherheit, Performance und Benutzerfreundlichkeit
+ */
 
+define('WP_MULTI_AUTO_TAGS_OPTION', 'wp_multi_custom_stopwords');
+define('WP_MULTI_AUTO_TAGS_QUEUE', 'wp_multi_auto_tags_queue');
+define('WP_MULTI_AUTO_TAGS_NONCE', 'wp_multi_auto_tags_nonce');
 
-
-// Automatische Tags zu Beiträgen hinzufügen
+/**
+ * Fügt automatische Tags zu einem Beitrag hinzu.
+ *
+ * @param int $post_id ID des Beitrags.
+ */
 function wp_multi_auto_add_tags($post_id) {
-    // Prüfe nur den Post-Typ, da wp_is_post_revision redundant ist
     if (get_post_type($post_id) !== 'post') {
         return;
     }
@@ -440,33 +441,19 @@ function wp_multi_auto_add_tags($post_id) {
 
     $post = get_post($post_id);
     if (!$post) {
-        return; // Sicherheitsprüfung, falls der Beitrag nicht existiert
+        error_log("WP Multi Auto Tags: Beitrag $post_id nicht gefunden.");
+        return;
     }
 
     $content = strip_tags($post->post_content);
-    $content = strtolower($content);
+    $content = mb_strtolower($content, 'UTF-8');
 
-    // Stopwörter aus der Admin-Eingabe holen
-    $custom_stopwords = get_option('wp_multi_custom_stopwords', '');
-    $custom_stopwords = array_filter(array_map('trim', explode(',', $custom_stopwords)));
-
-    // Standard-Stopwörter
-    $default_stopwords = [
-        'und', 'oder', 'ein', 'eine', 'der', 'die', 'das', 'in', 'mit', 'auf', 'zu', 'von',
-        'für', 'ist', 'es', 'im', 'an', 'am', 'bei', 'auch', 'aber', 'so', 'dass', 'kann',
-        'wenn', 'wie', 'wir', 'man', 'nur', 'nicht', 'mehr', 'als', 'sein', 'wurde', 'werden',
-        'hat', 'haben', 'schon', 'doch', 'denn', 'diese', 'dieser', 'dieses', 'nach', 'sehr', 'allgemein'
-    ];
-
-    // Alle Stopwörter kombinieren
-    $stopwords = array_merge($default_stopwords, $custom_stopwords);
-
-    // Wörter mit mindestens 4 Buchstaben extrahieren
-    preg_match_all('/\b[a-zäöüß]{4,}\b/u', $content, $matches);
-    $words = array_unique(array_diff($matches[0], $stopwords));
+    // Stopwörter laden
+    $stopwords = wp_multi_get_stopwords();
+    $words = wp_multi_extract_words($content, $stopwords);
 
     if (empty($words)) {
-        return; // Keine Tags, wenn keine Wörter übrig sind
+        return;
     }
 
     $word_counts = array_count_values($words);
@@ -474,11 +461,53 @@ function wp_multi_auto_add_tags($post_id) {
 
     $top_tags = array_slice(array_keys($word_counts), 0, 5);
     if (!empty($top_tags)) {
-        wp_set_post_tags($post_id, implode(',', $top_tags), true);
+        wp_set_post_tags($post_id, $top_tags, true);
     }
 }
 
-// Menüeintrag für Automatische Tags
+/**
+ * Extrahiert relevante Wörter aus dem Inhalt.
+ *
+ * @param string $content Der Inhalt des Beitrags.
+ * @param array  $stopwords Liste der Stopwörter.
+ * @return array Liste der extrahierten Wörter.
+ */
+function wp_multi_extract_words($content, $stopwords) {
+    preg_match_all('/\b[a-zäöüß]{4,}\b/u', $content, $matches);
+    return array_unique(array_diff($matches[0], $stopwords));
+}
+
+/**
+ * Lädt die kombinierten Stopwörter (Standard + benutzerdefiniert).
+ *
+ * @return array Liste der Stopwörter.
+ */
+function wp_multi_get_stopwords() {
+    $cache_key = 'wp_multi_stopwords';
+    $stopwords = get_transient($cache_key);
+
+    if ($stopwords !== false) {
+        return $stopwords;
+    }
+
+    $custom_stopwords = get_option(WP_MULTI_AUTO_TAGS_OPTION, '');
+    $custom_stopwords = array_filter(array_map('trim', explode(',', sanitize_text_field($custom_stopwords))));
+
+    $default_stopwords = [
+        'und', 'oder', 'ein', 'eine', 'der', 'die', 'das', 'in', 'mit', 'auf', 'zu', 'von',
+        'für', 'ist', 'es', 'im', 'an', 'am', 'bei', 'auch', 'aber', 'so', 'dass', 'kann',
+        'wenn', 'wie', 'wir', 'man', 'nur', 'nicht', 'mehr', 'als', 'sein', 'wurde', 'werden',
+        'hat', 'haben', 'schon', 'doch', 'denn', 'diese', 'dieser', 'dieses', 'nach', 'sehr', 'allgemein'
+    ];
+
+    $stopwords = array_merge($default_stopwords, $custom_stopwords);
+    set_transient($cache_key, $stopwords, DAY_IN_SECONDS);
+    return $stopwords;
+}
+
+/**
+ * Fügt das Admin-Menü für automatische Tags hinzu.
+ */
 function wp_multi_admin_menu() {
     add_submenu_page(
         'edit.php',
@@ -491,45 +520,47 @@ function wp_multi_admin_menu() {
 }
 add_action('admin_menu', 'wp_multi_admin_menu');
 
-// Menüseite mit Banner & schöner Progress Bar
+/**
+ * Rendert die Admin-Seite für automatische Tags.
+ */
 function wp_multi_auto_tags_page() {
+    if (!current_user_can('manage_options')) {
+        wp_die(__('Zugriff verweigert.', 'wp-multi'));
+    }
+
     ?>
     <div class="wrap">
-        <!-- Blauer Header mit Logo -->
         <div class="wp-multi-header">
             <img src="https://m-viper.de/img/logo.png" alt="M_Viper Logo">
-            <h1><?php _e('Automatische Tags', 'wp-multi'); ?></h1>
+            <h1><?php esc_html_e('Automatische Tags', 'wp-multi'); ?></h1>
         </div>
 
-        <p class="wp-multi-description"><?php _e('Diese Funktion fügt automatisch Tags zu Beiträgen hinzu, die noch keine haben.', 'wp-multi'); ?></p>
+        <p class="wp-multi-description"><?php esc_html_e('Automatisch Tags zu Beiträgen hinzufügen, die noch keine haben.', 'wp-multi'); ?></p>
 
         <form method="post" action="options.php">
             <?php
             settings_fields('wp_multi_auto_tags_options');
             do_settings_sections('wp-multi-auto-tags');
-            wp_nonce_field('wp_multi_auto_tags_save', 'wp_multi_auto_tags_nonce'); // CSRF-Schutz
+            wp_nonce_field(WP_MULTI_AUTO_TAGS_NONCE, WP_MULTI_AUTO_TAGS_NONCE);
             ?>
             <p>
-                <label for="wp_multi_custom_stopwords"><?php _e('Benutzerdefinierte Tags, die nicht genutzt werden sollten (kommagetrennt):', 'wp-multi'); ?></label><br>
-                <textarea id="wp_multi_custom_stopwords" name="wp_multi_custom_stopwords" rows="5" cols="50"><?php echo esc_textarea(get_option('wp_multi_custom_stopwords', '')); ?></textarea>
+                <label for="wp_multi_custom_stopwords"><?php esc_html_e('Benutzerdefinierte Stopwörter (kommagetrennt):', 'wp-multi'); ?></label><br>
+                <textarea id="wp_multi_custom_stopwords" name="wp_multi_custom_stopwords" rows="5" cols="50"><?php echo esc_textarea(get_option(WP_MULTI_AUTO_TAGS_OPTION, '')); ?></textarea>
                 <br>
-                <small><?php _e('Trenne die Wörter durch Kommas, z. B. "wird, auch, aber".', 'wp-multi'); ?></small>
+                <small><?php esc_html_e('Beispiele: wird, auch, aber', 'wp-multi'); ?></small>
             </p>
-            <p><input type="submit" value="<?php _e('Speichern', 'wp-multi'); ?>" class="button button-primary"></p>
+            <p><input type="submit" value="<?php esc_html_e('Speichern', 'wp-multi'); ?>" class="button button-primary"></p>
         </form>
 
-        <button id="start-auto-tags" class="button button-primary wp-multi-btn"><?php _e('Jetzt ausführen', 'wp-multi'); ?></button>
-
+        <button id="start-auto-tags" class="button button-primary wp-multi-btn"><?php esc_html_e('Jetzt ausführen', 'wp-multi'); ?></button>
         <div id="progress-container" class="wp-multi-progress-container">
             <div id="progress-bar" class="wp-multi-progress-bar">0%</div>
         </div>
-
         <p id="status-message" class="wp-multi-status-message"></p>
     </div>
 
     <?php
-    // Styles in eine separate Funktion auslagern
-    wp_enqueue_style('wp-multi-auto-tags', plugin_dir_url(__FILE__) . 'css/auto-tags.css', [], '1.0');
+    wp_enqueue_style('wp-multi-auto-tags', plugin_dir_url(__FILE__) . 'css/auto-tags.css', [], '1.1');
     wp_add_inline_style('wp-multi-auto-tags', '
         .wp-multi-header { background: #0073aa; color: white; text-align: center; padding: 25px; border-radius: 8px; margin-bottom: 30px; box-shadow: 0 4px 10px rgba(0, 0, 0, 0.1); }
         .wp-multi-header img { max-width: 120px; margin-bottom: 15px; }
@@ -542,85 +573,92 @@ function wp_multi_auto_tags_page() {
         label { font-size: 16px; font-weight: 500; color: #333; margin-bottom: 8px; display: block; }
         small { font-size: 14px; color: #888; }
         .wp-multi-progress-container { display: none; width: 100%; background: #f4f4f4; border-radius: 5px; margin-top: 20px; }
-        .wp-multi-progress-bar { width: 0%; height: 30px; background: rgb(45, 168, 7); text-align: center; color: white; line-height: 30px; font-weight: bold; transition: width 0.4s ease-in-out; border-radius: 5px; }
+        .wp-multi-progress-bar { width: 0%; height: 30px; background: #2da807; text-align: center; color: white; line-height: 30px; font-weight: bold; transition: width 0.4s ease-in-out; border-radius: 5px; }
         .wp-multi-status-message { margin-top: 15px; font-size: 16px; font-weight: bold; color: #0073aa; }
         form { margin-bottom: 25px; background: #f9f9f9; padding: 20px; border-radius: 8px; box-shadow: 0 4px 10px rgba(0, 0, 0, 0.05); }
     ');
 
-    // JavaScript mit Nonce für AJAX
-    wp_enqueue_script('wp-multi-auto-tags', plugin_dir_url(__FILE__) . 'js/auto-tags.js', ['jquery'], '1.0', true);
+    wp_enqueue_script('wp-multi-auto-tags', plugin_dir_url(__FILE__) . 'js/auto-tags.js', ['jquery'], '1.1', true);
     wp_localize_script('wp-multi-auto-tags', 'wpMultiAutoTags', [
         'ajaxurl' => admin_url('admin-ajax.php'),
-        'nonce'   => wp_create_nonce('wp_multi_auto_tags_nonce')
+        'nonce' => wp_create_nonce(WP_MULTI_AUTO_TAGS_NONCE),
+        'messages' => [
+            'processing' => __('Wird verarbeitet...', 'wp-multi'),
+            'run' => __('Jetzt ausführen', 'wp-multi'),
+            'loading' => __('Lade...', 'wp-multi'),
+            'no_posts' => __('Keine Beiträge gefunden.', 'wp-multi'),
+            'success' => __('Automatische Tags erfolgreich hinzugefügt!', 'wp-multi'),
+            'error' => __('Fehler bei der Verarbeitung.', 'wp-multi'),
+            'start_error' => __('Fehler beim Starten der Verarbeitung.', 'wp-multi'),
+        ],
     ]);
     ?>
     <script>
         jQuery(document).ready(function($) {
             $('#start-auto-tags').on('click', function() {
-                let button = this;
-                button.disabled = true;
-                button.innerText = '<?php _e("Wird verarbeitet...", "wp-multi"); ?>';
-
-                let progressContainer = $('#progress-container');
-                let progressBar = $('#progress-bar');
-                let statusMessage = $('#status-message');
+                const button = $(this);
+                const progressContainer = $('#progress-container');
+                const progressBar = $('#progress-bar');
+                const statusMessage = $('#status-message');
 
+                button.prop('disabled', true).text(wpMultiAutoTags.messages.processing);
                 progressContainer.show();
                 progressBar.css('width', '0%').text('0%');
-                statusMessage.text('<?php _e("Lade...", "wp-multi"); ?>');
+                statusMessage.text(wpMultiAutoTags.messages.loading);
 
-                fetch(wpMultiAutoTags.ajaxurl, {
+                $.ajax({
+                    url: wpMultiAutoTags.ajaxurl,
                     method: 'POST',
-                    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-                    body: 'action=wp_multi_process_auto_tags&nonce=' + wpMultiAutoTags.nonce
-                })
-                .then(response => response.json())
-                .then(data => {
-                    if (!data.total) {
-                        statusMessage.text('<?php _e("Fehler: Keine Beiträge gefunden.", "wp-multi"); ?>');
-                        button.disabled = false;
-                        button.innerText = '<?php _e("Jetzt ausführen", "wp-multi"); ?>';
-                        return;
-                    }
+                    data: {
+                        action: 'wp_multi_process_auto_tags',
+                        nonce: wpMultiAutoTags.nonce,
+                    },
+                    success: function(response) {
+                        if (!response.data.total) {
+                            statusMessage.text(wpMultiAutoTags.messages.no_posts);
+                            button.prop('disabled', false).text(wpMultiAutoTags.messages.run);
+                            return;
+                        }
 
-                    let total = data.total;
-                    let processed = 0;
-                    let batchSize = 10;
+                        const total = response.data.total;
+                        let processed = 0;
+                        const batchSize = 10;
 
-                    function updateProgress() {
-                        fetch(wpMultiAutoTags.ajaxurl, {
-                            method: 'POST',
-                            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-                            body: 'action=wp_multi_process_auto_tags_step&batchSize=' + batchSize + '&nonce=' + wpMultiAutoTags.nonce
-                        })
-                        .then(response => response.json())
-                        .then(result => {
-                            if (result.done) {
-                                processed += batchSize;
-                                let percent = Math.min(Math.round((processed / total) * 100), 100);
-                                progressBar.css('width', percent + '%').text(percent + '%');
+                        function processBatch() {
+                            $.ajax({
+                                url: wpMultiAutoTags.ajaxurl,
+                                method: 'POST',
+                                data: {
+                                    action: 'wp_multi_process_auto_tags_step',
+                                    batchSize: batchSize,
+                                    nonce: wpMultiAutoTags.nonce,
+                                },
+                                success: function(result) {
+                                    if (result.data.done) {
+                                        processed += batchSize;
+                                        const percent = Math.min(Math.round((processed / total) * 100), 100);
+                                        progressBar.css('width', percent + '%').text(percent + '%');
 
-                                if (processed < total) {
-                                    updateProgress();
-                                } else {
-                                    button.innerText = '<?php _e("Jetzt ausführen", "wp-multi"); ?>';
-                                    button.disabled = false;
-                                    statusMessage.text('<?php _e("Automatische Tags wurden erfolgreich hinzugefügt!", "wp-multi"); ?>');
-                                }
-                            }
-                        })
-                        .catch(error => {
-                            statusMessage.text('<?php _e("Fehler bei der Verarbeitung.", "wp-multi"); ?>');
-                            button.disabled = false;
-                            button.innerText = '<?php _e("Jetzt ausführen", "wp-multi"); ?>';
-                        });
-                    }
-                    updateProgress();
-                })
-                .catch(error => {
-                    statusMessage.text('<?php _e("Fehler beim Starten der Verarbeitung.", "wp-multi"); ?>');
-                    button.disabled = false;
-                    button.innerText = '<?php _e("Jetzt ausführen", "wp-multi"); ?>';
+                                        if (processed < total) {
+                                            processBatch();
+                                        } else {
+                                            button.prop('disabled', false).text(wpMultiAutoTags.messages.run);
+                                            statusMessage.text(wpMultiAutoTags.messages.success);
+                                        }
+                                    }
+                                },
+                                error: function() {
+                                    statusMessage.text(wpMultiAutoTags.messages.error);
+                                    button.prop('disabled', false).text(wpMultiAutoTags.messages.run);
+                                },
+                            });
+                        }
+                        processBatch();
+                    },
+                    error: function() {
+                        statusMessage.text(wpMultiAutoTags.messages.start_error);
+                        button.prop('disabled', false).text(wpMultiAutoTags.messages.run);
+                    },
                 });
             });
         });
@@ -628,56 +666,82 @@ function wp_multi_auto_tags_page() {
     <?php
 }
 
-// Einstellungen registrieren
+/**
+ * Registriert die Einstellungen für automatische Tags.
+ */
 function wp_multi_auto_tags_settings_init() {
-    register_setting('wp_multi_auto_tags_options', 'wp_multi_custom_stopwords', [
-        'sanitize_callback' => 'sanitize_text_field'
+    register_setting('wp_multi_auto_tags_options', WP_MULTI_AUTO_TAGS_OPTION, [
+        'sanitize_callback' => function($input) {
+            $input = sanitize_text_field($input);
+            return implode(',', array_map('trim', explode(',', $input)));
+        },
     ]);
 }
 add_action('admin_init', 'wp_multi_auto_tags_settings_init');
 
-// AJAX-Aufrufe für schnelle Verarbeitung
-add_action('wp_ajax_wp_multi_process_auto_tags', 'wp_multi_process_auto_tags');
+/**
+ * Verarbeitet die Initialisierung der Auto-Tag-Verarbeitung via AJAX.
+ */
 function wp_multi_process_auto_tags() {
-    check_ajax_referer('wp_multi_auto_tags_nonce', 'nonce');
+    check_ajax_referer(WP_MULTI_AUTO_TAGS_NONCE, 'nonce');
 
     $args = [
         'post_type' => 'post',
-        'posts_per_page' => 100, // Begrenze auf 100 für bessere Performance
+        'posts_per_page' => 100,
         'fields' => 'ids',
-        'paged' => 1 // Erste Seite, erweiterbar für Pagination
+        'no_found_rows' => true, // Optimierung
     ];
-    $posts = get_posts($args);
 
+    $posts = get_posts($args);
     if (empty($posts)) {
-        wp_send_json(['total' => 0]);
+        wp_send_json_success(['total' => 0]);
     }
 
-    set_transient('wp_multi_auto_tags_queue', $posts, 300);
-    wp_send_json(['total' => count($posts)]);
+    set_transient(WP_MULTI_AUTO_TAGS_QUEUE, $posts, 300);
+    wp_send_json_success(['total' => count($posts)]);
 }
+add_action('wp_ajax_wp_multi_process_auto_tags', 'wp_multi_process_auto_tags');
 
-add_action('wp_ajax_wp_multi_process_auto_tags_step', 'wp_multi_process_auto_tags_step');
+/**
+ * Verarbeitet einen Batch von Beiträgen für die Auto-Tag-Verarbeitung.
+ */
 function wp_multi_process_auto_tags_step() {
-    check_ajax_referer('wp_multi_auto_tags_nonce', 'nonce');
+    check_ajax_referer(WP_MULTI_AUTO_TAGS_NONCE, 'nonce');
 
-    $queue = get_transient('wp_multi_auto_tags_queue');
-    $batchSize = isset($_POST['batchSize']) ? intval($_POST['batchSize']) : 10;
-    $batchSize = max(1, min($batchSize, 50)); // Begrenze zwischen 1 und 50
+    $queue = get_transient(WP_MULTI_AUTO_TAGS_QUEUE);
+    $batchSize = isset($_POST['batchSize']) ? absint($_POST['batchSize']) : 10;
+    $batchSize = max(1, min($batchSize, 50));
 
     if (!$queue || empty($queue)) {
-        wp_send_json(['done' => false]);
+        wp_send_json_success(['done' => false]);
     }
 
+    set_time_limit(30); // Timeout verhindern
     $posts_to_process = array_splice($queue, 0, $batchSize);
 
     foreach ($posts_to_process as $post_id) {
         wp_multi_auto_add_tags($post_id);
     }
 
-    set_transient('wp_multi_auto_tags_queue', $queue, 300);
-    wp_send_json(['done' => true]);
+    set_transient(WP_MULTI_AUTO_TAGS_QUEUE, $queue, 300);
+    wp_send_json_success(['done' => true]);
 }
+add_action('wp_ajax_wp_multi_process_auto_tags_step', 'wp_multi_process_auto_tags_step');
+
+/**
+ * Fügt Tags automatisch bei neuen oder aktualisierten Beiträgen hinzu.
+ *
+ * @param int $post_id ID des Beitrags.
+ */
+function wp_multi_auto_tag_on_save($post_id) {
+    if (wp_is_post_autosave($post_id) || wp_is_post_revision($post_id)) {
+        return;
+    }
+
+    wp_multi_auto_add_tags($post_id);
+}
+add_action('save_post', 'wp_multi_auto_tag_on_save', 10, 1);
+
 
 
 /*
@@ -984,17 +1048,15 @@ function wp_multi_blocked_ips_callback() {
 
 
 /*
-* Schutz vor Brute-Force-Angriffen
+* Schutz vor Brute-Force-Angriffen mit wöchentlicher Zusammenfassung
 */
 
 
 // Funktion zur Erfassung der echten IP-Adresse des Benutzers
 function get_user_ip() {
-    // Priorität: HTTP_CLIENT_IP > HTTP_X_FORWARDED_FOR > REMOTE_ADDR
     if (!empty($_SERVER['HTTP_CLIENT_IP']) && filter_var($_SERVER['HTTP_CLIENT_IP'], FILTER_VALIDATE_IP)) {
         return $_SERVER['HTTP_CLIENT_IP'];
     } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-        // HTTP_X_FORWARDED_FOR kann mehrere IPs enthalten (Comma-separated)
         $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
         $ip = trim($ips[0]);
         return filter_var($ip, FILTER_VALIDATE_IP) ? $ip : $_SERVER['REMOTE_ADDR'];
@@ -1008,15 +1070,14 @@ function wp_multi_log_failed_login($username) {
 
     $ip = get_user_ip();
     if ($ip === '0.0.0.0') {
-        return; // Ungültige IP, keine Aktion erforderlich
+        return;
     }
 
     $table_name = $wpdb->prefix . 'blocked_ips';
     $user = get_user_by('login', $username);
-    $max_attempts = 3; // Maximale Anzahl an E-Mails
-    $block_threshold = 5; // Schwelle für Sperrung
+    $max_attempts = 3;
+    $block_threshold = 5;
 
-    // Prüfen, ob die IP bereits existiert
     $row = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE ip = %s", $ip));
 
     if ($row) {
@@ -1044,12 +1105,10 @@ function wp_multi_log_failed_login($username) {
         $attempts = 1;
     }
 
-    // Sperrung und E-Mail-Benachrichtigung bei Überschreitung der Schwelle
     if ($attempts >= $block_threshold) {
         $email_sent = (int) get_option('failed_login_email_sent_' . $ip, 0);
 
         if ($email_sent < $max_attempts) {
-            // E-Mail an Benutzer (falls vorhanden)
             if ($user) {
                 wp_mail(
                     $user->user_email,
@@ -1061,21 +1120,6 @@ function wp_multi_log_failed_login($username) {
                     array('Content-Type: text/plain; charset=UTF-8')
                 );
             }
-
-            // E-Mail an Admin
-            $admin_email = get_option('admin_email');
-            wp_mail(
-                $admin_email,
-                __('Brute-Force-Angriff erkannt', 'wp-multi'),
-                sprintf(
-                    __("Ein Brute-Force-Angriff wurde erkannt. Die IP-Adresse %s wurde nach %d fehlgeschlagenen Versuchen blockiert.", 'wp-multi'),
-                    $ip,
-                    $attempts
-                ),
-                array('Content-Type: text/plain; charset=UTF-8')
-            );
-
-            // Zähler erhöhen
             update_option('failed_login_email_sent_' . $ip, $email_sent + 1);
         }
 
@@ -1115,6 +1159,88 @@ function wp_multi_create_blocked_ips_table() {
 }
 register_activation_hook(__FILE__, 'wp_multi_create_blocked_ips_table');
 
+// Wöchentliche Zusammenfassung
+function wp_multi_send_weekly_summary() {
+    global $wpdb;
+    $table_name = $wpdb->prefix . 'blocked_ips';
+    
+    $last_email_time = get_option('wp_multi_last_summary_email', 0);
+    $current_time = time();
+    
+    // Prüfen, ob eine Woche vergangen ist (7 Tage = 604800 Sekunden)
+    if (($current_time - $last_email_time) < 604800) {
+        return;
+    }
+
+    // Zeitraum für die Zusammenfassung (letzte Woche)
+    $week_ago = date('Y-m-d H:i:s', strtotime('-7 days'));
+    $now = date('Y-m-d H:i:s');
+    
+    // Gesamtzahl der Angriffe
+    $total_attacks = $wpdb->get_var(
+        $wpdb->prepare(
+            "SELECT SUM(attempts) FROM $table_name WHERE last_attempt >= %s",
+            $week_ago
+        )
+    );
+    $total_attacks = $total_attacks ? $total_attacks : 0;
+
+    // Top 10 IPs mit den meisten Angriffen
+    $top_ips = $wpdb->get_results(
+        $wpdb->prepare(
+            "SELECT ip, attempts, last_attempt 
+             FROM $table_name 
+             WHERE last_attempt >= %s 
+             ORDER BY attempts DESC 
+             LIMIT 10",
+            $week_ago
+        )
+    );
+
+    // E-Mail-Inhalt
+    $message = __("Wöchentliche Brute-Force-Zusammenfassung\n\n", 'wp-multi');
+    $message .= sprintf(__("Zeitraum: %s bis %s\n\n", 'wp-multi'), $week_ago, $now);
+    $message .= sprintf(__("Gesamtzahl der Angriffe: %d\n\n", 'wp-multi'), $total_attacks);
+    $message .= __("Top 10 IPs mit den meisten Angriffen:\n", 'wp-multi');
+    
+    if ($top_ips) {
+        foreach ($top_ips as $index => $ip) {
+            $message .= sprintf(
+                __("%d. IP: %s, Versuche: %d, Letzter Versuch: %s\n", 'wp-multi'),
+                $index + 1,
+                $ip->ip,
+                $ip->attempts,
+                $ip->last_attempt
+            );
+        }
+    } else {
+        $message .= __("Keine IPs mit Angriffen in diesem Zeitraum.\n", 'wp-multi');
+    }
+
+    // E-Mail an Admin senden
+    $admin_email = get_option('admin_email');
+    wp_mail(
+        $admin_email,
+        __('Wöchentliche Brute-Force-Zusammenfassung', 'wp-multi'),
+        $message,
+        array('Content-Type: text/plain; charset=UTF-8')
+    );
+
+    // Aktualisiere den Zeitstempel der letzten E-Mail
+    update_option('wp_multi_last_summary_email', $current_time);
+}
+
+// Planen der wöchentlichen Zusammenfassung (jeden Montag um 8:00 Uhr)
+function wp_multi_schedule_weekly_summary() {
+    if (!wp_next_scheduled('wp_multi_weekly_summary_event')) {
+        wp_schedule_event(strtotime('next Monday 08:00'), 'weekly', 'wp_multi_weekly_summary_event');
+    }
+}
+add_action('wp', 'wp_multi_schedule_weekly_summary');
+
+// Hook für die Ausführung der Zusammenfassung
+add_action('wp_multi_weekly_summary_event', 'wp_multi_send_weekly_summary');
+
 // Menüpunkt für blockierte IPs
 function wp_multi_blocked_ips_menu() {
     add_submenu_page(
@@ -1190,8 +1316,8 @@ function wp_multi_display_blocked_ips() {
                         echo paginate_links(array(
                             'base' => add_query_arg('paged', '%#%'),
                             'format' => '',
-                            'prev_text' => __('&laquo;'),
-                            'next_text' => __('&raquo;'),
+                            'prev_text' => __('«'),
+                            'next_text' => __('»'),
                             'total' => $total_pages,
                             'current' => $page,
                         ));
@@ -1202,7 +1328,6 @@ function wp_multi_display_blocked_ips() {
         <?php endif; ?>
 
         <?php
-        // Automatische Löschung älterer Einträge
         $three_days_ago = date('Y-m-d H:i:s', strtotime('-3 days'));
         $wpdb->query(
             $wpdb->prepare(
@@ -1568,63 +1693,88 @@ function wp_multi_dashboard_widget_content() {
 
 
 /*
-* Benutzer-Analytics
-*/
+ * Benutzer-Analytics mit verbesserten Sicherheits-, Performance- und Benutzerfreundlichkeits-Features
+ */
 
-// Funktion zur Erstellung der Datenbanktabelle für Benutzer-Analytics
+
+define('WP_MULTI_ANALYTICS_TABLE', $wpdb->prefix . 'wp_multi_user_analytics');
+
+/**
+ * Erstellt die Datenbanktabelle für Benutzer-Analytics.
+ */
 function wp_multi_create_analytics_table() {
     global $wpdb;
-    $table_name = $wpdb->prefix . 'wp_multi_user_analytics';
+    $table_name = WP_MULTI_ANALYTICS_TABLE;
+    $charset_collate = $wpdb->get_charset_collate();
 
-    // Überprüfen, ob die Tabelle bereits existiert
-    if ($wpdb->get_var("SHOW TABLES LIKE '$table_name'") != $table_name) {
-        // Tabelle erstellen
-        $charset_collate = $wpdb->get_charset_collate();
-        $sql = "CREATE TABLE $table_name (
-            id mediumint(9) NOT NULL AUTO_INCREMENT,
-            user_id bigint(20) NOT NULL,
-            action varchar(255) NOT NULL,
-            post_id bigint(20) DEFAULT NULL,
-            timestamp datetime DEFAULT CURRENT_TIMESTAMP,
-            PRIMARY KEY  (id)
-        ) $charset_collate;";
+    $sql = "CREATE TABLE $table_name (
+        id mediumint(9) NOT NULL AUTO_INCREMENT,
+        user_id bigint(20) NOT NULL,
+        action varchar(255) NOT NULL,
+        post_id bigint(20) DEFAULT NULL,
+        timestamp datetime DEFAULT CURRENT_TIMESTAMP,
+        PRIMARY KEY  (id),
+        INDEX idx_timestamp (timestamp),
+        INDEX idx_action (action)
+    ) $charset_collate;";
 
-        require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
-        dbDelta($sql);
-    }
+    require_once ABSPATH . 'wp-admin/includes/upgrade.php';
+    dbDelta($sql);
 }
 register_activation_hook(__FILE__, 'wp_multi_create_analytics_table');
 
-// Funktion zur Verfolgung von Benutzerinteraktionen (Kommentare und Beitragsaufrufe)
+/**
+ * Verfolgt Benutzerinteraktionen (Kommentare und Beitragsaufrufe).
+ *
+ * @param int    $user_id Benutzer-ID.
+ * @param string $action  Aktion (z. B. 'view', 'comment').
+ * @param int    $post_id Beitrag-ID (optional).
+ * @return bool Erfolg der Operation.
+ */
 function wp_multi_track_user_activity($user_id, $action, $post_id = null) {
     global $wpdb;
-    $table_name = $wpdb->prefix . 'wp_multi_user_analytics';
+    $table_name = WP_MULTI_ANALYTICS_TABLE;
 
-    // Wenn die Aktion ein 'view' ist, stelle sicher, dass wir die post_id korrekt setzen
-    if ($action == 'view' && is_single()) {
+    $user_id = absint($user_id);
+    $action = sanitize_text_field($action);
+    $post_id = $post_id ? absint($post_id) : null;
+
+    if ($action === 'view' && is_single()) {
         $post_id = get_the_ID();
     }
 
-    // Benutzerinteraktionen in die Datenbank speichern
-    $wpdb->insert(
+    if (!$user_id || !$action) {
+        return false;
+    }
+
+    return $wpdb->insert(
         $table_name,
         array(
             'user_id'   => $user_id,
             'action'    => $action,
             'post_id'   => $post_id,
-        )
+        ),
+        array('%d', '%s', '%d')
     );
 }
 
-// Kommentar-Verfolgung
+/**
+ * Verfolgt Kommentar-Aktivitäten.
+ *
+ * @param int $comment_id Kommentar-ID.
+ */
 function wp_multi_comment_activity($comment_id) {
     $comment = get_comment($comment_id);
-    $user_id = $comment->user_id;
-    wp_multi_track_user_activity($user_id, 'comment', $comment->comment_post_ID);
+    $user_id = absint($comment->user_id);
+    if ($user_id) {
+        wp_multi_track_user_activity($user_id, 'comment', $comment->comment_post_ID);
+    }
 }
 add_action('comment_post', 'wp_multi_comment_activity');
 
-// Beitragsaufruf-Verfolgung
+/**
+ * Verfolgt Beitragsaufrufe.
+ */
 function wp_multi_post_view_activity() {
     if (is_single() && is_user_logged_in()) {
         $user_id = get_current_user_id();
@@ -1634,158 +1784,71 @@ function wp_multi_post_view_activity() {
 }
 add_action('wp_head', 'wp_multi_post_view_activity');
 
-// Funktion zur Anzeige der Benutzer-Analytics im Admin-Bereich
-function wp_multi_display_user_analytics() {
+/**
+ * Ruft rohe Analytics-Daten aus der Datenbank ab.
+ *
+ * @param string $date_query Datum für die Abfrage.
+ * @return array Rohe Analytics-Daten.
+ */
+function wp_multi_fetch_raw_analytics($date_query = 'CURDATE() - INTERVAL 7 DAY') {
     global $wpdb;
-    $table_name = $wpdb->prefix . 'wp_multi_user_analytics';
-
-    // Abfrage, um die Benutzerinteraktionen zu holen
-    $results = wp_multi_get_analytics_data();
-
-    ?>
-    <div class="wrap">
-        <div style="background-color: #0073aa; padding: 20px; text-align: center; color: white;">
-            <img src="https://m-viper.de/img/logo.png" alt="Logo" style="height: 50px; vertical-align: middle;">
-            <h1 style="display: inline; margin-left: 10px;"><?php _e('Benutzer Analytics', 'wp-multi'); ?></h1>
-        </div>
-
-        <canvas id="userActivityChart" style="height: 300px; width: 100%;"></canvas>
-
-        <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
-        <script>
-            document.addEventListener('DOMContentLoaded', function () {
-                var ctx = document.getElementById('userActivityChart').getContext('2d');
-                var chart = new Chart(ctx, {
-                    type: 'line',
-                    data: {
-                        labels: <?php echo json_encode($results['dates']); ?>,  // Tag-basierte Labels
-                        datasets: <?php echo json_encode($results['datasets']); ?>, // Kommentare und Beiträge
-                    },
-                    options: {
-                        scales: {
-                            x: {
-                                title: {
-                                    display: true,
-                                    text: 'Datum'
-                                }
-                            },
-                            y: {
-                                title: {
-                                    display: true,
-                                    text: 'Anzahl'
-                                },
-                                beginAtZero: true
-                            }
-                        }
-                    }
-                });
-            });
-        </script>
-
-        <table class="widefat">
-            <thead>
-                <tr>
-                    <th><?php _e('Benutzer ID', 'wp-multi'); ?></th>
-                    <th><?php _e('Aktion', 'wp-multi'); ?></th>
-                    <th><?php _e('Beitrag Titel', 'wp-multi'); ?></th>
-                    <th><?php _e('Beitrag ID', 'wp-multi'); ?></th>
-                    <th><?php _e('Zeitstempel', 'wp-multi'); ?></th>
-                </tr>
-            </thead>
-            <tbody>
-                <?php if (!empty($results['data'])): ?>
-                    <?php foreach ($results['data'] as $index => $row) : ?>
-                        <tr style="background-color: <?php echo ($index % 2 == 0) ? '#f9f9f9' : '#ffffff'; ?>;">
-                            <td><?php echo esc_html($row->user_id); ?></td>
-                            <td><?php echo esc_html($row->action); ?></td>
-                            <td>
-                                <?php 
-                                // Titel des Beitrags abrufen
-                                if ($row->post_id) {
-                                    $post_title = get_the_title($row->post_id);
-                                    echo esc_html($post_title ? $post_title : 'Kein Titel verfügbar');
-                                } else {
-                                    echo 'Kein Beitrag';
-                                }
-                                ?>
-                            </td>
-                            <td><?php echo esc_html($row->post_id); ?></td>
-                            <td><?php echo esc_html($row->timestamp); ?></td>
-                        </tr>
-                    <?php endforeach; ?>
-                <?php else: ?>
-                    <tr>
-                        <td colspan="5"><?php _e('Keine Daten verfügbar', 'wp-multi'); ?></td>
-                    </tr>
-                <?php endif; ?>
-            </tbody>
-        </table>
-    </div>
-    <?php
+    return $wpdb->get_results(
+        $wpdb->prepare(
+            "SELECT DATE(timestamp) AS date, action, post_id, COUNT(*) AS count, user_id, timestamp
+             FROM " . WP_MULTI_ANALYTICS_TABLE . "
+             WHERE timestamp >= %s 
+             GROUP BY date, action, post_id, user_id, timestamp 
+             ORDER BY date ASC",
+            date('Y-m-d H:i:s', strtotime($date_query))
+        )
+    );
 }
 
-// Funktion, um die Analytics-Daten zu holen (Datum und Anzahl der Aktivitäten)
-function wp_multi_get_analytics_data() {
-    global $wpdb;
-    $table_name = $wpdb->prefix . 'wp_multi_user_analytics';
-
-    // Die letzten 7 Tage abrufen
-    $results = $wpdb->get_results(" 
-        SELECT DATE(timestamp) AS date, action, post_id, COUNT(*) AS count, user_id, timestamp
-        FROM $table_name 
-        WHERE timestamp >= CURDATE() - INTERVAL 7 DAY 
-        GROUP BY date, action, post_id, user_id, timestamp 
-        ORDER BY date ASC
-    ");
-
-    // Daten für das Diagramm und die Tabelle organisieren
-    $dates = array();
-    $comment_counts = array();
-    $view_counts = array();
-    $post_titles = array();
+/**
+ * Verarbeitet rohe Analytics-Daten für Diagramm und Tabelle.
+ *
+ * @param array $results Rohe Analytics-Daten.
+ * @return array Verarbeitete Daten.
+ */
+function wp_multi_process_analytics_data($results) {
+    $dates = [];
+    $comment_counts = [];
+    $view_counts = [];
 
     foreach ($results as $result) {
-        $dates[] = $result->date;
-        if ($result->action == 'comment') {
-            $comment_counts[$result->date] = $result->count;
-        } elseif ($result->action == 'view') {
-            $view_counts[$result->date] = $result->count;
+        $date = $result->date;
+        if (!in_array($date, $dates)) {
+            $dates[] = $date;
         }
-
-        // Hinzufügen der Post-Titel für die Anzeige
-        if (!empty($result->post_id)) {
-            $post_titles[$result->post_id] = get_the_title($result->post_id);
+        if ($result->action === 'comment') {
+            $comment_counts[$date] = ($comment_counts[$date] ?? 0) + $result->count;
+        } elseif ($result->action === 'view') {
+            $view_counts[$date] = ($view_counts[$date] ?? 0) + $result->count;
         }
     }
 
-    // Sicherstellen, dass alle Daten für die letzten 7 Tage vorhanden sind
-    $unique_dates = array_unique($dates);
-    $all_dates = array();
-    $datasets = array(
-        'comments' => [],
-        'views' => []
-    );
+    $all_dates = [];
+    $datasets = ['comments' => [], 'views' => []];
 
     for ($i = 6; $i >= 0; $i--) {
         $date = date('Y-m-d', strtotime("-$i day"));
         $all_dates[] = $date;
-        $datasets['comments'][] = isset($comment_counts[$date]) ? $comment_counts[$date] : 0;
-        $datasets['views'][] = isset($view_counts[$date]) ? $view_counts[$date] : 0;
+        $datasets['comments'][] = $comment_counts[$date] ?? 0;
+        $datasets['views'][] = $view_counts[$date] ?? 0;
     }
 
-    // Rückgabe der Daten für das Diagramm und die Tabelle
     return [
         'dates' => array_reverse($all_dates),
         'datasets' => [
             [
-                'label' => 'Kommentare',
+                'label' => __('Kommentare', 'wp-multi'),
                 'data' => array_reverse($datasets['comments']),
                 'borderColor' => 'rgba(75, 192, 192, 1)',
                 'borderWidth' => 1,
                 'fill' => false,
             ],
             [
-                'label' => 'Beitragsaufrufe',
+                'label' => __('Beitragsaufrufe', 'wp-multi'),
                 'data' => array_reverse($datasets['views']),
                 'borderColor' => 'rgba(153, 102, 255, 1)',
                 'borderWidth' => 1,
@@ -1796,66 +1859,211 @@ function wp_multi_get_analytics_data() {
     ];
 }
 
-// Hinzufügen der Analytics-Seite unter "Benutzer" im Admin-Menü
+/**
+ * Ruft Analytics-Daten mit Caching ab.
+ *
+ * @param string $date_query Datum für die Abfrage.
+ * @return array Analytics-Daten.
+ */
+function wp_multi_get_analytics_data($date_query = 'CURDATE() - INTERVAL 7 DAY') {
+    $cache_key = 'wp_multi_analytics_data_' . md5($date_query);
+    $cached_data = get_transient($cache_key);
+
+    if ($cached_data !== false) {
+        return $cached_data;
+    }
+
+    $results = wp_multi_fetch_raw_analytics($date_query);
+    $data = wp_multi_process_analytics_data($results);
+
+    set_transient($cache_key, $data, HOUR_IN_SECONDS);
+    return $data;
+}
+
+/**
+ * Zeigt die Benutzer-Analytics-Seite im Admin-Bereich an.
+ */
+function wp_multi_display_user_analytics() {
+    global $wpdb;
+
+    if (!$wpdb->get_var("SHOW TABLES LIKE '" . WP_MULTI_ANALYTICS_TABLE . "'")) {
+        echo '<div class="error"><p>' . esc_html__('Die Analytics-Tabelle existiert nicht. Bitte aktiviere das Plugin erneut.', 'wp-multi') . '</p></div>';
+        return;
+    }
+
+    $time_range = isset($_GET['time_range']) ? sanitize_text_field($_GET['time_range']) : '7days';
+    $date_query = 'CURDATE() - INTERVAL 7 DAY';
+    if ($time_range === '30days') {
+        $date_query = 'CURDATE() - INTERVAL 30 DAY';
+    } elseif ($time_range === 'custom' && isset($_GET['start_date'], $_GET['end_date'])) {
+        $start_date = sanitize_text_field($_GET['start_date']);
+        $end_date = sanitize_text_field($_GET['end_date']);
+        $date_query = "$start_date AND $end_date";
+    }
+
+    $results = wp_multi_get_analytics_data($date_query);
+
+    ?>
+    <div class="wrap">
+        <div style="background-color: #0073aa; padding: 20px; text-align: center; color: white;">
+            <img src="https://m-viper.de/img/logo.png" alt="Logo" style="height: 50px; vertical-align: middle;">
+            <h1 style="display: inline; margin-left: 10px;"><?php esc_html_e('Benutzer Analytics', 'wp-multi'); ?></h1>
+        </div>
+
+        <form method="get">
+            <input type="hidden" name="page" value="wp_multi_analytics">
+            <select name="time_range" onchange="this.form.submit()">
+                <option value="7days" <?php selected($time_range, '7days'); ?>><?php esc_html_e('Letzte 7 Tage', 'wp-multi'); ?></option>
+                <option value="30days" <?php selected($time_range, '30days'); ?>><?php esc_html_e('Letzte 30 Tage', 'wp-multi'); ?></option>
+                <option value="custom" <?php selected($time_range, 'custom'); ?>><?php esc_html_e('Benutzerdefiniert', 'wp-multi'); ?></option>
+            </select>
+            <?php if ($time_range === 'custom') : ?>
+                <input type="date" name="start_date" value="<?php echo esc_attr($_GET['start_date'] ?? ''); ?>">
+                <input type="date" name="end_date" value="<?php echo esc_attr($_GET['end_date'] ?? ''); ?>">
+            <?php endif; ?>
+            <button type="submit"><?php esc_html_e('Filtern', 'wp-multi'); ?></button>
+        </form>
+
+        <?php if (empty($results['data'])) : ?>
+            <p><?php esc_html_e('Keine Daten verfügbar.', 'wp-multi'); ?></p>
+        <?php else : ?>
+            <canvas id="userActivityChart" style="height: 300px; width: 100%;"></canvas>
+            <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
+            <script>
+                if (typeof Chart !== 'undefined') {
+                    document.addEventListener('DOMContentLoaded', function () {
+                        var ctx = document.getElementById('userActivityChart').getContext('2d');
+                        var chart = new Chart(ctx, {
+                            type: 'line',
+                            data: {
+                                labels: <?php echo wp_json_encode($results['dates']); ?>,
+                                datasets: <?php echo wp_json_encode($results['datasets']); ?>,
+                            },
+                            options: {
+                                scales: {
+                                    x: { title: { display: true, text: '<?php echo esc_js(__('Datum', 'wp-multi')); ?>' } },
+                                    y: { title: { display: true, text: '<?php echo esc_js(__('Anzahl', 'wp-multi')); ?>' }, beginAtZero: true }
+                                }
+                            }
+                        });
+                    });
+                } else {
+                    console.error('Chart.js konnte nicht geladen werden.');
+                }
+            </script>
+
+            <table class="widefat">
+                <thead>
+                    <tr>
+                        <th><?php esc_html_e('Benutzer ID', 'wp-multi'); ?></th>
+                        <th><?php esc_html_e('Aktion', 'wp-multi'); ?></th>
+                        <th><?php esc_html_e('Beitrag Titel', 'wp-multi'); ?></th>
+                        <th><?php esc_html_e('Beitrag ID', 'wp-multi'); ?></th>
+                        <th><?php esc_html_e('Zeitstempel', 'wp-multi'); ?></th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php foreach ($results['data'] as $index => $row) : ?>
+                        <tr style="background-color: <?php echo ($index % 2 == 0) ? '#f9f9f9' : '#ffffff'; ?>;">
+                            <td><?php echo esc_html($row->user_id); ?></td>
+                            <td><?php echo esc_html($row->action); ?></td>
+                            <td>
+                                <?php
+                                if ($row->post_id) {
+                                    $post_title = get_the_title($row->post_id);
+                                    echo esc_html($post_title ?: __('Kein Titel verfügbar', 'wp-multi'));
+                                } else {
+                                    echo esc_html__('Kein Beitrag', 'wp-multi');
+                                }
+                                ?>
+                            </td>
+                            <td><?php echo esc_html($row->post_id ?: '-'); ?></td>
+                            <td><?php echo esc_html($row->timestamp); ?></td>
+                        </tr>
+                    <?php endforeach; ?>
+                </tbody>
+            </table>
+        <?php endif; ?>
+    </div>
+    <?php
+}
+
+/**
+ * Fügt die Analytics-Seite zum Admin-Menü hinzu.
+ */
 function wp_multi_add_analytics_page() {
     add_submenu_page(
-        'users.php', // Die übergeordnete Seite (Benutzer)
-        __('Benutzer Analytics', 'wp-multi'), // Titel der Seite
-        __('Benutzer Analytics', 'wp-multi'), // Text im Menü
-        'manage_options', // Berechtigungen
-        'wp_multi_analytics', // Menü-Slug
-        'wp_multi_display_user_analytics' // Die Funktion, die die Seite anzeigt
+        'users.php',
+        __('Benutzer Analytics', 'wp-multi'),
+        __('Benutzer Analytics', 'wp-multi'),
+        'manage_options',
+        'wp_multi_analytics',
+        'wp_multi_display_user_analytics'
     );
 }
 add_action('admin_menu', 'wp_multi_add_analytics_page');
 
 
 /*
-* User Daten Filtern (URL, Mail-Adresse usw...)
-*/
+ * Verbesserter Kommentar-Filter mit reduzierter Blockierung harmloser Wörter
+ */
 
 
-// Admin-Einstellungen registrieren
+define('WP_MULTI_FILTER_OPTION_PREFIX', 'wp_multi_filter_');
+define('WP_MULTI_SWEAR_WORDS_CACHE_KEY', 'wp_multi_swear_words');
+define('WP_MULTI_BAD_WORDS_URL', 'https://git.viper.ipv64.net/M_Viper/wp-multi/raw/branch/main/includes/bad-words.json');
+
+/**
+ * Registriert die Admin-Einstellungen für den Kommentar-Filter.
+ */
 function wp_multi_register_comment_filter_settings() {
-    add_option('wp_multi_filter_phone', '1');
-    add_option('wp_multi_filter_email', '1');
-    add_option('wp_multi_filter_url', '1');
-    add_option('wp_multi_filter_swear', '1');
-    add_option('wp_multi_filter_ip', '1');
-    add_option('wp_multi_allowed_urls', ''); // NEU: Erlaubte URLs
+    $options = [
+        'phone' => '1',
+        'email' => '1',
+        'url' => '1',
+        'swear' => '1',
+        'ip' => '1',
+        'allowed_urls' => '',
+        'allowed_words' => '', // Neue Option für erlaubte Wörter
+        'filter_strength' => 'moderate', // Neue Option für Filterstärke
+    ];
 
-    register_setting('wp_multi_filter_options_group', 'wp_multi_filter_phone');
-    register_setting('wp_multi_filter_options_group', 'wp_multi_filter_email');
-    register_setting('wp_multi_filter_options_group', 'wp_multi_filter_url');
-    register_setting('wp_multi_filter_options_group', 'wp_multi_filter_swear');
-    register_setting('wp_multi_filter_options_group', 'wp_multi_filter_ip');
-    register_setting('wp_multi_filter_options_group', 'wp_multi_allowed_urls'); // NEU
+    foreach ($options as $key => $default) {
+        add_option(WP_MULTI_FILTER_OPTION_PREFIX . $key, $default);
+        register_setting('wp_multi_filter_options_group', WP_MULTI_FILTER_OPTION_PREFIX . $key, [
+            'sanitize_callback' => $key === 'allowed_urls' || $key === 'allowed_words' ? 'sanitize_textarea_field' : 'sanitize_text_field',
+        ]);
+    }
 }
 add_action('admin_init', 'wp_multi_register_comment_filter_settings');
 
-// Admin-Menü & Untermenü hinzufügen
+/**
+ * Fügt das Admin-Menü für den Kommentar-Filter hinzu.
+ */
 function wp_multi_create_menu() {
     add_submenu_page(
         'users.php',
-        'Benutzer sperren', 
-        'Benutzer sperren', 
-        'manage_options', 
-        'wp-multi-blocked-users', 
+        __('Benutzer sperren', 'wp-multi'),
+        __('Benutzer sperren', 'wp-multi'),
+        'manage_options',
+        'wp-multi-blocked-users',
         'wp_multi_blocked_users_page'
     );
 
     add_submenu_page(
         'edit-comments.php',
-        'Kommentar-Filter Einstellungen', 
-        'Kommentar-Filter', 
-        'manage_options', 
-        'wp-multi-comment-filter-settings', 
+        __('Kommentar-Filter Einstellungen', 'wp-multi'),
+        __('Kommentar-Filter', 'wp-multi'),
+        'manage_options',
+        'wp-multi-comment-filter-settings',
         'wp_multi_comment_filter_settings_page'
     );
 }
 add_action('admin_menu', 'wp_multi_create_menu');
 
-// Admin-Seite für Kommentar-Filter
+/**
+ * Rendert die Admin-Seite für Kommentar-Filter-Einstellungen.
+ */
 function wp_multi_comment_filter_settings_page() {
     ?>
     <div class="wrap">
@@ -1863,38 +2071,61 @@ function wp_multi_comment_filter_settings_page() {
             <img src="https://m-viper.de/img/logo.png" alt="Logo" class="wp-multi-logo">
         </div>
 
-        <h1>Kommentar-Filter Einstellungen</h1>
-        
+        <h1><?php esc_html_e('Kommentar-Filter Einstellungen', 'wp-multi'); ?></h1>
+
         <form method="post" action="options.php">
             <?php settings_fields('wp_multi_filter_options_group'); ?>
             <table class="form-table">
-                <tr><th><label for="wp_multi_filter_phone">Rufnummern filtern</label></th>
-                    <td><input type="checkbox" name="wp_multi_filter_phone" value="1" <?php checked(1, get_option('wp_multi_filter_phone'), true); ?>></td>
-                </tr>
-                <tr><th><label for="wp_multi_filter_email">E-Mail-Adressen filtern</label></th>
-                    <td><input type="checkbox" name="wp_multi_filter_email" value="1" <?php checked(1, get_option('wp_multi_filter_email'), true); ?>></td>
-                </tr>
-                <tr><th><label for="wp_multi_filter_url">URLs filtern</label></th>
-                    <td><input type="checkbox" name="wp_multi_filter_url" value="1" <?php checked(1, get_option('wp_multi_filter_url'), true); ?>></td>
-                </tr>
-                <tr><th><label for="wp_multi_filter_swear">Schimpfwörter filtern</label></th>
-                    <td><input type="checkbox" name="wp_multi_filter_swear" value="1" <?php checked(1, get_option('wp_multi_filter_swear'), true); ?>></td>
-                </tr>
-                <tr><th><label for="wp_multi_filter_ip">IP-Adressen filtern</label></th>
-                    <td><input type="checkbox" name="wp_multi_filter_ip" value="1" <?php checked(1, get_option('wp_multi_filter_ip'), true); ?>></td>
+                <tr>
+                    <th><label for="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>phone"><?php esc_html_e('Rufnummern filtern', 'wp-multi'); ?></label></th>
+                    <td><input type="checkbox" name="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>phone" value="1" <?php checked(1, get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'phone')); ?>></td>
                 </tr>
                 <tr>
-                    <th><label for="wp_multi_allowed_urls">Erlaubte URLs</label></th>
+                    <th><label for="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>email"><?php esc_html_e('E-Mail-Adressen filtern', 'wp-multi'); ?></label></th>
+                    <td><input type="checkbox" name="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>email" value="1" <?php checked(1, get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'email')); ?>></td>
+                </tr>
+                <tr>
+                    <th><label for="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>url"><?php esc_html_e('URLs filtern', 'wp-multi'); ?></label></th>
+                    <td><input type="checkbox" name="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>url" value="1" <?php checked(1, get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'url')); ?>></td>
+                </tr>
+                <tr>
+                    <th><label for="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>swear"><?php esc_html_e('Schimpfwörter filtern', 'wp-multi'); ?></label></th>
+                    <td><input type="checkbox" name="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>swear" value="1" <?php checked(1, get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'swear')); ?>></td>
+                </tr>
+                <tr>
+                    <th><label for="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>ip"><?php esc_html_e('IP-Adressen filtern', 'wp-multi'); ?></label></th>
+                    <td><input type="checkbox" name="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>ip" value="1" <?php checked(1, get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'ip')); ?>></td>
+                </tr>
+                <tr>
+                    <th><label for="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>filter_strength"><?php esc_html_e('Filterstärke', 'wp-multi'); ?></label></th>
                     <td>
-                        <textarea name="wp_multi_allowed_urls" rows="5" cols="50"><?php echo esc_textarea(get_option('wp_multi_allowed_urls')); ?></textarea>
-                        <p class="description">Trenne mehrere URLs mit einem Komma. Es wird automatisch <strong>http://</strong> und <strong>www.</strong> entfernt, bevor die URL überprüft wird.</p>
+                        <select name="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>filter_strength">
+                            <option value="strict" <?php selected(get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'filter_strength'), 'strict'); ?>><?php esc_html_e('Strikt', 'wp-multi'); ?></option>
+                            <option value="moderate" <?php selected(get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'filter_strength'), 'moderate'); ?>><?php esc_html_e('Moderat', 'wp-multi'); ?></option>
+                            <option value="loose" <?php selected(get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'filter_strength'), 'loose'); ?>><?php esc_html_e('Locker', 'wp-multi'); ?></option>
+                        </select>
+                        <p class="description"><?php esc_html_e('Strikt: Blockiert alle verdächtigen Inhalte. Moderat: Nur klare Verstöße. Locker: Minimiert Fehlalarme.', 'wp-multi'); ?></p>
+                    </td>
+                </tr>
+                <tr>
+                    <th><label for="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>allowed_urls"><?php esc_html_e('Erlaubte URLs', 'wp-multi'); ?></label></th>
+                    <td>
+                        <textarea name="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>allowed_urls" rows="5" cols="50"><?php echo esc_textarea(get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'allowed_urls')); ?></textarea>
+                        <p class="description"><?php esc_html_e('Trenne mehrere URLs mit einem Komma (z. B. example.com, anotherexample.org).', 'wp-multi'); ?></p>
+                    </td>
+                </tr>
+                <tr>
+                    <th><label for="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>allowed_words"><?php esc_html_e('Erlaubte Wörter', 'wp-multi'); ?></label></th>
+                    <td>
+                        <textarea name="<?php echo esc_attr(WP_MULTI_FILTER_OPTION_PREFIX); ?>allowed_words" rows="5" cols="50"><?php echo esc_textarea(get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'allowed_words')); ?></textarea>
+                        <p class="description"><?php esc_html_e('Wörter, die nicht als Schimpfwörter blockiert werden sollen, getrennt durch Kommas.', 'wp-multi'); ?></p>
                     </td>
                 </tr>
             </table>
             <?php submit_button(); ?>
         </form>
     </div>
-    
+
     <style>
         .wp-multi-banner { background-color: #0073aa; padding: 20px; text-align: center; border-radius: 8px 8px 0 0; margin-bottom: 30px; }
         .wp-multi-logo { max-width: 200px; height: auto; }
@@ -1904,53 +2135,114 @@ function wp_multi_comment_filter_settings_page() {
         .form-table td { padding: 12px 15px; border: 1px solid #ddd; }
         input[type="submit"] { background-color: #0073aa; color: white; padding: 10px 20px; border: none; border-radius: 5px; cursor: pointer; font-size: 16px; transition: background-color 0.3s ease; }
         input[type="submit"]:hover { background-color: #005177; }
+        .description { color: #666; font-size: 12px; }
     </style>
     <?php
 }
 
-// Kommentar-Filter Funktion
-function wp_multi_filter_comment_content($comment_content) {
-    $bad_words_url = 'https://git.viper.ipv64.net/M_Viper/wp-multi/raw/branch/main/includes/bad-words.json';
-
-    $swear_words = get_transient('wp_multi_swear_words');
-    if ($swear_words === false) {
-        $response = wp_remote_get($bad_words_url);
-        if (!is_wp_error($response)) {
-            $json_content = wp_remote_retrieve_body($response);
-            $decoded_data = json_decode($json_content, true);
-            if (json_last_error() === JSON_ERROR_NONE && isset($decoded_data['words']) && is_array($decoded_data['words'])) {
-                $swear_words = $decoded_data['words'];
-                set_transient('wp_multi_swear_words', $swear_words, HOUR_IN_SECONDS);
-            }
-        }
+/**
+ * Lädt die Liste der Schimpfwörter mit Fallback.
+ *
+ * @return array Liste der Schimpfwörter.
+ */
+function wp_multi_load_swear_words() {
+    $swear_words = get_transient(WP_MULTI_SWEAR_WORDS_CACHE_KEY);
+    if ($swear_words !== false) {
+        return $swear_words;
     }
 
-    if (get_option('wp_multi_filter_swear') == 1 && !empty($swear_words)) {
-        foreach ($swear_words as $word) {
+    $swear_words = [];
+    $response = wp_remote_get(WP_MULTI_BAD_WORDS_URL, ['timeout' => 5]);
+    if (!is_wp_error($response)) {
+        $json_content = wp_remote_retrieve_body($response);
+        $decoded_data = json_decode($json_content, true);
+        if (json_last_error() === JSON_ERROR_NONE && isset($decoded_data['words']) && is_array($decoded_data['words'])) {
+            $swear_words = array_map('strtolower', $decoded_data['words']);
+            set_transient(WP_MULTI_SWEAR_WORDS_CACHE_KEY, $swear_words, DAY_IN_SECONDS);
+        } else {
+            error_log('WP Multi Filter: Fehler beim Dekodieren der Schimpfwort-JSON-Datei.');
+        }
+    } else {
+        error_log('WP Multi Filter: Fehler beim Abrufen der Schimpfwort-Liste: ' . $response->get_error_message());
+    }
+
+    // Fallback: Standard-Schimpfwörter, falls die externe Liste nicht verfügbar ist
+    if (empty($swear_words)) {
+        $swear_words = ['beispielwort1', 'beispielwort2']; // Ersetze durch echte Fallback-Wörter
+    }
+
+    return $swear_words;
+}
+
+/**
+ * Filtert Schimpfwörter basierend auf der Filterstärke.
+ *
+ * @param string $content Kommentarinhalt.
+ * @param array  $swear_words Schimpfwörter.
+ * @param array  $allowed_words Erlaubte Wörter.
+ * @param string $strength Filterstärke.
+ * @return string Gefilterter Inhalt.
+ */
+function wp_multi_filter_swear_words($content, $swear_words, $allowed_words, $strength) {
+    if (empty($swear_words)) {
+        return $content;
+    }
+
+    foreach ($swear_words as $word) {
+        if (in_array(strtolower($word), $allowed_words)) {
+            continue;
+        }
+
+        $pattern = ($strength === 'loose')
+            ? '/\b' . preg_quote($word, '/') . '\b/iu'
+            : '/\b' . preg_quote($word, '/') . '[a-z0-9]*\b/iu';
+
+        if ($strength === 'moderate') {
             $pattern = '/\b' . preg_quote($word, '/') . '\b/iu';
-            $replacement = str_repeat('*', mb_strlen($word));
-            $comment_content = preg_replace($pattern, $replacement, $comment_content);
         }
+
+        $replacement = str_repeat('*', mb_strlen($word));
+        $content = preg_replace($pattern, $replacement, $content);
     }
 
-    if (get_option('wp_multi_filter_phone') == 1) {
+    return $content;
+}
+
+/**
+ * Filtert Kommentarinhalte basierend auf den Einstellungen.
+ *
+ * @param string $comment_content Kommentarinhalt.
+ * @return string Gefilterter Inhalt.
+ */
+function wp_multi_filter_comment_content($comment_content) {
+    if (get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'swear') == 1) {
+        $swear_words = wp_multi_load_swear_words();
+        $allowed_words = array_map('strtolower', array_map('trim', explode(',', get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'allowed_words', ''))));
+        $filter_strength = get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'filter_strength', 'moderate');
+        $comment_content = wp_multi_filter_swear_words($comment_content, $swear_words, $allowed_words, $filter_strength);
+    }
+
+    if (get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'phone') == 1) {
         $comment_content = preg_replace('/\b(\+?[0-9]{1,3}[-.\s]?)?(\(?\d{2,4}\)?[-.\s]?\d{2,4}[-.\s]?\d{2,4})\b/i', '**********', $comment_content);
     }
 
-    if (get_option('wp_multi_filter_email') == 1) {
+    if (get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'email') == 1) {
         $comment_content = preg_replace('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/i', '**********', $comment_content);
     }
 
-    if (get_option('wp_multi_filter_url') == 1) {
-        $allowed_urls = array_map('trim', explode(',', get_option('wp_multi_allowed_urls', '')));
-        $comment_content = preg_replace_callback('/\b((https?:\/\/)?(www\.)?[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})(\/\S*)?\b/i', function($matches) use ($allowed_urls) {
-            // Entfernt "http://", "https://" und "www."
-            $url = strtolower(preg_replace(['/^https?:\/\//', '/^www\./'], '', $matches[0]));
-            return in_array($url, $allowed_urls) ? $matches[0] : '**************';
-        }, $comment_content);
+    if (get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'url') == 1) {
+        $allowed_urls = array_map('strtolower', array_map('trim', explode(',', get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'allowed_urls', ''))));
+        $comment_content = preg_replace_callback(
+            '/\b((https?:\/\/)?(www\.)?[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})(\/\S*)?\b/i',
+            function ($matches) use ($allowed_urls) {
+                $url = strtolower(preg_replace(['/^https?:\/\//', '/^www\./'], '', $matches[0]));
+                return in_array($url, $allowed_urls) ? $matches[0] : '**************';
+            },
+            $comment_content
+        );
     }
 
-    if (get_option('wp_multi_filter_ip') == 1) {
+    if (get_option(WP_MULTI_FILTER_OPTION_PREFIX . 'ip') == 1) {
         $comment_content = preg_replace('/\b(?:\d{1,3}\.){3}\d{1,3}\b/', '**********', $comment_content);
     }
 
@@ -4220,185 +4512,332 @@ add_action('admin_menu', 'wp_stat_notice_add_reported_posts_menu');
 
 
 /*
-* Gast Lesezeichen
-*/
+ * Verbessertes Gast-Lesezeichen-Plugin mit erhöhter Sicherheit und Benutzerfreundlichkeit
+ */
 
 
-// Funktion zum Erstellen des benutzerdefinierten Post-Typs für Lesezeichen
+define('STATISTIK_MANAGER_BOOKMARK_POST_TYPE', 'bookmark');
+define('STATISTIK_MANAGER_COOKIE_NAME', 'guest_token');
+define('STATISTIK_MANAGER_COOKIE_DURATION', 30 * DAY_IN_SECONDS);
+define('STATISTIK_MANAGER_BOOKMARKS_CACHE_KEY', 'statistik_manager_bookmarks_');
+
+/**
+ * Erstellt den benutzerdefinierten Post-Typ für Lesezeichen.
+ */
 function statistik_manager_create_bookmark_post_type() {
-    register_post_type('bookmark',
-        array(
-            'labels' => array(
-                'name' => __('Lesezeichen', 'statistik-manager'),
-                'singular_name' => __('Lesezeichen', 'statistik-manager')
-            ),
-            'public' => false, // Privat, nur für Backend
-            'show_ui' => false, // Nicht im Backend anzeigen
-            'show_in_menu' => false, // Nicht im Menü anzeigen
-            'supports' => array('title', 'custom-fields')
-        )
-    );
+    register_post_type(STATISTIK_MANAGER_BOOKMARK_POST_TYPE, [
+        'labels' => [
+            'name' => __('Lesezeichen', 'statistik-manager'),
+            'singular_name' => __('Lesezeichen', 'statistik-manager'),
+        ],
+        'public' => false,
+        'show_ui' => false,
+        'show_in_menu' => false,
+        'supports' => ['title', 'custom-fields'],
+    ]);
 }
 add_action('init', 'statistik_manager_create_bookmark_post_type');
 
-// Funktion zum Speichern eines Lesezeichens für Gäste
-function statistik_manager_save_bookmark($post_id) {
-    if (isset($_COOKIE['guest_token'])) {
-        update_post_meta($post_id, '_guest_token', $_COOKIE['guest_token']);
-    }
-}
-
-// Funktion zum Abrufen der Lesezeichen eines Gastes
-function statistik_manager_get_guest_bookmarks() {
-    $guest_token = isset($_COOKIE['guest_token']) ? $_COOKIE['guest_token'] : null;
+/**
+ * Generiert oder holt den Gast-Token.
+ *
+ * @return string Der Gast-Token.
+ */
+function statistik_manager_get_guest_token() {
+    $guest_token = isset($_COOKIE[STATISTIK_MANAGER_COOKIE_NAME]) ? sanitize_text_field($_COOKIE[STATISTIK_MANAGER_COOKIE_NAME]) : null;
 
     if (!$guest_token) {
-        // Wenn der Gast noch kein Token hat, erstellen und speichern
-        $guest_token = wp_generate_uuid4(); // Ein zufälliger UUID-Token
-        setcookie('guest_token', $guest_token, time() + 3600 * 24 * 30, COOKIEPATH, COOKIE_DOMAIN); // Cookie für 30 Tage setzen
+        $guest_token = wp_generate_uuid4();
+        setcookie(
+            STATISTIK_MANAGER_COOKIE_NAME,
+            $guest_token,
+            time() + STATISTIK_MANAGER_COOKIE_DURATION,
+            COOKIEPATH,
+            COOKIE_DOMAIN,
+            is_ssl(), // Secure
+            true // HttpOnly
+        );
     }
 
-    // Abfrage der Lesezeichen für den aktuellen Gast
-    $args = array(
-        'post_type' => 'bookmark',
-        'meta_key' => '_guest_token',
-        'meta_value' => $guest_token,
-        'posts_per_page' => -1,
-        'post_status' => 'publish'
-    );
-    $bookmarks_query = new WP_Query($args);
-
-    return $bookmarks_query->posts;
+    return $guest_token;
 }
 
-// Funktion zum Löschen eines Lesezeichens (nur für den aktuellen Gast)
-function statistik_manager_delete_bookmark() {
-    if (isset($_POST['bookmark_id']) && isset($_COOKIE['guest_token'])) {
-        $bookmark_id = intval($_POST['bookmark_id']);
-        $guest_token = $_COOKIE['guest_token'];
+/**
+ * Speichert ein Lesezeichen für einen Gast.
+ *
+ * @param int $post_id Post-ID des Lesezeichens.
+ */
+function statistik_manager_save_bookmark($post_id) {
+    $guest_token = statistik_manager_get_guest_token();
+    update_post_meta($post_id, '_guest_token', $guest_token);
+}
 
-        // Überprüfen, ob das Lesezeichen diesem Gast gehört
-        $stored_token = get_post_meta($bookmark_id, '_guest_token', true);
-        if ($stored_token === $guest_token) {
-            wp_delete_post($bookmark_id, true);
-            echo 'Lesezeichen erfolgreich gelöscht!';
-        } else {
-            echo 'Du kannst nur deine eigenen Lesezeichen löschen!';
-        }
+/**
+ * Ruft die Lesezeichen eines Gastes ab.
+ *
+ * @return array Liste der Lesezeichen.
+ */
+function statistik_manager_get_guest_bookmarks() {
+    $guest_token = statistik_manager_get_guest_token();
+    $cache_key = STATISTIK_MANAGER_BOOKMARKS_CACHE_KEY . md5($guest_token);
+    $bookmarks = get_transient($cache_key);
+
+    if ($bookmarks !== false) {
+        return $bookmarks;
     }
-    wp_die(); // Beende die Anfrage
+
+    $args = [
+        'post_type' => STATISTIK_MANAGER_BOOKMARK_POST_TYPE,
+        'meta_query' => [
+            [
+                'key' => '_guest_token',
+                'value' => $guest_token,
+            ],
+        ],
+        'posts_per_page' => -1,
+        'post_status' => 'publish',
+        'orderby' => 'date',
+        'order' => 'DESC',
+    ];
+
+    $bookmarks_query = new WP_Query($args);
+    $bookmarks = $bookmarks_query->posts;
+
+    set_transient($cache_key, $bookmarks, HOUR_IN_SECONDS);
+    return $bookmarks;
+}
+
+/**
+ * Löscht ein Lesezeichen via AJAX.
+ */
+function statistik_manager_delete_bookmark() {
+    check_ajax_referer('statistik_manager_bookmark_nonce', 'nonce');
+
+    if (!isset($_POST['bookmark_id']) || !isset($_COOKIE[STATISTIK_MANAGER_COOKIE_NAME])) {
+        wp_send_json_error(['message' => __('Ungültige Anfrage.', 'statistik-manager')]);
+    }
+
+    $bookmark_id = absint($_POST['bookmark_id']);
+    $guest_token = sanitize_text_field($_COOKIE[STATISTIK_MANAGER_COOKIE_NAME]);
+    $stored_token = get_post_meta($bookmark_id, '_guest_token', true);
+
+    if ($stored_token !== $guest_token) {
+        wp_send_json_error(['message' => __('Du kannst nur deine eigenen Lesezeichen löschen.', 'statistik-manager')]);
+    }
+
+    wp_delete_post($bookmark_id, true);
+    delete_transient(STATISTIK_MANAGER_BOOKMARKS_CACHE_KEY . md5($guest_token));
+    wp_send_json_success(['message' => __('Lesezeichen erfolgreich gelöscht.', 'statistik-manager')]);
 }
 add_action('wp_ajax_delete_bookmark', 'statistik_manager_delete_bookmark');
 add_action('wp_ajax_nopriv_delete_bookmark', 'statistik_manager_delete_bookmark');
 
-// Funktion zum Anzeigen der Lesezeichen mit Löschen-Option
-function statistik_manager_display_bookmarks() {
-    $bookmarks = statistik_manager_get_guest_bookmarks();
-
-    if (!empty($bookmarks)) {
-        $output = '<div class="statistik-manager-bookmarks">';
-        $output .= '<h3>' . __('Gespeicherte Lesezeichen', 'statistik-manager') . '</h3>';
-        $output .= '<ul>';
-
-        foreach ($bookmarks as $bookmark) {
-            $bookmark_url = get_post_meta($bookmark->ID, '_bookmark_url', true);
-            $bookmark_id = $bookmark->ID;
-            $bookmark_name = get_the_title($bookmark);  // Benutzerdefinierter Name des Lesezeichens
-
-            // Ausgabe des Lesezeichens mit getauschtem Button und Titel
-            $output .= '<li>';
-            // Button kommt nun vor dem Titel
-            $output .= ' <button class="delete-bookmark-btn" data-bookmark-id="' . esc_attr($bookmark_id) . '">' . __('Lesezeichen Löschen', 'statistik-manager') . '</button>';
-            $output .= '<a href="' . esc_url($bookmark_url) . '" target="_blank">' . esc_html($bookmark_name) . '</a>';
-            $output .= '</li>';
-        }
-
-        $output .= '</ul>';
-        $output .= '</div>';
-        return $output;
-    } else {
-        return '<p>' . __('Keine Lesezeichen gefunden.', 'statistik-manager') . '</p>';
-    }
-}
-
-// Funktion zum Hinzufügen eines Lesezeichens via AJAX
+/**
+ * Fügt ein Lesezeichen via AJAX hinzu.
+ */
 function statistik_manager_add_bookmark_ajax() {
-    if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['bookmark_url']) && isset($_POST['bookmark_name'])) {
-        $bookmark_url = sanitize_text_field($_POST['bookmark_url']);
-        $bookmark_name = sanitize_text_field($_POST['bookmark_name']); // Name des Lesezeichens
+    check_ajax_referer('statistik_manager_bookmark_nonce', 'nonce');
 
-        // Neues Lesezeichen erstellen
-        $post_id = wp_insert_post(array(
-            'post_type' => 'bookmark',
-            'post_title' => $bookmark_name, // Benutzerdefinierter Name für das Lesezeichen
-            'post_status' => 'publish',
-            'meta_input' => array(
-                '_bookmark_url' => $bookmark_url
-            )
-        ));
-
-        // Speichern des Gast-Token
-        if (isset($_COOKIE['guest_token'])) {
-            update_post_meta($post_id, '_guest_token', $_COOKIE['guest_token']);
-        }
-
-        // Rückgabe des neuen Lesezeichens als HTML
-        $bookmark_html = '<li>';
-        $bookmark_html .= '<button class="delete-bookmark-btn" data-bookmark-id="' . esc_attr($post_id) . '">' . __('Lesezeichen Löschen', 'statistik-manager') . '</button>';
-        $bookmark_html .= '<a href="' . esc_url($bookmark_url) . '" target="_blank">' . esc_html($bookmark_name) . '</a>';
-        $bookmark_html .= '</li>';
-
-        echo $bookmark_html;
+    if (!isset($_POST['bookmark_url']) || !isset($_POST['bookmark_name'])) {
+        wp_send_json_error(['message' => __('Bitte alle Felder ausfüllen.', 'statistik-manager')]);
     }
 
-    wp_die(); // Beende die Anfrage
+    $bookmark_url = esc_url_raw($_POST['bookmark_url']);
+    $bookmark_name = sanitize_text_field($_POST['bookmark_name']);
+
+    if (empty($bookmark_url) || empty($bookmark_name)) {
+        wp_send_json_error(['message' => __('Ungültige URL oder Name.', 'statistik-manager')]);
+    }
+
+    // Prüfen, ob die URL bereits existiert
+    $guest_token = statistik_manager_get_guest_token();
+    $args = [
+        'post_type' => STATISTIK_MANAGER_BOOKMARK_POST_TYPE,
+        'meta_query' => [
+            'relation' => 'AND',
+            [
+                'key' => '_guest_token',
+                'value' => $guest_token,
+            ],
+            [
+                'key' => '_bookmark_url',
+                'value' => $bookmark_url,
+            ],
+        ],
+        'posts_per_page' => 1,
+    ];
+
+    $existing = new WP_Query($args);
+    if ($existing->have_posts()) {
+        wp_send_json_error(['message' => __('Diese URL ist bereits ein Lesezeichen.', 'statistik-manager')]);
+    }
+
+    // Neues Lesezeichen erstellen
+    $post_id = wp_insert_post([
+        'post_type' => STATISTIK_MANAGER_BOOKMARK_POST_TYPE,
+        'post_title' => $bookmark_name,
+        'post_status' => 'publish',
+        'meta_input' => [
+            '_bookmark_url' => $bookmark_url,
+            '_guest_token' => $guest_token,
+        ],
+    ]);
+
+    if (is_wp_error($post_id)) {
+        wp_send_json_error(['message' => __('Fehler beim Hinzufügen des Lesezeichens.', 'statistik-manager')]);
+    }
+
+    delete_transient(STATISTIK_MANAGER_BOOKMARKS_CACHE_KEY . md5($guest_token));
+    wp_send_json_success([
+        'message' => __('Lesezeichen erfolgreich hinzugefügt.', 'statistik-manager'),
+        'html' => '<li><button class="delete-bookmark-btn" data-bookmark-id="' . esc_attr($post_id) . '">' . esc_html__('Löschen', 'statistik-manager') . '</button><a href="' . esc_url($bookmark_url) . '" target="_blank">' . esc_html($bookmark_name) . '</a></li>',
+    ]);
 }
 add_action('wp_ajax_add_bookmark', 'statistik_manager_add_bookmark_ajax');
 add_action('wp_ajax_nopriv_add_bookmark', 'statistik_manager_add_bookmark_ajax');
 
-// JavaScript zum Hinzufügen des Lesezeichens ohne Seitenaktualisierung
+/**
+ * Zeigt die Lesezeichen eines Gastes an.
+ *
+ * @return string HTML-Ausgabe der Lesezeichen.
+ */
+function statistik_manager_display_bookmarks() {
+    $bookmarks = statistik_manager_get_guest_bookmarks();
+
+    ob_start();
+    ?>
+    <div class="statistik-manager-bookmarks">
+        <h3><?php esc_html_e('Gespeicherte Lesezeichen', 'statistik-manager'); ?></h3>
+        <?php if (empty($bookmarks)) : ?>
+            <p><?php esc_html_e('Keine Lesezeichen gefunden.', 'statistik-manager'); ?></p>
+        <?php else : ?>
+            <ul>
+                <?php foreach ($bookmarks as $bookmark) : ?>
+                    <li>
+                        <button class="delete-bookmark-btn" data-bookmark-id="<?php echo esc_attr($bookmark->ID); ?>">
+                            <?php esc_html_e('Löschen', 'statistik-manager'); ?>
+                        </button>
+                        <a href="<?php echo esc_url(get_post_meta($bookmark->ID, '_bookmark_url', true)); ?>" target="_blank">
+                            <?php echo esc_html(get_the_title($bookmark)); ?>
+                        </a>
+                    </li>
+                <?php endforeach; ?>
+            </ul>
+        <?php endif; ?>
+    </div>
+    <?php
+    return ob_get_clean();
+}
+
+/**
+ * Shortcode zum Anzeigen der Lesezeichen.
+ *
+ * @return string HTML-Ausgabe.
+ */
+function statistik_manager_bookmarks_shortcode() {
+    return statistik_manager_display_bookmarks();
+}
+add_shortcode('display_bookmarks', 'statistik_manager_bookmarks_shortcode');
+
+/**
+ * Shortcode zum Hinzufügen eines Lesezeichens.
+ *
+ * @return string HTML-Ausgabe.
+ */
+function statistik_manager_add_bookmark_shortcode() {
+    ob_start();
+    ?>
+    <form id="add-bookmark-form" class="statistik-manager-bookmark-form">
+        <input type="hidden" name="nonce" value="<?php echo esc_attr(wp_create_nonce('statistik_manager_bookmark_nonce')); ?>">
+        <div class="form-field">
+            <label for="bookmark_name"><?php esc_html_e('Name des Lesezeichens:', 'statistik-manager'); ?></label>
+            <input type="text" name="bookmark_name" id="bookmark_name" required>
+        </div>
+        <div class="form-field">
+            <label for="bookmark_url"><?php esc_html_e('URL des Lesezeichens:', 'statistik-manager'); ?></label>
+            <input type="url" name="bookmark_url" id="bookmark_url" required>
+        </div>
+        <div class="form-field">
+            <button type="submit"><?php esc_html_e('Lesezeichen hinzufügen', 'statistik-manager'); ?></button>
+        </div>
+        <div class="form-message"></div>
+    </form>
+    <style>
+        .statistik-manager-bookmark-form { max-width: 500px; margin: 20px 0; }
+        .statistik-manager-bookmark-form .form-field { margin-bottom: 15px; }
+        .statistik-manager-bookmark-form label { display: block; margin-bottom: 5px; font-weight: bold; }
+        .statistik-manager-bookmark-form input { width: 100%; padding: 8px; border: 1px solid #ddd; border-radius: 4px; }
+        .statistik-manager-bookmark-form button { background-color: #0073aa; color: white; padding: 10px 20px; border: none; border-radius: 4px; cursor: pointer; }
+        .statistik-manager-bookmark-form button:hover { background-color: #005177; }
+        .statistik-manager-bookmark-form .form-message { margin-top: 10px; color: green; }
+        .statistik-manager-bookmark-form .form-message.error { color: red; }
+        .statistik-manager-bookmarks ul { list-style: none; padding: 0; }
+        .statistik-manager-bookmarks li { margin-bottom: 10px; display: flex; align-items: center; }
+        .statistik-manager-bookmarks button { margin-right: 10px; background-color: #d63638; color: white; padding: 5px 10px; border: none; border-radius: 4px; cursor: pointer; }
+        .statistik-manager-bookmarks button:hover { background-color: #a12b2d; }
+        @media (max-width: 600px) {
+            .statistik-manager-bookmark-form input, .statistik-manager-bookmark-form button { font-size: 14px; }
+            .statistik-manager-bookmarks li { flex-direction: column; align-items: flex-start; }
+            .statistik-manager-bookmarks button { margin-bottom: 5px; }
+        }
+    </style>
+    <?php
+    return ob_get_clean();
+}
+add_shortcode('add_bookmark', 'statistik_manager_add_bookmark_shortcode');
+
+/**
+ * Fügt JavaScript für AJAX-Interaktionen hinzu.
+ */
 function statistik_manager_add_bookmark_script() {
+    if (!is_singular() && !has_shortcode(get_the_content(), 'add_bookmark') && !has_shortcode(get_the_content(), 'display_bookmarks')) {
+        return;
+    }
     ?>
     <script type="text/javascript">
-        jQuery(document).ready(function($){
-            // Hinzufügen eines Lesezeichens über AJAX
-            $('form#add-bookmark-form').on('submit', function(e){
-                e.preventDefault(); // Verhindert das Standard-Formular-Absenden
-
-                var bookmarkUrl = $('#bookmark_url').val();
-                var bookmarkName = $('#bookmark_name').val();
+        jQuery(document).ready(function($) {
+            $('#add-bookmark-form').on('submit', function(e) {
+                e.preventDefault();
 
+                var $form = $(this);
+                var $message = $form.find('.form-message');
                 var data = {
                     action: 'add_bookmark',
-                    bookmark_url: bookmarkUrl,
-                    bookmark_name: bookmarkName
+                    nonce: $form.find('[name="nonce"]').val(),
+                    bookmark_url: $form.find('#bookmark_url').val(),
+                    bookmark_name: $form.find('#bookmark_name').val(),
                 };
 
-                // AJAX-Anfrage senden, um das Lesezeichen hinzuzufügen
-                $.post('<?php echo admin_url('admin-ajax.php'); ?>', data, function(response) {
-                    // Füge das neue Lesezeichen zur Liste hinzu, ohne die Seite neu zu laden
-                    $('.statistik-manager-bookmarks ul').append(response);
-                    // Leere die Eingabefelder
-                    $('#bookmark_name').val('');
-                    $('#bookmark_url').val('');
+                $.post('<?php echo esc_url(admin_url('admin-ajax.php')); ?>', data, function(response) {
+                    $message.removeClass('error');
+                    if (response.success) {
+                        $message.addClass('success').text(response.data.message);
+                        $('.statistik-manager-bookmarks ul').append(response.data.html);
+                        $form.find('#bookmark_url, #bookmark_name').val('');
+                    } else {
+                        $message.addClass('error').text(response.data.message);
+                    }
                 });
             });
 
-            // Löschen eines Lesezeichens über AJAX
             $('body').on('click', '.delete-bookmark-btn', function() {
-                var bookmarkId = $(this).data('bookmark-id'); // Holen der ID des Lesezeichens
-                
+                var $button = $(this);
+                var bookmarkId = $button.data('bookmark-id');
                 var data = {
                     action: 'delete_bookmark',
-                    bookmark_id: bookmarkId
+                    nonce: $('#add-bookmark-form [name="nonce"]').val(),
+                    bookmark_id: bookmarkId,
                 };
 
-                // AJAX-Anfrage senden, um das Lesezeichen zu löschen
-                $.post('<?php echo admin_url('admin-ajax.php'); ?>', data, function(response) {
-                    alert(response); // Zeige Antwort an (z.B. "Lesezeichen erfolgreich gelöscht!")
-                    
-                    // Entferne das gelöschte Lesezeichen aus der Liste
-                    $('button[data-bookmark-id="' + bookmarkId + '"]').closest('li').remove();
+                $.post('<?php echo esc_url(admin_url('admin-ajax.php')); ?>', data, function(response) {
+                    var $message = $('.statistik-manager-bookmark-form .form-message');
+                    $message.removeClass('error success');
+                    if (response.success) {
+                        $message.addClass('success').text(response.data.message);
+                        $button.closest('li').remove();
+                    } else {
+                        $message.addClass('error').text(response.data.message);
+                    }
                 });
             });
         });
@@ -4407,34 +4846,6 @@ function statistik_manager_add_bookmark_script() {
 }
 add_action('wp_footer', 'statistik_manager_add_bookmark_script');
 
-// Shortcode zum Anzeigen der gespeicherten Beiträge
-function statistik_manager_bookmarks_shortcode() {
-    return statistik_manager_display_bookmarks();
-}
-add_shortcode('display_bookmarks', 'statistik_manager_bookmarks_shortcode');
-
-// Shortcode zum Hinzufügen eines Beitrags als Lesezeichen
-function statistik_manager_add_bookmark_shortcode() {
-    ob_start();
-    ?>
-    <form method="POST" id="add-bookmark-form">
-        <div class="form-field">
-            <label for="bookmark_name"><?php _e('Gib den Namen deines Lesezeichens ein:', 'statistik-manager'); ?></label>
-            <input type="text" name="bookmark_name" id="bookmark_name" required />
-        </div>
-        <div class="form-field">
-            <label for="bookmark_url"><?php _e('Gib die URL des Lesezeichens ein:', 'statistik-manager'); ?></label>
-            <input type="url" name="bookmark_url" id="bookmark_url" required />
-        </div>
-        <div class="form-field">
-            <button type="submit"><?php _e('Lesezeichen hinzufügen', 'statistik-manager'); ?></button>
-        </div>
-    </form>
-    <?php
-    return ob_get_clean();
-}
-add_shortcode('add_bookmark', 'statistik_manager_add_bookmark_shortcode');
-
 
 /*
 * Statistik & Banner
@@ -4910,10 +5321,6 @@ function statistik_manager_options_page() {
     <p>Wenn Sie Fragen oder Probleme haben, wenden Sie sich an uns!</p>
 </div>
 
-
-
-
-
 </div>
     </div>
     <?php