cetinibs/wp-radar — reverse-engineered prompt

Build me a WordPress security plugin called WP Radar that feels like an all in one protection tool for normal site owners. I want it to help stop brute force logins, suspicious requests, bad bots, malicious uploads, web shell style files, SEO spam, and risky file changes, while still letting real visitors use the site normally. It should support two factor login with authenticator apps, a simple local CAPTCHA, temporary lockouts, trusted admin protection, IP allow and block lists, security headers, XML RPC hardening, username hiding, and instant email alerts that do not spam my inbox with duplicates.

Please include an admin area with a simple card based dashboard where I can turn modules on and off, see recent warnings, run scans, manage settings, test email, and set up two factor per user. I also want core file integrity checks against official WordPress checksums, basic malware scanning in uploads and the site root, and optional reputation or vulnerability lookups with VirusTotal and WPScan keys. Keep the core self contained if possible, and look up current WordPress plugin docs online if you need to.