**Release signing active.** Every update zip from this point onward is signed with libsodium Ed25519 in CI and verified by the plugin before WordPress installs it. A tampered or substituted zip — from a compromised mirror or MITM — is rejected with a clear error. - Updates to v2.4.4+ go through signature verification automatically. Nothing to do. - The Customer Map → Debug Log → Updates panel now shows "Signing: Active (Ed25519, fp ...)" and confirms whether the latest release advertises a \`.sig\` asset. Existing v2.4.2 installs running with an empty \`NCM_UPDATE_PUBLIC_KEY\` will install this update unverified (legacy path). After upgrading to 2.4.3 they pick up the populated public-key constant and verify all subsequent updates.