=== GhostGate === Contributors: codegee0958 Tags: security, two-factor authentication, limit login attempts, rest api, xml-rpc Requires at least: 5.8 Tested up to: 6.8 Requires PHP: 7.4 Stable tag: 1.1.1 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Invisible, intelligent protection for WordPress. GhostGate hides your login page, blocks bots, and turns your site into a ghost fortress. == Description == **GhostGate** is a lightweight yet powerful WordPress security plugin that eliminates the login page as an attack surface. Instead of just defending, it **erases the entrance** entirely with dynamic login URLs and multi-layer access verification. - πŸ”’ Hide your login URL with a custom slug and time-based code - πŸ”‘ Built-in 2FA via email verification - 🚫 Auto-block brute force attacks by IP - 🧱 Disable/limit unused endpoints like XML-RPC and REST API - πŸ‘€ Prevent user enumeration via REST, RSS, and author queries - πŸ” Visualize security status and detect conflicts - πŸ“œ Activity logs with optional file rotation GhostGate doesn’t just defend β€” it disappears. Invisible to bots. Intuitive for users. πŸ‘‰ **Full features / screenshots / pricing / docs**: https://arce-experience.com/product/ == Installation == 1. Upload the plugin folder to `/wp-content/plugins/ghostgate` 2. Activate the plugin via the Plugins menu 3. Go to **GhostGate > Settings** and configure your gate logic 4. Optionally enable 2FA, IP blocking, REST/API controls, and more Need help with setup? See the installation & setup video: https://arce-experience.com/product/ == Frequently Asked Questions == = Is GhostGate compatible with other security plugins? = Yes. It detects common conflicts and shows visual warnings. You can use it alongside plugins like Wordfence or iThemes. = What happens if I forget my login code or get locked out? = You can always access your site via recovery mode or disable the plugin via FTP if needed. = Does it affect performance? = GhostGate is built for speed. It only runs at login and admin hooks, keeping overhead minimal. == Screenshots == 1. Admin settings page with tabbed UI 2. Security status diagnostics 3. IP block log and unblock controls 4. Access code input screen for login URL (e.g., date-based code) 5. Security explanation tab == Privacy == GhostGate can store the following data locally on your site to provide rate-limiting and security auditing: - IP addresses (for temporary throttling / block lists) - Timestamps and event metadata (login attempts, REST/XML-RPC hits) - Optional log files under `wp-content/uploads/ghostgate/logs` (if enabled) No data is sent to third-party services. Site owners are responsible for informing users/visitors where required by local laws. You can clear blocks/logs from the admin UI or by deleting the log files. == Changelog == = 1.1.1 = * Maintenance and compliance improvements (enqueue scripts/styles; minor fixes) * UI/diagnostics polish * Tested up to WordPress 6.8 = 1.1.0 = * REST/JSON structure stealth options (allowlist & prefix-based allow) * Improved status diagnostics and defaults for rate limits = 1.0.0 = * Initial public release * Dynamic login URL gate, 2FA email code * IP restriction + logs, REST API and XML-RPC shielding * Status analyzer and conflict detector ➑ Full changelog (latest): https://arce-experience.com/changelog/#ghostgate == Upgrade Notice == = 1.1.1 = Compliance and stability update. Please update to keep compatibility with the latest WordPress and to benefit from improved diagnostics.