=== GhostGate === Contributors: codegee0958 Tags: security, two-factor authentication, limit login attempts, rest api, xml-rpc Requires at least: 5.8 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 1.3.3 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Invisible, intelligent protection for WordPress. GhostGate hides your login page, blocks bots, and turns your site into a ghost fortress. == Description == **GhostGate** is a lightweight yet powerful WordPress security plugin that eliminates the login page as an attack surface. Instead of just defending, it **erases the entrance** entirely with dynamic login URLs and multi-layer access verification. - 🔒 Hide your login URL with a custom slug and time-based code - 🔑 Built-in 2FA via email verification - 🚫 Auto-block brute force attacks by IP - 🧱 Disable/limit unused endpoints like XML-RPC and REST API - 👤 Prevent user enumeration via REST, RSS, and author queries - 🔍 Visualize security status and detect conflicts - 📜 Activity logs with optional file rotation GhostGate doesn’t just defend — it disappears. Invisible to bots. Intuitive for users. 👉 **Full features / screenshots / pricing / docs**: https://arce-experience.com/product/ == Installation == 1. Upload the plugin folder to `/wp-content/plugins/ghostgate` 2. Activate the plugin via the Plugins menu 3. Go to **GhostGate > Settings** and configure your gate logic 4. Optionally enable 2FA, IP blocking, REST/API controls, and more Need help with setup? See the installation & setup video: https://arce-experience.com/product/ == Frequently Asked Questions == = Is GhostGate compatible with other security plugins? = Yes. It detects common conflicts and shows visual warnings. You can use it alongside plugins like Wordfence or iThemes. = What happens if I forget my login code or get locked out? = You can always access your site via recovery mode or disable the plugin via FTP if needed. = Does it affect performance? = GhostGate is built for speed. It only runs at login and admin hooks, keeping overhead minimal. == Screenshots == 1. Admin settings page with tabbed UI 2. Security status diagnostics 3. IP block log and unblock controls 4. Access code input screen for login URL (e.g., date-based code) 5. Security explanation tab == Privacy == GhostGate can store the following data locally on your site to provide rate-limiting and security auditing: - IP addresses (for temporary throttling / block lists) - Timestamps and event metadata (login attempts, REST/XML-RPC hits) - Optional log files under `wp-content/uploads/ghostgate/logs` (if enabled) No data is sent to third-party services. Site owners are responsible for informing users/visitors where required by local laws. You can clear blocks/logs from the admin UI or by deleting the log files. == Changelog == = 1.3.3 - 2026-01-21 = * Compatibility: Verified support for WordPress 6.9. * Fix: Enhanced PHP 8.x compatibility (stricter type casting in internal key generation). * Fix: Improved login slug detection to strictly handle trailing slashes, preventing 404 errors in some server configurations. = 1.3.2 - 2025-09-24 = * Fix – Resolved “Undefined variable $user_login / $errors” warnings on the login screen. * Fix – Prevented potential “headers already sent” issues. * Improvement – Hardened login flow compatibility with core. * Improvement – Minor internal refactors around request path normalization. = 1.3.0 - 2025-09-22 = * Security: Strengthened “Hide wp-json structure”. * Fix: Route allowlist UI now correctly preserves selections for regex endpoints. * Fix: Resolved rare fatal error on “Unblock IP” admin action. * Tested: Confirmed compatibility with WordPress 6.8. = 1.2.1 = * Tweak: Added brand header (logo + subtitle) to the code entry screen. * Tweak: Minor CSS polish. = 1.2.0 = * New: Added an option to block direct access to preview URLs. = 1.1.1 = * Maintenance and compliance improvements. = 1.1.0 = * REST/JSON structure stealth options. = 1.0.0 = * Initial public release. == Upgrade Notice == = 1.3.3 = This update includes compatibility verification for WordPress 6.9 and PHP 8.x improvements. Recommended for all users.