=== Secure Login Shield === Contributors: bdtreder Donate link: https://www.buymeacoffee.com/bentreder Tags: login, security, custom login, wp-login, hardening Requires at least: 6.0 Tested up to: 6.8 Requires PHP: 7.4 Stable tag: 1.3.0 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Create a private login URL and hide /wp-login.php with stealth 404s. Logged-out /wp-admin/ visits redirect to your homepage. == Description == **Secure Login Shield** helps you lock down your WordPress login page. By default, WordPress exposes `/wp-login.php` and `/wp-admin/`. Bots hammer these URLs every day. This plugin gives you a **private login slug** (e.g. `/dragon-lair`) and hides the default login endpoint: * Defaults to `/wp-login.php` until you change it. * Once changed, **only your custom slug** works. * Direct access to `/wp-login.php` shows a **404 Not Found** (stealth mode). * Logged-out visitors hitting `/wp-admin/` are **redirected to the homepage**. * Deactivate the plugin → everything reverts to normal. Made with ❤️ by [Ben Treder](https://BenTreder.com) == Features == * **Private login slug** (e.g. `/dragon-lair`, `/control-center`, `/secret-gate`) * **Stealth 404 protection**: Bots hitting `/wp-login.php` see “Not Found” * **Homepage redirect**: `/wp-admin/` (logged out) → homepage * **Easy settings page** under Settings → Secure Login Shield * **Safe activation/deactivation**: no core hacks, auto-reverts when disabled == Installation == 1. Upload the `secure-login-shield` folder to the `/wp-content/plugins/` directory or install via Plugins → Add New → Upload. 2. Activate the plugin through the "Plugins" menu in WordPress. 3. **Go to Settings → Secure Login Shield.** 4. Set your private slug (example: `dragon-lair`). 5. **Go to Settings → Permalinks → Save Changes** (refresh rewrite rules). 6. If you use a caching plugin or CDN, **clear cache** to avoid stale redirects. 7. Log in using `https://yoursite.com/dragon-lair`. **Important:** Bookmark your new login URL! If you forget it, you’ll need to disable the plugin via FTP or database. == Frequently Asked Questions == = Will this break my site? = No. By default it uses `/wp-login.php` until you change it. Deactivating the plugin instantly reverts WordPress to normal behavior. = Can I completely block /wp-login.php? = Yes. Once you set a slug, `/wp-login.php` (and actions) return a 404 Not Found. = What if I forget my private slug? = Deactivate the plugin via FTP (delete or rename `secure-login-shield`). WordPress will go back to `/wp-login.php`. = Does this work with caching plugins or CDNs? = Yes, but after changing your slug, you should clear cache/CDN to avoid serving stale redirects. == Screenshots == 1. Settings page showing the default login slug (/wp-login.php) 2. Settings page with a custom private slug (/dragon-lair) == Contribute & Support == * Website: [BenTreder.com](https://BenTreder.com) * Author: [Ben Treder](https://profiles.wordpress.org/bentreder/) * Issues & Feature Requests: Please open a ticket on [BenTreder.com](https://BenTreder.com) * Like this plugin? ⭐ Leave a review and help spread the word! * ☕ Support development: [Buy Me a Coffee](https://www.buymeacoffee.com/bentreder) == Changelog == = 1.3.0 = * Rebrand to **Secure Login Shield** by Ben Treder * Default slug remains `/wp-login.php` (safe on first install) * Added activation notice: Save permalinks + clear cache after activation * Stealth 404 mode enforced when custom slug is chosen * Homepage redirect for logged-out visits to `/wp-admin/` = 1.2.0 = * Added stealth 404 mode * Improved security enforcement = 1.1.0 = * Redirected /wp-admin/ → homepage for logged-out users = 1.0.0 = * Initial release with custom login slug + wp-login.php block == Upgrade Notice == = 1.3.0 = After activating, **save permalinks** and **clear cache** to ensure your new login URL works correctly.