=== 24TT Login Security and Brander === Contributors: 24techtime, johniouspatriot Tags: security, hide login, custom login, brute force, white label Requires at least: 5.8 Tested up to: 7.0 Requires PHP: 7.4 Stable tag: 1.0.2 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Agency-level visual branding alongside critical perimeter defense, login obfuscation, and strict access controls. == Description == **24TT Login Security and Brander** is an enterprise-grade, zero-bloat security and white-labeling solution for WordPress. Designed for agencies and security-conscious site owners, it fortifies your WordPress perimeter while delivering a seamless, custom-branded login experience for your clients. Instead of relying on heavy frameworks, this plugin uses native WordPress APIs and strictly optimized PHP to protect your site without slowing it down. ### 🛡️ Enterprise Perimeter Defense * **Hide wp-login.php & /wp-admin/:** Completely obfuscate your login portal. Bots and unauthenticated guests attempting to access default login routes are silently redirected to your homepage before core authentication redirects even trigger. * **Brute Force Protection:** Transient-based Limit Login Attempts. Locks out attackers for 15 minutes after 3 failed attempts, intercepting them at Priority 1 before heavy database queries execute. * **Kill XML-RPC:** Permanently disables XML-RPC to shut down massive DDoS and brute-force vectors. * **Block User Enumeration:** Prevents hackers from scraping usernames via author archives (`/?author=1`) and the REST API. * **Generic Error Masking:** Overwrites default login errors so attackers cannot verify if a username exists. ### 🎨 Agency-Grade Brander * **Custom Login Logo:** Replace the default WordPress logo with your client's brand. * **Custom Colors:** Tailor the background and primary button colors using the native WordPress Color Picker. * **Smart Contrast Calculator:** Automatically detects if your background is light or dark (using the YIQ formula), adjusting the "Lost Password" and "Back to Site" links to guarantee 100% visual accessibility. * **Role-Based Redirects:** Automatically route administrators to the backend dashboard, while sending clients or subscribers to a custom URL (like a user portal). == Installation == 1. Upload the `24tt-login-security-and-brander` directory to the `/wp-content/plugins/` directory via FTP, or upload the zipped file directly through the WordPress plugins screen. 2. Activate the plugin through the 'Plugins' menu in WordPress. 3. Navigate to **Settings > 24TT Security** to configure your secret login slug, branding colors, and client redirects. 4. **Important:** If you set a custom login slug, remember it! You will need it to log back in. == Frequently Asked Questions == = I forgot my secret login slug and am locked out! What do I do? = Simply access your site via FTP or a File Manager. Navigate to `/wp-content/plugins/` and temporarily rename the `24tt-login-security-and-brander` folder to something else (e.g., `disabled-24tt`). This will safely deactivate the plugin, and you can log in normally via `wp-login.php`. Once logged in, rename the folder back, reactivate the plugin, and check your settings. = Will this slow down my website? = Absolutely not. The admin settings interface only loads in the backend, and the security rules are designed to intercept attacks at the earliest possible hook (`init` and `authenticate`), saving your server from processing heavy WordPress database queries. == Screenshots == 1. The Visual Branding & User Interface (UI) settings panel. 2. The Perimeter Defense & Routing configuration. 3. A fully white-labeled, secure login portal with dynamic contrast text. == Changelog == = 1.0.2 = * Minor version bump for repository resubmission. = 1.0.1 = * Minor version bump for repository resubmission. = 1.0.0 = * Initial Release: The fortress is sealed.