=== Secure Login Shield === Contributors: bdtreder Author: Ben Treder Author URI: https://BenTreder.com Support Email: bdtreder@gmail.com Plugin URI: https://BenTreder.com/wordpress-plugins/secure-login-shield/ Tags: login security, brute force protection, login protection, wordpress security, hide login Requires at least: 6.0 Tested up to: 6.8 Requires PHP: 7.4 Stable tag: 2.0.3 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Protect your WordPress login with a private login URL, stealth 404 behavior, and logged-out wp-admin redirect protection. == Description == Secure Login Shield helps reduce unwanted direct access to the default WordPress login screen by letting you create a private login URL for your site. Instead of leaving your login page exposed at the usual wp-login.php path, Secure Login Shield lets you choose a private slug such as /dragon-lair. Once configured, direct visits to wp-login.php are blocked with stealth 404 behavior, and logged-out visits to wp-admin are redirected away from the dashboard. This plugin is designed to be focused, lightweight, and easy to understand. It does not try to replace a full firewall or enterprise security suite. It focuses on one important job: making your WordPress login harder to find and less exposed to basic automated login traffic. = What Secure Login Shield Does = * Creates a private login URL for your WordPress site. * Blocks direct access to wp-login.php after setup. * Returns stealth 404 behavior for unwanted direct login access. * Redirects logged-out wp-admin visitors to the homepage. * Adds a cleaner admin dashboard with setup status and security score. * Keeps settings simple and lightweight. * Does not require an external service. * Does not track visitors or send site data to a third-party service. = Why This Helps = Many automated bots look for the default WordPress login screen. Moving normal login access to a private URL can help reduce noise, unwanted login attempts, and casual automated probing. Secure Login Shield is best used as part of a broader WordPress security setup that may also include strong passwords, two-factor authentication, regular updates, reputable hosting, and secure backups. = Important Setup Note = After changing your private login slug, save the new login URL somewhere safe before logging out. If your private login URL does not load immediately, go to Settings → Permalinks and click Save Changes. If you use a cache plugin or CDN, clear your cache after changing the slug. = Privacy = Secure Login Shield stores its settings in your WordPress database. The free plugin does not send login data, IP addresses, analytics, or settings to an external service. == Installation == 1. Upload the plugin folder to /wp-content/plugins/ or install it from the WordPress plugin screen. 2. Activate Secure Login Shield. 3. Go to Settings → Secure Login Shield. 4. Choose your private login slug. 5. Save your settings. 6. Save the private login URL somewhere safe. 7. If needed, visit Settings → Permalinks and click Save Changes. == Frequently Asked Questions == = What happens if I forget my private login URL? = You can temporarily disable the plugin by renaming the plugin folder through FTP, SSH, or your hosting file manager. Once the plugin is disabled, default WordPress login behavior is restored. = Does this replace two-factor authentication? = No. Secure Login Shield is focused on private login URL protection. For stronger account security, use strong passwords and two-factor authentication. = Does this block all brute force attacks? = No plugin can honestly promise to block every attack. Secure Login Shield reduces exposure to the default login path and helps cut down on basic automated login probing. = Will this work with caching or CDN services? = Usually, yes. After changing your login slug, clear your cache or CDN. Avoid caching your private login URL. = Does the plugin collect data? = No. The free plugin stores settings locally in WordPress and does not send analytics or login data to an external service. = How do I remove the plugin safely? = Deactivate the plugin to restore default login behavior. If you delete the plugin, its stored option is removed by the uninstall routine. == Screenshots == 1. Secure Login Shield settings dashboard. 2. Private login URL and protection status screen. == Changelog == = 2.0.3 = * Corrected the WordPress.org contributor username to bdtreder. = 2.0.2 = * Final branding cleanup for BenTreder.com plugin links. * Removed remaining old plugin subdomain wording from the readme. = 2.0.1 = * Updated plugin branding to use BenTreder.com as the primary website. * Removed old plugin subdomain references. * Added direct support contact information. = 2.0.0 = * Added a cleaner admin dashboard with setup status and security score. * Improved request input handling for WordPress.org compliance. * Improved settings save handling with nonce, unslash, and sanitization flow. * Improved readme content for clearer setup, privacy, and safety expectations. * Prepared the free plugin for a cleaner premium upgrade path. = 1.3.0 = * Improved private login behavior and WordPress.org assets. = 1.0.0 = * Initial release. == Upgrade Notice == = 2.0.0 = Secure Login Shield 2.0.0 improves the admin experience, setup guidance, and WordPress.org security compliance.