Polanger Admin Suite

The ultimate WordPress admin customization toolkit. Take full control of your WordPress dashboard.

Security Focused GDPR Compliant WordPress 5.0+

Introduction

Polanger Admin Suite is a comprehensive WordPress plugin that gives you complete control over your WordPress admin area. Whether you're building sites for clients, managing a multisite network, or simply want a cleaner admin experience, this plugin has you covered.

Menu Manager

Hide, rename, reorder, and control access to any admin menu item with role-based visibility.

Admin Bar

Customize the admin bar with your logo, hide items, and add custom links with icons.

Login Page

Custom login URL, beautiful design options, and reCAPTCHA protection for security.

Activity Log

Track all admin actions with GDPR-compliant logging, email alerts, and CSV export.

Dashboard Widgets

Hide default widgets, auto-hide third-party widgets, and create custom branded widgets.

Custom Admin Menu

Create custom admin sidebar menus and submenus with internal/external targets and new-tab support.

Security & 2FA

Access control, two-factor authentication, recovery keys, and Super Admin protection.

Multisite Control

Manage network defaults, site overrides, and locked module policies across WordPress multisite networks.

Installation

Method 1: WordPress Admin Upload

  1. Download the plugin ZIP file from CodeCanyon
  2. Go to Plugins → Add New → Upload Plugin
  3. Choose the ZIP file and click Install Now
  4. After installation, click Activate Plugin

Method 2: FTP Upload

  1. Extract the plugin ZIP file
  2. Upload the polanger-admin-menu-manager folder to /wp-content/plugins/
  3. Go to Plugins in WordPress admin and activate the plugin
After Activation

You'll find the plugin menu at Polanger in your WordPress admin sidebar.

Requirements

Requirement Minimum Recommended
WordPress 5.0+ 6.0+
PHP 7.4+ 8.0+
MySQL 5.6+ 8.0+
MariaDB 10.0+ 10.5+

Admin Bar

Customize the WordPress admin bar (toolbar) that appears at the top of your site.

  • Replace WordPress Logo - Upload your own logo (recommended: 20x20px or 40x40px)
  • Custom Link URL - Set where the logo links to
  • Hide Logo Submenu - Hide items like "About WordPress", "Documentation", etc.

Manage Admin Bar Items

The plugin automatically detects all admin bar items added by WordPress, themes, and plugins.

  • Auto-Detection - Finds items from Elementor, WooCommerce, and other plugins
  • Hide Items - Click the eye icon to hide any item
  • Rename Items - Change the display text of any item
  • Frontend Support - Manage items that only appear on the frontend

Add your own links to the admin bar with icons and optional submenus.

Option Description
Title The text displayed in the admin bar
URL Where the link goes when clicked
Icon Choose from 200+ Dashicons
Target Same window or new tab
Submenu Add dropdown items under the main link

Login Page

Secure and customize your WordPress login page with a custom URL, beautiful design, and reCAPTCHA protection.

Custom Login URL

Change the default wp-login.php URL to something unique for added security.

  • Custom Slug - Use any URL like /my-login or /secure-access
  • Block Default URLs - Redirect wp-login.php and wp-admin to 404
  • Permalink Support - Automatically handles trailing slashes based on your settings
Bookmark Your Login URL

After enabling a custom login URL, bookmark it immediately. If you forget the URL, you'll need to disable the plugin via FTP or phpMyAdmin.

Design Options

Create a beautiful, branded login experience with these customization options:

  • Upload a custom logo from the Media Library
  • Set a custom link URL for the logo
  • Logo appears above the login form
  • Solid Color - Single color background
  • Gradient - Two-color gradient at 135°
  • Image - Full-screen background image
  • Primary Color - Buttons and accents
  • Form Background - Login form card color
  • Automatic hover state generation

reCAPTCHA Protection

Protect your login page from bots and brute force attacks with Google reCAPTCHA.

Checkbox reCAPTCHA - Users click "I'm not a robot" to verify.

  • Visible verification checkbox
  • May show image challenges
  • Best for high-security requirements

Invisible reCAPTCHA - Score-based verification without user interaction.

  • No user interaction required
  • Scores requests from 0.0 to 1.0
  • Requests below 0.5 are blocked
  • Best for user experience

reCAPTCHA can be enabled for:

  • Login Form
  • Registration Form
  • Lost Password Form

Activity Log

Track all administrative actions on your WordPress site. The Activity Log is GDPR/KVKK compliant and never stores sensitive data like passwords or email content.

Logged Events

Category Events
Login Login, Logout, Failed Login Attempts
Plugins Activated, Deactivated, Deleted, Updated
Themes Theme Switched, Customizer Saved
Content Created, Updated, Deleted, Trashed
Users Created, Deleted, Role Changed, Password Changed
System Site URL, Home URL, Admin Email, Permalinks

Severity Levels

  • Critical - Security-sensitive actions (URL changes, user deletion, password changes)
  • Warning - Actions requiring attention (failed logins, plugin deactivation)
  • Info - General activity (content changes, logins)

Log Viewer

View and filter logs with a powerful search interface:

  • Search - Find by username, action, or object name
  • Filter by Action - Show only specific event types
  • Date Range - Filter by start and end dates
  • Export CSV - Download logs for external analysis
  • Pagination - 20 logs per page with navigation

Email Alerts

Get notified when critical events occur:

  • Site URL or Home URL changed
  • Admin email changed
  • User deleted or role changed
  • Plugin deleted
  • Password changed

Privacy & Retention

  • IP Logging - Optional, disabled by default for GDPR compliance
  • Auto-Delete - Automatically delete logs after 7, 30, 60, or 90 days
  • No Sensitive Data - Passwords, emails, and form content are never logged

Dashboard Widgets

Take control of the WordPress dashboard by managing widgets, hiding admin notices, and creating custom branded widgets.

Widget Visibility

Hide default WordPress dashboard widgets:

  • Welcome Panel
  • Quick Draft
  • Activity
  • WordPress Events and News
  • Site Health Status

Auto-Hide Third-Party Widgets

Enable this feature to automatically hide all widgets added by plugins and themes. Use the whitelist to allow specific widgets.

Clean Dashboard Guarantee

When auto-hide is enabled, your dashboard stays clean even when new plugins are installed. Only whitelisted widgets will appear.

Admin Notices

Control the notices that appear at the top of admin pages:

  • Hide All Notices - Remove all plugin and theme notices
  • Super Admin Exception - Let Super Admins see all notices
  • Dashboard Only - Show notices only on the main dashboard
  • Log Hidden Notices - Track what notices were hidden

Custom Widgets

Create branded dashboard widgets for your clients or team:

Option Description
Title Widget heading displayed on the dashboard
Position Left column (Normal) or Right column (Side)
Content Rich text editor with media support
Enabled Toggle widget visibility

Use Cases:

  • Welcome message with agency branding
  • Quick links to important pages
  • Support contact information
  • Training resources and documentation

Custom Admin Menu

Create your own WordPress admin sidebar menus and submenus from the Menu Manager page. This addon is designed for agencies and site owners who need quick access links, custom tool hubs, and client-friendly navigation.

Menu Builder

  • Modal-Based Builder - Add new menus using a modern modal UI from Menu Manager
  • Main Menu + Submenus - Create a parent menu and unlimited submenu items
  • Icon Picker - Select from an expanded Dashicons library
  • Menu Position - Control where the custom menu appears in the admin sidebar
  • Inline Help Text - Built-in guidance for non-technical users

Targets & New Tab

Each custom menu/submenu can point to an internal admin route or an external URL.

Target Type Example Behavior
Internal admin target admin.php?page=plugin-slug Opens target inside wp-admin
Core admin file tools.php or edit.php?post_type=page Opens matching admin screen
External URL https://example.com/help Can open in same tab or new tab
New Tab Behavior

If "Open in new tab" is enabled, custom menu links are forced to open in a new browser tab, including parent menu links with submenus.

Manage & Edit

  • Custom Menus Table - Review all saved menus, targets, and submenu counts
  • Edit Button - Reopen modal with prefilled data to update existing menus
  • Delete Button - Remove a custom menu and all related submenus in one action
  • Duplicate Parent Cleanup - Automatically removes WordPress auto-duplicated parent submenu entries
  • Route Safety - Prevents blank fallback pages by redirecting parent/submenu routes to their configured targets

Multisite Control

Multisite Control adds network-wide governance for agencies, developers, and site networks while keeping each module independent and extendable.

Network Defaults

  • Define global defaults from Network Admin
  • Capture a site's current module settings as reusable network defaults
  • Apply effective settings through lightweight filters instead of duplicating module logic

Site Overrides

  • Allow or disable site-level overrides per network policy
  • Show Network, Override, and Locked status per module
  • Keep local site settings intact unless network policy is enabled

Lock System

  • Lock Menu Manager, Admin Bar, Login Security, Activity Log, and Dashboard Center
  • Disable local forms when a module is network locked
  • Use manage_network_options for network settings and manage_options for site-level controls

Settings

Configure access control, two-factor authentication, and other plugin-wide settings.

Access Control

Restrict who can access and modify the plugin settings:

  • Allowed Users - Select which administrators can access the plugin
  • Access Levels - Full Access or Read-only for each user
  • Super Admin Protection - Super Admin (ID 1) can never be locked out
  • URL Blocking - Restricted users can't access plugin pages via direct URL
Read-Only Mode

Read-only users can view all settings but cannot make changes. A banner is displayed and all forms are disabled.

Two-Factor Authentication (2FA)

Add an extra layer of security with email-based 2FA:

Setup Process

  1. Click "Send Test Email" to verify email delivery works
  2. Enable Two-Factor Authentication
  3. Select which roles require 2FA
  4. Save your recovery keys

Features

  • 6-Digit Codes - Sent via email on each login
  • Code Expiry - 5, 10, or 15 minutes
  • Role-Based - Require 2FA for specific roles
  • Recovery Keys - One-time use backup codes
  • Super Admin Bypass - Super Admin is exempt to prevent lockouts

Miscellaneous

  • Custom Footer Text - Replace "Thank you for creating with WordPress"
  • Hide WordPress Version - Remove version number from admin footer
  • Live Preview - See footer changes in real-time

Hooks & Filters

For developers who want to extend or customize the plugin behavior.

Maintenance Mode Policy

Polanger core is currently maintained in a stability-first phase. New capabilities are expected to be delivered primarily via addons, while core updates focus on security, compatibility, and regression prevention.

Polanger Custom Developer Hooks

Hook / Filter Type Description
polanger_init Action Extension API bootstrap for registering addon modules
pdt_register_addons Filter Inject or modify addon card definitions in Addons page
pdt_active_addons Filter Override active addon flags at runtime
polanger_effective_settings Filter Modify effective settings per module/context (multisite-aware)
pdt_admin_menu_after_dashboard_center Action Add submenu items between Dashboard Center and Settings
pdt_menu_manager_after_header Action Inject addon UI directly after Menu Manager header
pdt_menu_manager_after_form Action Inject addon UI directly after Menu Manager form
polanger_admin_theme_assets Action Enqueue admin theme CSS/JS for Polanger pages without core edits

Menu Manager Hooks

Hook Priority Description
admin_menu 9999 Capture and modify menu items
admin_init 1 URL access blocking
menu_order - Custom menu ordering

Admin Bar Hooks

Hook Priority Description
admin_bar_menu 999999 Capture admin bar nodes
wp_before_admin_bar_render 1000-1002 Apply customizations

Login Page Hooks

Hook Description
login_enqueue_scripts Load custom styles and scripts
login_head Output custom CSS
login_form Add reCAPTCHA to login form
wp_authenticate_user Verify reCAPTCHA on login

Database

The plugin stores settings in WordPress options and creates one custom table for activity logs.

Options

Option Name Description
pdt_settings Main plugin settings
pdt_menu_items Menu item configurations
pdt_admin_bar_settings Admin bar settings
pdt_login_page_settings Login page settings
pdt_activity_log_settings Activity log settings
pdt_dashboard_widgets_settings Dashboard widgets settings
pdt_custom_admin_menus Custom Admin Menu Builder records
pdt_active_addons Active addon flags for addon-managed modules
pdt_network_active_addons Network-wide active addon flags for multisite networks
polanger_network_settings Network defaults, lock policy, and override policy for Multisite Control
polanger_site_override_settings Per-site override flags for Multisite Control
pdt_general_settings General/security settings

Activity Log Table

Table name: {prefix}_pdt_admin_logs

SQL Schema 
CREATE TABLE {prefix}_pdt_admin_logs (
  id bigint(20) unsigned NOT NULL AUTO_INCREMENT,
  user_id bigint(20) unsigned NOT NULL,
  user_login varchar(60) NOT NULL,
  action varchar(100) NOT NULL,
  object_type varchar(50) DEFAULT NULL,
  object_id bigint(20) unsigned DEFAULT NULL,
  object_name varchar(255) DEFAULT NULL,
  ip_address varchar(45) DEFAULT NULL,
  user_agent varchar(255) DEFAULT NULL,
  meta longtext DEFAULT NULL,
  created_at datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (id),
  KEY user_id (user_id),
  KEY action (action),
  KEY created_at (created_at)
);

Security

The plugin follows WordPress security best practices:

  • Nonce Verification - All forms use WordPress nonces to prevent CSRF attacks
  • Capability Checks - Only users with manage_options can access the plugin
  • Input Sanitization - All user inputs are sanitized before storage
  • Prepared Statements - Database queries use $wpdb->prepare()
  • Super Admin Protection - Super Admin cannot be locked out of the plugin
  • Read-Only Mode - Server-side enforcement prevents unauthorized changes
  • GDPR Compliance - No sensitive data is logged, IP logging is optional
Security First

This plugin was designed with security as a primary concern. All features include safeguards to prevent accidental lockouts and unauthorized access.

Changelog

Version 1.4.2 Latest

  • New: Multisite Control addon for network-wide defaults, lock policies, and site-level overrides
  • New: Network-aware settings engine using effective settings filters across supported modules
  • New: Network lock support for Menu Manager, Admin Bar, Login Security, Activity Log, and Dashboard Center
  • New: Site override status controls and network-managed module notices
  • Improved: Addon activation flow with optional network-wide active addon support
  • Improved: 2FA login session handling now respects the original Remember Me preference during verification
  • Improved: 2FA resend verification flow hardened with nonce-protected requests and stricter token validation
  • Improved: 2FA verification flow now includes stronger user/session guard checks to reduce edge-case failures
  • Improved: 2FA trusted device and security logging IP resolution strengthened with trusted-proxy aware validation
  • Improved: 2FA email delivery failure behavior is now configurable with secure-by-default login handling
  • New: Design System addon scaffold with token-based settings, preset support, and generated CSS output
  • Improved: Addon-first theming extensibility via polanger_admin_theme_assets for clean admin UI customization without core CSS overrides

Version 1.4.1

  • Improved: Activity Log export flow (CSV/JSON) output handling on Settings page for more consistent downloads
  • Improved: Settings export callback visibility and admin_init lifecycle compatibility
  • Improved: Activity Log query hardening with validated table-name usage and allowlisted ORDER BY handling
  • Improved: 2FA verification comparison updated with timing-safe hash validation (hash_equals)
  • Improved: Activity Log IP resolution now prefers REMOTE_ADDR and supports trusted-proxy based forwarded-header parsing
  • Improved: Settings input validation for allowed_users with strict array-type guards before normalization

Version 1.4.0

  • Major update: All premium features are now available for free
  • New: Full Admin Suite experience (menu, login, security, dashboard, activity log)
  • New: Custom Admin Menu Builder
  • New: Role-based access control improvements
  • Improved: UI/UX across all modules
  • Improved: Performance and stability
  • Improved: Security layers and validation
  • Fixed: Minor bugs and edge cases