外掛說明
24TT Login Security and Brander is an enterprise-grade, zero-bloat security and white-labeling solution for WordPress. Designed for agencies and security-conscious site owners, it fortifies your WordPress perimeter while delivering a seamless, custom-branded login experience for your clients.
Instead of relying on heavy frameworks, this plugin uses native WordPress APIs and strictly optimized PHP to protect your site without slowing it down.
🛡️ Enterprise Perimeter Defense
- Hide wp-login.php & /wp-admin/: Completely obfuscate your login portal. Bots and unauthenticated guests attempting to access default login routes are silently redirected to your homepage before core authentication redirects even trigger.
- Brute Force Protection: Transient-based Limit Login Attempts. Locks out attackers for 15 minutes after 3 failed attempts, intercepting them at Priority 1 before heavy database queries execute.
- Kill XML-RPC: Permanently disables XML-RPC to shut down massive DDoS and brute-force vectors.
- Block User Enumeration: Prevents hackers from scraping usernames via author archives (
/?author=1) and the REST API. - Generic Error Masking: Overwrites default login errors so attackers cannot verify if a username exists.
🎨 Agency-Grade Brander
- Custom Login Logo: Replace the default WordPress logo with your client’s brand.
- Custom Colors: Tailor the background and primary button colors using the native WordPress Color Picker.
- Smart Contrast Calculator: Automatically detects if your background is light or dark (using the YIQ formula), adjusting the “Lost Password” and “Back to Site” links to guarantee 100% visual accessibility.
- Role-Based Redirects: Automatically route administrators to the backend dashboard, while sending clients or subscribers to a custom URL (like a user portal).
螢幕擷圖
The Visual Branding & User Interface (UI) settings panel. 
The Perimeter Defense & Routing configuration. 
A fully white-labeled, secure login portal with dynamic contrast text.
安裝方式
- Upload the
24tt-login-security-and-branderdirectory to the/wp-content/plugins/directory via FTP, or upload the zipped file directly through the WordPress plugins screen. - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Navigate to Settings > 24TT Security to configure your secret login slug, branding colors, and client redirects.
- Important: If you set a custom login slug, remember it! You will need it to log back in.
常見問題集
-
I forgot my secret login slug and am locked out! What do I do?
-
Simply access your site via FTP or a File Manager. Navigate to
/wp-content/plugins/and temporarily rename the24tt-login-security-and-branderfolder to something else (e.g.,disabled-24tt). This will safely deactivate the plugin, and you can log in normally viawp-login.php. Once logged in, rename the folder back, reactivate the plugin, and check your settings. -
Will this slow down my website?
-
Absolutely not. The admin settings interface only loads in the backend, and the security rules are designed to intercept attacks at the earliest possible hook (
initandauthenticate), saving your server from processing heavy WordPress database queries.
使用者評論
這個外掛目前沒有任何使用者評論。
參與者及開發者
變更記錄
1.0.2
- Minor version bump for repository resubmission.
1.0.1
- Minor version bump for repository resubmission.
1.0.0
- Initial Release: The fortress is sealed.