外掛說明

Dotsquares Custom Login URL & Security Suite helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers — all from one beautifully designed dashboard.

🔑 Login Security

Custom login slug — redirect wp-login.php to your own secret URL
Optionally hide wp-login.php (returns 404 for guests)
Optionally block wp-admin for non-logged-in users
Brute force protection with configurable lockout thresholds
Login honeypot trap (hidden field that catches bots)
Two-Factor Authentication (TOTP — works with Google Authenticator, Authy, etc.)
Weak username detection (blocks “admin”, “root”, “test”, etc.)
Force logout after inactivity (configurable timeout)
Manual approval for new user registrations
Prevent display name from matching username

🛡️ Firewall

Disable XML-RPC (common attack vector)
Block bad bots and fake user agents (40+ known bots)
Block POST requests with empty User-Agent headers
Rate limiting per IP address
IP blacklist and whitelist (supports CIDR ranges)
Geo-blocking by country code
Restrict REST API for non-logged-in users
Prevent user enumeration via ?author= scans

🔍 Malware & File Scanner

Deep scan of WordPress core, plugins, themes and uploads
40+ malware signature patterns (PHP shells, backdoors, crypto miners, pharma hacks, SEO spam injections)
Detects known web shells by filename (c99, r57, WSO, b374k, adminer, etc.)
WordPress core file integrity check (compares against official api.wordpress.org checksums)
Detects PHP files hidden inside the uploads folder
Suspicious code pattern detection (eval, exec, base64_decode combos, etc.)
File change detection using MD5 hash baseline
File permission scanner (755/644 standards)
.htaccess security rules generator

👥 User & Session Management

View and kill active user sessions
Session tracking with IP and user-agent logging
Manual user approval workflow

📊 Monitoring & Logs

Security event log (login, logout, failed attempts, plugin/theme changes)
IP blocking log with unblock controls
Real-time security score (A–F grade with per-check breakdown)

⚙️ Other Features

Maintenance mode with custom message
Database backup download
Email alerts for security events
Beautiful admin dashboard with quick-toggle switches

Important

Hardening actions such as DB prefix change and wp-content rename are advanced operations.
Always run these features on a staging environment and ensure you have a full backup before applying them on production.

安裝方式

Upload the plugin ZIP via Plugins Add New Upload Plugin.
Activate the plugin.
Go to DS Shield in your WordPress admin menu to configure options.
Important: Bookmark your new login URL before saving changes!

常見問題集

I forgot my custom login URL. How do I recover access?: Deactivate the plugin via FTP by renaming the plugin folder, then log in normally using /wp-login.php and reactivate it.
Is this compatible with WooCommerce?: Yes. The custom login URL works with WooCommerce’s My Account page.
Can I use Google Authenticator for 2FA?: Yes. Any TOTP-compatible app works: Google Authenticator, Authy, Microsoft Authenticator, Bitwarden, and others.
Will the malware scanner slow down my site?: No. The scanner only runs when you manually trigger it from the admin dashboard. It has no impact on front-end performance.
How does the core integrity check work?: The scanner fetches official MD5 checksums for your WordPress version from api.wordpress.org and compares every core file against them. Any differences are flagged.

使用者評論

這個外掛目前沒有任何使用者評論。

參與者及開發者

以下人員參與了開源軟體〈Dotsquares Custom Login URL & Security Suite〉的開發相關工作。

maheshsharmads

將〈Dotsquares Custom Login URL & Security Suite〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣？

任何人均可瀏覽程式碼、查看 SVN 存放庫，或透過 RSS 訂閱開發記錄。

變更記錄

1.6.3

Added deep malware scanner with 40+ signature patterns (PHP shells, backdoors, crypto miners, pharma hacks)
Added WordPress core file integrity check via api.wordpress.org checksums
Added detection of known web shell filenames (c99, r57, WSO, b374k, adminer, etc.)
Added PHP-in-uploads detection (critical severity)
Added suspicious code pattern detection (eval/exec/base64 combos)
Added file change detection using MD5 hash baseline comparison
Added animated scan progress UI with step-by-step status
Added colour-coded scan results (Critical / High / Medium / Low / Info)
Added scan options: toggle Core / Plugins / Themes / Uploads / Deep Malware independently
Fixed: all WordPress coding standards errors and warnings (PHPCS clean)
Fixed: namespace declaration order in all module files
Fixed: missing translators comments on all i18n printf() calls
Fixed: unordered placeholders in translatable strings
Fixed: HTTP_USER_AGENT missing wp_unslash() sanitization
Fixed: register_setting() missing sanitize_callback
Fixed: load_plugin_textdomain() removed (deprecated since WP 4.6)
Fixed: date() replaced with gmdate() throughout
Fixed: parse_url() replaced with wp_parse_url()
Fixed: rand() replaced with wp_rand()
Improved: all $_POST/$_GET/$_SERVER superglobals now properly unslashed and sanitized
Improved: all DB queries use $wpdb->prepare() or esc_sql() for identifiers

1.6.2

Custom login slug now loads login form without redirecting to wp-login.php (URL stays masked)

1.6.1

Fixed redirect loop on custom login URL
Improved compatibility when permalinks are not flushed

1.6.0

Added Brute Force protection
Added Firewall module
Added Malware scanner
Added Hardening tools (DB prefix change, wp-content rename) with backup + rollback UI
Added Security Dashboard