Admin Login Guard & Branding

外掛說明

Admin Login Guard & Branding allows you to change your WordPress login URL to a custom slug, preventing brute force attacks and providing enhanced security by hiding the default wp-login.php.

It goes beyond just renaming the login URL; it includes robust features to limit login attempts, track failed logins, and fully customize the visual appearance of your login page to match your brand.

It supports WordPress Multisite networks, allowing you to control login settings across your entire network.

Key Features

• Custom Login Slug: Change wp-login.php to something unique (e.g., /my-secret-login).
• Access Control: Automatically blocks access to wp-login.php and wp-signup.php for non-logged-in users.
• Limit Login Attempts: Set maximum failed login attempts and lockout duration to prevent brute-force attacks.
• Login History: Keep a detailed log of failed login attempts, including IP address, username, time, and user agent.
• CSV Export: Download your login failure history for analysis.
• Custom Redirection: Choose a custom page or 404 page to redirect unauthorized users to.
• Visual Customization:
  • Upload a custom logo.
  • Set custom logo width, height, title, and link.
  • Set a background image or color.
  • Customize button colors, form borders, and label colors.
  • Customize “Lost Password” and “Back to Home” link colors.
  • Option to hide the “Back to Home” link.

Privacy & Data Collection

This plugin respects your privacy. Both the diagnostic tracking and deactivation feedback features are 100% optional.

Telemetry & Diagnostics (Opt-in Only)

Upon activation, you will be invited to share anonymous site diagnostics. This is strictly opt-in and can be disabled at any time from the ‘Privacy’ tab in settings. If you agree, we collect:

• WordPress, PHP, and Plugin version numbers.
• Theme name/version and locale.
• Multisite status and a hashed site identifier.
• No personal data, user information, or site content is collected.

Deactivation Feedback

If you decide to deactivate the plugin, a feedback modal will appear. Providing feedback is entirely optional—you can click “Skip & Deactivate” to deactivate the plugin immediately without sharing any data. You may optionally share your name and email address if you wish to be contacted for support.

Data Security

All collected data is encrypted using AES-256-CBC before being transmitted to our secure receiver server.

External services

This plugin connects to external APIs operated by Code and Core to support optional telemetry diagnostics and optional deactivation feedback. Both services are entirely opt-in / optional.

1. Telemetry / Diagnostics receiver

This plugin connects to an API to send anonymous site-health data, it’s needed to help prioritize compatibility updates.
It sends the Site URL, plugin name & version, PHP version, WordPress version, active theme name & version, site language, multisite status, and a Unix timestamp every time the plugin is activated, deactivated, or updated, ONLY if the administrator has explicitly opted in.
This service is provided by “Code and Core”: privacy policy.

2. Deactivation feedback receiver

This plugin connects to an API to receive voluntary feedback, it’s needed when a site administrator chooses to share a reason for deactivating the plugin.
It sends Deactivation reason, optional details, Site URL, plugin name & version, PHP version, WordPress version, active theme name & version, site language, multisite status, and a timestamp ONLY when the administrator clicks “Submit Feedback” in the deactivation modal. Name and email are sent only if the contact checkbox is checked.
This service is provided by “Code and Core”: privacy policy.

All data transmitted to endpoints on wordpress-plugins.pro is encrypted with AES-256-CBC before sending.

Credits

• This plugin uses DataTables for displaying login history.