Popis

Admin Login Guard & Branding allows you to change your WordPress login URL to a custom slug, preventing brute force attacks and providing enhanced security by hiding the default wp-login.php.

It goes beyond just renaming the login URL; it includes robust features to limit login attempts, track failed logins, and fully customize the visual appearance of your login page to match your brand.

It supports WordPress Multisite networks, allowing you to control login settings across your entire network.

Key Features

Custom Login Slug: Change wp-login.php to something unique (e.g., /my-secret-login).
Access Control: Automatically blocks access to wp-login.php and wp-signup.php for non-logged-in users.
Limit Login Attempts: Set maximum failed login attempts and lockout duration to prevent brute-force attacks.
Login History: Keep a detailed log of failed login attempts, including IP address, username, time, and user agent.
CSV Export: Download your login failure history for analysis.
Custom Redirection: Choose a custom page or 404 page to redirect unauthorized users to.
Visual Customization:
- Upload a custom logo.
- Set custom logo width, height, title, and link.
- Set a background image or color.
- Customize button colors, form borders, and label colors.
- Customize „Lost Password“ and „Back to Home“ link colors.
- Option to hide the „Back to Home“ link.
Two-Factor Authentication (2FA): Secure your login with email-based two-factor authentication.
Email Notifications: Receive alerts for admin lockouts and when users log in from new IP addresses.
IP Blacklisting: Permanently block known malicious IP addresses.
Advanced Customizations: Inject custom CSS, JavaScript, specify custom fonts, and add a custom footer to the login page.

Privacy & Data Collection

This plugin respects your privacy. Both the diagnostic tracking and deactivation feedback features are 100% optional.

Telemetry & Diagnostics (Opt-in Only)

Upon activation, you will be invited to share anonymous site diagnostics. This is strictly opt-in and can be disabled at any time from the ‚Privacy‘ tab in settings. If you agree, we collect:

WordPress, PHP, and Plugin version numbers.
Theme name/version and locale.
Multisite status and a hashed site identifier.
No personal data, user information, or site content is collected.

Deactivation Feedback

If you decide to deactivate the plugin, a feedback modal will appear. Providing feedback is entirely optional—you can click „Skip & Deactivate“ to deactivate the plugin immediately without sharing any data. You may optionally share your name and email address if you wish to be contacted for support.

Data Security

All collected data is encrypted using AES-256-CBC before being transmitted to our secure receiver server.

External services

This plugin connects to external APIs operated by Code and Core to support optional telemetry diagnostics and optional deactivation feedback. Both services are entirely opt-in / optional.

1. Telemetry / Diagnostics receiver

This plugin connects to an API to send anonymous site-health data, it’s needed to help prioritize compatibility updates.
It sends the Site URL, plugin name & version, PHP version, WordPress version, active theme name & version, site language, multisite status, and a Unix timestamp every time the plugin is activated, deactivated, or updated, ONLY if the administrator has explicitly opted in.
This service is provided by „Code and Core“: privacy policy.

2. Deactivation feedback receiver

This plugin connects to an API to receive voluntary feedback, it’s needed when a site administrator chooses to share a reason for deactivating the plugin.
It sends Deactivation reason, optional details, Site URL, plugin name & version, PHP version, WordPress version, active theme name & version, site language, multisite status, and a timestamp ONLY when the administrator clicks „Submit Feedback“ in the deactivation modal. Name and email are sent only if the contact checkbox is checked.
This service is provided by „Code and Core“: privacy policy.

All data transmitted to endpoints on wordpress-plugins.pro is encrypted with AES-256-CBC before sending.

Credits

This plugin uses DataTables for displaying login history.

Obrázky

General Settings: Configure your custom slug and redirection options. — **General Settings**: Configure your custom slug and redirection options.

Styles Tab: Customize the look and feel of your login page. — **General Settings**: Configure your custom slug and redirection options.

Inštalácia

Upload the plugin files to the /wp-content/plugins/admin-login-guard-branding directory (or search for it in the WordPress repository).
Activate the plugin through the ‚Plugins‘ menu in WordPress.
Go to ‚Settings‘ > ‚Admin Login Guard & Branding‘ to configure the plugin.
Set your desired „Custom Login URL Slug“ and save settings.
Important: Bookmark your new login URL!

Časté otázky

Does it work on multisite?: Yes, it is fully compatible with WordPress Multisite. You can configure settings for individual sites or the network.
I forgot my custom login URL, what do I do?: If you have FTP access, you can rename the plugin folder (admin-login-guard-branding) to something else to deactivate it and regain access via the default wp-login.php.

Recenzie

Pre tento plugin nie sú žiadne recenzie.

Prispievatelia a vývojári

“Admin Login Guard & Branding” je softvér s otvoreným zdrojovým kódom. Do tohto pluginu prispeli nasledujúci ľudia.

Code and Core

Preložiť „Admin Login Guard & Branding“ do vašho jazyka.

Máte záujem o vývoj?

Prehľadávajte zdrojový kód, preskúmajte SVN repozitár, alebo sa prihláste na odber vývojárskeho logu cez RSS.

Zoznam zmien

2.0.0 – 2026-06-03

Added: Two-Factor Authentication (2FA) via email.
Added: Email Notifications for admin lockouts and logins from new IP addresses.
Added: Manual IP Blacklisting functionality to permanently block attackers.
Added: Advanced Customizations tab with custom CSS, JavaScript, font selection, and footer text support.
Improved: Separated advanced styling options into their own dedicated „Advanced“ tab.
Improved: Optimized database query logic to prevent duplicate lockout entries from spamming the history logs.
Added: Option to completely hide the Admin Login Logo from the settings.
Added: Option to vertically center the login form on the page.

1.0.1 – 2026-03-18

Fixed telemetry card color selection not updating when clicking „Opt in“ or „Opt out“ in Privacy settings.
Added automatic page reload after user selects telemetry preference in the popup modal.
Improved telemetry popup to display on first admin visit even when transient expires.
Enhanced form field selector accuracy for telemetry card JavaScript interactions.

1.0.0 – 2026-03-18

Initial release.
Added custom login slug functionality.
Added styling options for login page.
Added login attempt limiting and history logging.
Enhanced visual customization for the login page (Logo resizing, custom links, colors).