Beschrijving
Dotsquares Custom Login URL & Security Suite helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers β all from one beautifully designed dashboard.
π Login Security
- Custom login slug β redirect wp-login.php to your own secret URL
- Optionally hide wp-login.php (returns 404 for guests)
- Optionally block wp-admin for non-logged-in users
- Brute force protection with configurable lockout thresholds
- Login honeypot trap (hidden field that catches bots)
- Two-Factor Authentication (TOTP β works with Google Authenticator, Authy, etc.)
- Weak username detection (blocks “admin”, “root”, “test”, etc.)
- Force logout after inactivity (configurable timeout)
- Manual approval for new user registrations
- Prevent display name from matching username
π‘οΈ Firewall
- Disable XML-RPC (common attack vector)
- Block bad bots and fake user agents (40+ known bots)
- Block POST requests with empty User-Agent headers
- Rate limiting per IP address
- IP blacklist and whitelist (supports CIDR ranges)
- Geo-blocking by country code
- Restrict REST API for non-logged-in users
- Prevent user enumeration via ?author= scans
π Malware & File Scanner
- Deep scan of WordPress core, plugins, themes and uploads
- 40+ malware signature patterns (PHP shells, backdoors, crypto miners, pharma hacks, SEO spam injections)
- Detects known web shells by filename (c99, r57, WSO, b374k, adminer, etc.)
- WordPress core file integrity check (compares against official api.wordpress.org checksums)
- Detects PHP files hidden inside the uploads folder
- Suspicious code pattern detection (eval, exec, base64_decode combos, etc.)
- File change detection using MD5 hash baseline
- File permission scanner (755/644 standards)
- .htaccess security rules generator
π₯ User & Session Management
- View and kill active user sessions
- Session tracking with IP and user-agent logging
- Manual user approval workflow
π Monitoring & Logs
- Security event log (login, logout, failed attempts, plugin/theme changes)
- IP blocking log with unblock controls
- Real-time security score (AβF grade with per-check breakdown)
βοΈ Other Features
- Maintenance mode with custom message
- Database backup download
- Email alerts for security events
- Beautiful admin dashboard with quick-toggle switches
Important
Hardening actions such as DB prefix change and wp-content rename are advanced operations.
Always run these features on a staging environment and ensure you have a full backup before applying them on production.
Installatie
- Upload the plugin ZIP via Plugins Add New Upload Plugin.
- Activate the plugin.
- Go to DS Shield in your WordPress admin menu to configure options.
- Important: Bookmark your new login URL before saving changes!
FAQ
-
I forgot my custom login URL. How do I recover access?
-
Deactivate the plugin via FTP by renaming the plugin folder, then log in normally using /wp-login.php and reactivate it.
-
Is this compatible with WooCommerce?
-
Yes. The custom login URL works with WooCommerce’s My Account page.
-
Can I use Google Authenticator for 2FA?
-
Yes. Any TOTP-compatible app works: Google Authenticator, Authy, Microsoft Authenticator, Bitwarden, and others.
-
Will the malware scanner slow down my site?
-
No. The scanner only runs when you manually trigger it from the admin dashboard. It has no impact on front-end performance.
-
How does the core integrity check work?
-
The scanner fetches official MD5 checksums for your WordPress version from api.wordpress.org and compares every core file against them. Any differences are flagged.
Beoordelingen
Er zijn geen beoordelingen voor deze plugin.
Bijdragers & ontwikkelaars
“Dotsquares Custom Login URL & Security Suite” is open source software. De volgende personen hebben bijgedragen aan deze plugin.
Bijdragers
Vertaal “Dotsquares Custom Login URL & Security Suite” in je eigen taal.
Interesse in ontwikkeling?
Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.
Changelog
1.6.3
- Added deep malware scanner with 40+ signature patterns (PHP shells, backdoors, crypto miners, pharma hacks)
- Added WordPress core file integrity check via api.wordpress.org checksums
- Added detection of known web shell filenames (c99, r57, WSO, b374k, adminer, etc.)
- Added PHP-in-uploads detection (critical severity)
- Added suspicious code pattern detection (eval/exec/base64 combos)
- Added file change detection using MD5 hash baseline comparison
- Added animated scan progress UI with step-by-step status
- Added colour-coded scan results (Critical / High / Medium / Low / Info)
- Added scan options: toggle Core / Plugins / Themes / Uploads / Deep Malware independently
- Fixed: all WordPress coding standards errors and warnings (PHPCS clean)
- Fixed: namespace declaration order in all module files
- Fixed: missing translators comments on all i18n printf() calls
- Fixed: unordered placeholders in translatable strings
- Fixed: HTTP_USER_AGENT missing wp_unslash() sanitization
- Fixed: register_setting() missing sanitize_callback
- Fixed: load_plugin_textdomain() removed (deprecated since WP 4.6)
- Fixed: date() replaced with gmdate() throughout
- Fixed: parse_url() replaced with wp_parse_url()
- Fixed: rand() replaced with wp_rand()
- Improved: all $_POST/$_GET/$_SERVER superglobals now properly unslashed and sanitized
- Improved: all DB queries use $wpdb->prepare() or esc_sql() for identifiers
1.6.2
- Custom login slug now loads login form without redirecting to wp-login.php (URL stays masked)
1.6.1
- Fixed redirect loop on custom login URL
- Improved compatibility when permalinks are not flushed
1.6.0
- Added Brute Force protection
- Added Firewall module
- Added Malware scanner
- Added Hardening tools (DB prefix change, wp-content rename) with backup + rollback UI
- Added Security Dashboard