=== Secure Login Shield ===
Contributors: bentreder
Donate link: https://www.buymeacoffee.com/bentreder
Tags: login, security, custom login, wp-login, hardening
Requires at least: 5.0
Tested up to: 6.8
Requires PHP: 7.4
Stable tag: 1.3.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Create a private login URL and hide /wp-login.php with stealth 404s. Logged-out /wp-admin/ visits redirect to your homepage.

== Description ==

**Secure Login Shield** helps you lock down your WordPress login page.  
By default, WordPress exposes `/wp-login.php` and `/wp-admin/`. Bots hammer these URLs every day.

This plugin gives you a **private login slug** (e.g. `/dragon-lair`) and hides the default login endpoint:

* Defaults to `/wp-login.php` until you change it.
* Once changed, **only your custom slug** works.
* Direct access to `/wp-login.php` shows a **404 Not Found** (stealth mode).
* Logged-out visitors hitting `/wp-admin/` are **redirected to the homepage**.
* Deactivate the plugin → everything reverts to normal.

Made with ❤️ by [Ben Treder](https://BenTreder.com)

== Features ==

* **Private login slug** (e.g. `/dragon-lair`, `/control-center`, `/secret-gate`)
* **Stealth 404 protection**: Bots hitting `/wp-login.php` see “Not Found”
* **Homepage redirect**: `/wp-admin/` (logged out) → homepage
* **Easy settings page** under Settings → Secure Login Shield
* **Safe activation/deactivation**: no core hacks, auto-reverts when disabled

== Installation ==

1. Upload the `secure-login-shield` folder to the `/wp-content/plugins/` directory or install via Plugins → Add New → Upload.
2. Activate the plugin through the "Plugins" menu in WordPress.
3. **Go to Settings → Secure Login Shield.**
4. Set your private slug (example: `dragon-lair`).
5. **Go to Settings → Permalinks → Save Changes** (refresh rewrite rules).
6. If you use a caching plugin or CDN, **clear cache** to avoid stale redirects.
7. Log in using `https://yoursite.com/dragon-lair`.

**Important:** Bookmark your new login URL! If you forget it, you’ll need to disable the plugin via FTP or database.

== Frequently Asked Questions ==

= Will this break my site? =
No. By default it uses `/wp-login.php` until you change it. Deactivating the plugin instantly reverts WordPress to normal behavior.

= Can I completely block /wp-login.php? =
Yes. Once you set a slug, `/wp-login.php` (and actions) return a 404 Not Found.

= What if I forget my private slug? =
Deactivate the plugin via FTP (delete or rename `secure-login-shield`). WordPress will go back to `/wp-login.php`.

= Does this work with caching plugins or CDNs? =
Yes, but after changing your slug, you should clear cache/CDN to avoid serving stale redirects.

== Screenshots ==

1. Settings page showing the default login slug (/wp-login.php)
2. Settings page with a custom private slug (/dragon-lair)

== Contribute & Support ==

* Website: [BenTreder.com](https://BenTreder.com)  
* Author: [Ben Treder](https://profiles.wordpress.org/bentreder/)  
* Issues & Feature Requests: Please open a ticket on [BenTreder.com](https://BenTreder.com)  
* Like this plugin? ⭐ Leave a review and help spread the word!  
* ☕ Support development: [Buy Me a Coffee](https://www.buymeacoffee.com/bentreder)  

== Changelog ==

= 1.3.0 =
* Rebrand to **Secure Login Shield** by Ben Treder
* Default slug remains `/wp-login.php` (safe on first install)
* Added activation notice: Save permalinks + clear cache after activation
* Stealth 404 mode enforced when custom slug is chosen
* Homepage redirect for logged-out visits to `/wp-admin/`

= 1.2.0 =
* Added stealth 404 mode
* Improved security enforcement

= 1.1.0 =
* Redirected /wp-admin/ → homepage for logged-out users

= 1.0.0 =
* Initial release with custom login slug + wp-login.php block

== Upgrade Notice ==

= 1.3.0 =
After activating, **save permalinks** and **clear cache** to ensure your new login URL works correctly.
