=== AMSites Login Customizer ===
Contributors: amsiteswebexperts
Tags: login, customizer, branding, security, captcha
Requires at least: 5.6
Tested up to: 7.0
Requires PHP: 7.0
Stable tag: 1.9.6
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Visual login customizer: 30+ templates, gradient/image/video backgrounds, form styling, math captcha and a login attempts limiter.

== Description ==

AMSites Login Customizer is a lightweight, visual customizer for the WordPress login page by AM-Sites Web Experts. Pick from 30+ templates, customize gradients, image and video backgrounds, completely restyle the form, harden the login with a math captcha and an attempts limiter, save your own presets, and onboard with a step-by-step setup wizard.

All assets shipped with the plugin (logo and background presets) are bundled locally; no remote files are required for the plugin to work.

**Key features**

* 30+ ready-made login page templates (classic, animated, glass, neon, etc.).
* Gradient, image and video backgrounds with 20 image presets and 15 video presets.
* Full login form restyling: colors, typography, spacing, borders, shadows.
* Custom logo with click URL.
* Math Captcha with Simple / Medium / Hard difficulty.
* Login Attempts Limiter with IP and username blocking.
* Save and load your own presets.
* Dark admin mode and step-by-step setup wizard.

== Installation ==

1. Upload the `amsites-login-customizer` folder to the `/wp-content/plugins/` directory, or install the plugin through the **Plugins > Add New** screen in WordPress.
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Go to **AMSites Login** in the admin sidebar to open the customizer.
4. Pick a template, adjust colors, backgrounds and form options, then click **Save Changes**.
5. Visit `wp-login.php` (or your custom login slug) to preview the result.

== Frequently Asked Questions ==

= Does this plugin replace wp-login.php? =

No. It only restyles the existing WordPress login page and adds optional security features (captcha, attempts limiter). The standard WordPress login flow is preserved.

= Will it work with my theme and other plugins? =

Yes. The customizer only affects the `wp-login.php` page output, so your active theme is not modified and there is no conflict with front-end styles.

= Are the image and video backgrounds loaded from a remote server? =

No. All preset assets (logos and backgrounds) are bundled locally with the plugin. No remote requests are made for the plugin to work.

= How does the math captcha work? =

A short math question (e.g. `3 + 4 = ?`) is added to the login form. The answer is validated server-side together with a signed token. You can choose Simple, Medium or Hard difficulty.

= How can I reset the plugin to its default settings? =

Open the AMSites Login admin page and use the **Reset** button, or simply pick one of the built-in templates and save it again.

== Screenshots ==

1. Main dashboard with template gallery and quick actions.
2. Background settings: gradients, images and video presets.
3. Login form styling: colors, typography, spacing and borders.
4. Logo settings with click URL and live preview.
5. Security tab: math captcha difficulty and attempts limiter.
6. Presets tab: save, load and manage your custom presets.
7. Step-by-step setup wizard for first-time configuration.
8. Dark admin mode for the AMSites Login dashboard.

== Changelog ==

= 1.9.6 =
* Fixed: inlined `sanitize_text_field( wp_unslash( ... ) )` for `$_POST['amslc_captcha']` to satisfy WordPress.Security.ValidatedSanitizedInput.InputNotSanitized.
* Updated: readme "Tested up to" bumped to WordPress 7.0 and full WordPress.org readme compliance (Installation, FAQ, Screenshots, Upgrade Notice).

= 1.9.0 =
* Hardened: every echoed variable is now escaped at output (esc_attr/esc_html/esc_url/wp_kses_post) as required by WordPress.org.
* Hardened: all $_POST / $_SERVER reads are unslashed and sanitized; AJAX payloads are nonce-verified via guard() and JSON values are walked through map_deep + per-field sanitizers in AMSLC_Settings::update().
* Replaced the direct `require_once ABSPATH . 'wp-login.php'` include in the custom-slug handler with a safe `wp_safe_redirect( wp_login_url() )`; the wp-login.php "hide" branch now only runs for anonymous GET requests.
* Replaced direct `<script>` echoes in `rc_site_inline()` with `wp_register_script()` + `wp_add_inline_script()` on properly enqueued handles (both front-end and admin).
* `parse_url()` replaced with `wp_parse_url()`.
* Added `/* translators: */` comment to the "Blocked: try again in %d minute(s)" string.
* Prefixed the remaining loop variables in admin/view.php (`$amslc_sans`, `$amslc_serif`, `$amslc_disp`, `$amslc_rows`, `$amslc_r`, `$amslc_f`).
* Updated Author URI to the public WordPress.org author profile and rewrote the readme short description to fit the 150-character limit.

= 1.8.3 =
* Updated "Tested up to" header.

= 1.8.2 =
* Fixed admin CSS/JS not loading and all AJAX actions after the v1.8.0 prefix rename (menu hook + wp_ajax_* hooks).

= 1.8.0 =
* Renamed plugin to "AMSites Login Customizer" with the new slug "amsites-login-customizer".
* Prefixed all PHP declarations, options, AJAX actions and constants with the unique "amslc_" / "AMSLC_" prefix to avoid collisions.
* Bundled all background preset images locally; removed all remote (Unsplash/Pixabay) calls.
* Removed unnecessary load_plugin_textdomain() call (WordPress.org loads translations automatically since WP 4.6).

= 1.7.3 =
* Fixed readme "Tested up to" header for WordPress 6.8 compatibility.
* Synced Stable Tag with plugin Version.
* Additional hardening: stricter ABSPATH guards, capability checks, and nonce verification audited across all admin/AJAX entry points.

= 1.3.0 =
* 20 image presets + 15 video presets, accept any browser-supported video format.
* 8 new animated/effect templates (Aurora, Glow Pulse, Floating, Matrix, etc).
* Logo Click URL setting.
* Complete login form customization in dedicated tabs.
* Math Captcha with Simple/Medium/Hard difficulty.
* Login Attempts Limiter with IP/username block.
* Save/load custom presets.
* Dark admin mode.
* Step-by-step setup wizard.

== Upgrade Notice ==

= 1.9.6 =
Recommended: fixes a WordPress.org scanner warning on the captcha input sanitization and updates "Tested up to" to WordPress 7.0.

= 1.9.0 =
Security and compliance hardening across output escaping, input sanitization and script enqueueing. Recommended for all users.
