=== Secure Login Shield ===
Contributors: bdtreder
Author: Ben Treder
Author URI: https://BenTreder.com
Support Email: bdtreder@gmail.com
Plugin URI: https://BenTreder.com/wordpress-plugins/secure-login-shield/
Tags: login security, brute force protection, login protection, wordpress security, hide login
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 2.0.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Protect your WordPress login with a private login URL, stealth 404 behavior, and logged-out wp-admin redirect protection.

== Description ==

Secure Login Shield helps reduce unwanted direct access to the default WordPress login screen by letting you create a private login URL for your site.

Instead of leaving your login page exposed at the usual wp-login.php path, Secure Login Shield lets you choose a private slug such as /dragon-lair. Once configured, direct visits to wp-login.php are blocked with stealth 404 behavior, and logged-out visits to wp-admin are redirected away from the dashboard.

This plugin is designed to be focused, lightweight, and easy to understand. It does not try to replace a full firewall or enterprise security suite. It focuses on one important job: making your WordPress login harder to find and less exposed to basic automated login traffic.

= What Secure Login Shield Does =

* Creates a private login URL for your WordPress site.
* Blocks direct access to wp-login.php after setup.
* Returns stealth 404 behavior for unwanted direct login access.
* Redirects logged-out wp-admin visitors to the homepage.
* Adds a cleaner admin dashboard with setup status and security score.
* Keeps settings simple and lightweight.
* Does not require an external service.
* Does not track visitors or send site data to a third-party service.

= Why This Helps =

Many automated bots look for the default WordPress login screen. Moving normal login access to a private URL can help reduce noise, unwanted login attempts, and casual automated probing.

Secure Login Shield is best used as part of a broader WordPress security setup that may also include strong passwords, two-factor authentication, regular updates, reputable hosting, and secure backups.

= Important Setup Note =

After changing your private login slug, save the new login URL somewhere safe before logging out.

If your private login URL does not load immediately, go to Settings → Permalinks and click Save Changes. If you use a cache plugin or CDN, clear your cache after changing the slug.

= Privacy =

Secure Login Shield stores its settings in your WordPress database. The free plugin does not send login data, IP addresses, analytics, or settings to an external service.

== Installation ==

1. Upload the plugin folder to /wp-content/plugins/ or install it from the WordPress plugin screen.
2. Activate Secure Login Shield.
3. Go to Settings → Secure Login Shield.
4. Choose your private login slug.
5. Save your settings.
6. Save the private login URL somewhere safe.
7. If needed, visit Settings → Permalinks and click Save Changes.

== Frequently Asked Questions ==

= What happens if I forget my private login URL? =

You can temporarily disable the plugin by renaming the plugin folder through FTP, SSH, or your hosting file manager. Once the plugin is disabled, default WordPress login behavior is restored.

= Does this replace two-factor authentication? =

No. Secure Login Shield is focused on private login URL protection. For stronger account security, use strong passwords and two-factor authentication.

= Does this block all brute force attacks? =

No plugin can honestly promise to block every attack. Secure Login Shield reduces exposure to the default login path and helps cut down on basic automated login probing.

= Will this work with caching or CDN services? =

Usually, yes. After changing your login slug, clear your cache or CDN. Avoid caching your private login URL.

= Does the plugin collect data? =

No. The free plugin stores settings locally in WordPress and does not send analytics or login data to an external service.

= How do I remove the plugin safely? =

Deactivate the plugin to restore default login behavior. If you delete the plugin, its stored option is removed by the uninstall routine.

== Screenshots ==

1. Secure Login Shield settings dashboard.
2. Private login URL and protection status screen.

== Changelog ==

= 2.0.4 =
* Updated compatibility metadata for WordPress 7.0.
* Confirmed PHP requirement remains 7.4 or newer.


= 2.0.3 =
* Corrected the WordPress.org contributor username to bdtreder.


= 2.0.2 =
* Final branding cleanup for BenTreder.com plugin links.
* Removed remaining old plugin subdomain wording from the readme.


= 2.0.1 =
* Updated plugin branding to use BenTreder.com as the primary website.
* Removed old plugin subdomain references.
* Added direct support contact information.


= 2.0.0 =
* Added a cleaner admin dashboard with setup status and security score.
* Improved request input handling for WordPress.org compliance.
* Improved settings save handling with nonce, unslash, and sanitization flow.
* Improved readme content for clearer setup, privacy, and safety expectations.
* Prepared the free plugin for a cleaner premium upgrade path.

= 1.3.0 =
* Improved private login behavior and WordPress.org assets.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 2.0.0 =
Secure Login Shield 2.0.0 improves the admin experience, setup guidance, and WordPress.org security compliance.
