{"id":278107,"date":"2026-02-07T06:18:30","date_gmt":"2026-02-07T06:18:30","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/custom-login-url-login-designer\/"},"modified":"2026-03-30T11:09:06","modified_gmt":"2026-03-30T11:09:06","slug":"custom-login-url-login-designer","status":"publish","type":"plugin","link":"https:\/\/ug.wordpress.org\/plugins\/custom-login-url-login-designer\/","author":23443920,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.6.4","stable_tag":"1.6.4","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Dotsquares Custom Login URL & Security Suite","header_author":"Mahesh Sharma","header_description":"Change the WordPress login URL and manage a modern login page design from the admin.","assets_banners_color":"775347","last_updated":"2026-03-30 11:09:06","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/custom-login-url-login-designer","header_author_uri":"https:\/\/profiles.wordpress.org\/maheshsharmads\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":684,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.6.3":{"tag":"1.6.3","author":"maheshsharmads","date":"2026-03-30 09:52:56"},"1.6.4":{"tag":"1.6.4","author":"maheshsharmads","date":"2026-03-30 11:09:06"}},"upgrade_notice":{"1.6.3":"<p>Major update: adds a deep Wordfence-style malware scanner with 40+ signatures, WordPress core integrity checking, and full WordPress coding standards compliance. Recommended for all users.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3455804,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3455804,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3486442,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3486442,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.6.3","1.6.4"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Security dashboard with score, stats, and quick-toggle switches","2":"Custom login URL settings and brute force protection","3":"Malware scanner with deep scan results and severity levels","4":"Firewall settings with IP blocking table","5":"Security event log with filtering","6":"User sessions and approval management"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,1174,602,55021,600],"plugin_category":[38,43,54],"plugin_contributors":[255381],"plugin_business_model":[],"class_list":["post-278107","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-firewall","plugin_tags-login","plugin_tags-malware-scanner","plugin_tags-security","plugin_category-authentication","plugin_category-customization","plugin_category-security-and-spam-protection","plugin_contributors-maheshsharmads","plugin_committers-maheshsharmads"],"banners":{"banner":"https:\/\/ps.w.org\/custom-login-url-login-designer\/assets\/banner-772x250.png?rev=3486442","banner_2x":"https:\/\/ps.w.org\/custom-login-url-login-designer\/assets\/banner-1544x500.png?rev=3486442","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/custom-login-url-login-designer\/assets\/icon-128x128.png?rev=3455804","icon_2x":"https:\/\/ps.w.org\/custom-login-url-login-designer\/assets\/icon-256x256.png?rev=3455804","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Dotsquares Custom Login URL &amp; Security Suite<\/strong> helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers \u2014 all from one beautifully designed dashboard.<\/p>\n\n<h4>\ud83d\udd11 Login Security<\/h4>\n\n<ul>\n<li>Custom login slug \u2014 redirect wp-login.php to your own secret URL<\/li>\n<li>Optionally hide wp-login.php (returns 404 for guests)<\/li>\n<li>Optionally block wp-admin for non-logged-in users<\/li>\n<li>Brute force protection with configurable lockout thresholds<\/li>\n<li>Login honeypot trap (hidden field that catches bots)<\/li>\n<li>Two-Factor Authentication (TOTP \u2014 works with Google Authenticator, Authy, etc.)<\/li>\n<li>Weak username detection (blocks \"admin\", \"root\", \"test\", etc.)<\/li>\n<li>Force logout after inactivity (configurable timeout)<\/li>\n<li>Manual approval for new user registrations<\/li>\n<li>Prevent display name from matching username<\/li>\n<\/ul>\n\n<h4>\ud83d\udee1\ufe0f Firewall<\/h4>\n\n<ul>\n<li>Disable XML-RPC (common attack vector)<\/li>\n<li>Block bad bots and fake user agents (40+ known bots)<\/li>\n<li>Block POST requests with empty User-Agent headers<\/li>\n<li>Rate limiting per IP address<\/li>\n<li>IP blacklist and whitelist (supports CIDR ranges)<\/li>\n<li>Geo-blocking by country code<\/li>\n<li>Restrict REST API for non-logged-in users<\/li>\n<li>Prevent user enumeration via ?author= scans<\/li>\n<\/ul>\n\n<h4>\ud83d\udd0d Malware &amp; File Scanner<\/h4>\n\n<ul>\n<li>Deep scan of WordPress core, plugins, themes and uploads<\/li>\n<li>40+ malware signature patterns (PHP shells, backdoors, crypto miners, pharma hacks, SEO spam injections)<\/li>\n<li>Detects known web shells by filename (c99, r57, WSO, b374k, adminer, etc.)<\/li>\n<li>WordPress core file integrity check (compares against official api.wordpress.org checksums)<\/li>\n<li>Detects PHP files hidden inside the uploads folder<\/li>\n<li>Suspicious code pattern detection (eval, exec, base64_decode combos, etc.)<\/li>\n<li>File change detection using MD5 hash baseline<\/li>\n<li>File permission scanner (755\/644 standards)<\/li>\n<li>.htaccess security rules generator<\/li>\n<\/ul>\n\n<h4>\ud83d\udc65 User &amp; Session Management<\/h4>\n\n<ul>\n<li>View and kill active user sessions<\/li>\n<li>Session tracking with IP and user-agent logging<\/li>\n<li>Manual user approval workflow<\/li>\n<\/ul>\n\n<h4>\ud83d\udcca Monitoring &amp; Logs<\/h4>\n\n<ul>\n<li>Security event log (login, logout, failed attempts, plugin\/theme changes)<\/li>\n<li>IP blocking log with unblock controls<\/li>\n<li>Real-time security score (A\u2013F grade with per-check breakdown)<\/li>\n<\/ul>\n\n<h4>\u2699\ufe0f Other Features<\/h4>\n\n<ul>\n<li>Maintenance mode with custom message<\/li>\n<li>Database backup download<\/li>\n<li>Email alerts for security events<\/li>\n<li>Beautiful admin dashboard with quick-toggle switches<\/li>\n<\/ul>\n\n<h3>Important<\/h3>\n\n<p>Hardening actions such as <strong>DB prefix change<\/strong> and <strong>wp-content rename<\/strong> are advanced operations.\nAlways run these features on a <strong>staging environment<\/strong> and ensure you have a <strong>full backup<\/strong> before applying them on production.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin ZIP via <strong>Plugins \u2192 Add New \u2192 Upload Plugin<\/strong>.<\/li>\n<li>Activate the plugin.<\/li>\n<li>Go to <strong>DS Shield<\/strong> in your WordPress admin menu to configure options.<\/li>\n<li><strong>Important:<\/strong> Bookmark your new login URL before saving changes!<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"i%20forgot%20my%20custom%20login%20url.%20how%20do%20i%20recover%20access%3F\"><h3>I forgot my custom login URL. How do I recover access?<\/h3><\/dt>\n<dd><p>Deactivate the plugin via FTP by renaming the plugin folder, then log in normally using \/wp-login.php and reactivate it.<\/p><\/dd>\n<dt id=\"is%20this%20compatible%20with%20woocommerce%3F\"><h3>Is this compatible with WooCommerce?<\/h3><\/dt>\n<dd><p>Yes. The custom login URL works with WooCommerce's My Account page.<\/p><\/dd>\n<dt id=\"can%20i%20use%20google%20authenticator%20for%202fa%3F\"><h3>Can I use Google Authenticator for 2FA?<\/h3><\/dt>\n<dd><p>Yes. Any TOTP-compatible app works: Google Authenticator, Authy, Microsoft Authenticator, Bitwarden, and others.<\/p><\/dd>\n<dt id=\"will%20the%20malware%20scanner%20slow%20down%20my%20site%3F\"><h3>Will the malware scanner slow down my site?<\/h3><\/dt>\n<dd><p>No. The scanner only runs when you manually trigger it from the admin dashboard. It has no impact on front-end performance.<\/p><\/dd>\n<dt id=\"how%20does%20the%20core%20integrity%20check%20work%3F\"><h3>How does the core integrity check work?<\/h3><\/dt>\n<dd><p>The scanner fetches official MD5 checksums for your WordPress version from api.wordpress.org and compares every core file against them. Any differences are flagged.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.6.3<\/h4>\n\n<ul>\n<li>Added deep malware scanner with 40+ signature patterns (PHP shells, backdoors, crypto miners, pharma hacks)<\/li>\n<li>Added WordPress core file integrity check via api.wordpress.org checksums<\/li>\n<li>Added detection of known web shell filenames (c99, r57, WSO, b374k, adminer, etc.)<\/li>\n<li>Added PHP-in-uploads detection (critical severity)<\/li>\n<li>Added suspicious code pattern detection (eval\/exec\/base64 combos)<\/li>\n<li>Added file change detection using MD5 hash baseline comparison<\/li>\n<li>Added animated scan progress UI with step-by-step status<\/li>\n<li>Added colour-coded scan results (Critical \/ High \/ Medium \/ Low \/ Info)<\/li>\n<li>Added scan options: toggle Core \/ Plugins \/ Themes \/ Uploads \/ Deep Malware independently<\/li>\n<li>Fixed: all WordPress coding standards errors and warnings (PHPCS clean)<\/li>\n<li>Fixed: namespace declaration order in all module files<\/li>\n<li>Fixed: missing translators comments on all i18n printf() calls<\/li>\n<li>Fixed: unordered placeholders in translatable strings<\/li>\n<li>Fixed: HTTP_USER_AGENT missing wp_unslash() sanitization<\/li>\n<li>Fixed: register_setting() missing sanitize_callback<\/li>\n<li>Fixed: load_plugin_textdomain() removed (deprecated since WP 4.6)<\/li>\n<li>Fixed: date() replaced with gmdate() throughout<\/li>\n<li>Fixed: parse_url() replaced with wp_parse_url()<\/li>\n<li>Fixed: rand() replaced with wp_rand()<\/li>\n<li>Improved: all $_POST\/$_GET\/$_SERVER superglobals now properly unslashed and sanitized<\/li>\n<li>Improved: all DB queries use $wpdb-&gt;prepare() or esc_sql() for identifiers<\/li>\n<\/ul>\n\n<h4>1.6.2<\/h4>\n\n<ul>\n<li>Custom login slug now loads login form without redirecting to wp-login.php (URL stays masked)<\/li>\n<\/ul>\n\n<h4>1.6.1<\/h4>\n\n<ul>\n<li>Fixed redirect loop on custom login URL<\/li>\n<li>Improved compatibility when permalinks are not flushed<\/li>\n<\/ul>\n\n<h4>1.6.0<\/h4>\n\n<ul>\n<li>Added Brute Force protection<\/li>\n<li>Added Firewall module<\/li>\n<li>Added Malware scanner<\/li>\n<li>Added Hardening tools (DB prefix change, wp-content rename) with backup + rollback UI<\/li>\n<li>Added Security Dashboard<\/li>\n<\/ul>","raw_excerpt":"Change your WordPress login URL, design the login page, and enhance your site&#039;s security with built-in protection tools.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/278107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=278107"}],"author":[{"embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/maheshsharmads"}],"wp:attachment":[{"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=278107"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=278107"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=278107"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=278107"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=278107"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=278107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}