Title: Dotsquares Custom Login URL & Security Suite Author: maheshsharmads Published: 2026 年 2 月 7 日 Last modified: 2026 年 3 月 30 日 --- 搜索插件 ![](https://ps.w.org/custom-login-url-login-designer/assets/banner-772x250.png?rev =3486442) ![](https://ps.w.org/custom-login-url-login-designer/assets/icon-256x256.png?rev =3455804) # Dotsquares Custom Login URL & Security Suite 作者:[maheshsharmads](https://profiles.wordpress.org/maheshsharmads/) [下载](https://downloads.wordpress.org/plugin/custom-login-url-login-designer.1.6.4.zip) * [详情](https://cn.wordpress.org/plugins/custom-login-url-login-designer/#description) * [评价](https://cn.wordpress.org/plugins/custom-login-url-login-designer/#reviews) * [安装](https://cn.wordpress.org/plugins/custom-login-url-login-designer/#installation) * [开发进展](https://cn.wordpress.org/plugins/custom-login-url-login-designer/#developers) [支持](https://wordpress.org/support/plugin/custom-login-url-login-designer/) ## 描述 **Dotsquares Custom Login URL & Security Suite** helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers— all from one beautifully designed dashboard. #### 🔑 Login Security * Custom login slug — redirect wp-login.php to your own secret URL * Optionally hide wp-login.php (returns 404 for guests) * Optionally block wp-admin for non-logged-in users * Brute force protection with configurable lockout thresholds * Login honeypot trap (hidden field that catches bots) * Two-Factor Authentication (TOTP — works with Google Authenticator, Authy, etc.) * Weak username detection (blocks “admin”, “root”, “test”, etc.) * Force logout after inactivity (configurable timeout) * Manual approval for new user registrations * Prevent display name from matching username #### 🛡️ Firewall * Disable XML-RPC (common attack vector) * Block bad bots and fake user agents (40+ known bots) * Block POST requests with empty User-Agent headers * Rate limiting per IP address * IP blacklist and whitelist (supports CIDR ranges) * Geo-blocking by country code * Restrict REST API for non-logged-in users * Prevent user enumeration via ?author= scans #### 🔍 Malware & File Scanner * Deep scan of WordPress core, plugins, themes and uploads * 40+ malware signature patterns (PHP shells, backdoors, crypto miners, pharma hacks, SEO spam injections) * Detects known web shells by filename (c99, r57, WSO, b374k, adminer, etc.) * WordPress core file integrity check (compares against official api.wordpress. org checksums) * Detects PHP files hidden inside the uploads folder * Suspicious code pattern detection (eval, exec, base64_decode combos, etc.) * File change detection using MD5 hash baseline * File permission scanner (755/644 standards) * .htaccess security rules generator #### 👥 User & Session Management * View and kill active user sessions * Session tracking with IP and user-agent logging * Manual user approval workflow #### 📊 Monitoring & Logs * Security event log (login, logout, failed attempts, plugin/theme changes) * IP blocking log with unblock controls * Real-time security score (A–F grade with per-check breakdown) #### ⚙️ Other Features * Maintenance mode with custom message * Database backup download * Email alerts for security events * Beautiful admin dashboard with quick-toggle switches ### Important Hardening actions such as **DB prefix change** and **wp-content rename** are advanced operations. Always run these features on a **staging environment** and ensure you have a **full backup** before applying them on production. ## 安装 1. Upload the plugin ZIP via **Plugins Add New Upload Plugin**. 2. Activate the plugin. 3. Go to **DS Shield** in your WordPress admin menu to configure options. 4. **Important:** Bookmark your new login URL before saving changes! ## 常见问题 ### I forgot my custom login URL. How do I recover access? Deactivate the plugin via FTP by renaming the plugin folder, then log in normally using /wp-login.php and reactivate it. ### Is this compatible with WooCommerce? Yes. The custom login URL works with WooCommerce’s My Account page. ### Can I use Google Authenticator for 2FA? Yes. Any TOTP-compatible app works: Google Authenticator, Authy, Microsoft Authenticator, Bitwarden, and others. ### Will the malware scanner slow down my site? No. The scanner only runs when you manually trigger it from the admin dashboard. It has no impact on front-end performance. ### How does the core integrity check work? The scanner fetches official MD5 checksums for your WordPress version from api.wordpress. org and compares every core file against them. Any differences are flagged. ## 评价 此插件暂无评价。 ## 贡献者及开发者 「Dotsquares Custom Login URL & Security Suite」是开源软件。 以下人员对此插件做出 了贡献。 贡献者 * [ maheshsharmads ](https://profiles.wordpress.org/maheshsharmads/) [帮助将「Dotsquares Custom Login URL & Security Suite」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/custom-login-url-login-designer) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/custom-login-url-login-designer/), 查看[SVN仓库](https://plugins.svn.wordpress.org/custom-login-url-login-designer/), 或通过[RSS](https://plugins.trac.wordpress.org/log/custom-login-url-login-designer/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/custom-login-url-login-designer/)。 ## 更新日志 #### 1.6.3 * Added deep malware scanner with 40+ signature patterns (PHP shells, backdoors, crypto miners, pharma hacks) * Added WordPress core file integrity check via api.wordpress.org checksums * Added detection of known web shell filenames (c99, r57, WSO, b374k, adminer, etc.) * Added PHP-in-uploads detection (critical severity) * Added suspicious code pattern detection (eval/exec/base64 combos) * Added file change detection using MD5 hash baseline comparison * Added animated scan progress UI with step-by-step status * Added colour-coded scan results (Critical / High / Medium / Low / Info) * Added scan options: toggle Core / Plugins / Themes / Uploads / Deep Malware independently * Fixed: all WordPress coding standards errors and warnings (PHPCS clean) * Fixed: namespace declaration order in all module files * Fixed: missing translators comments on all i18n printf() calls * Fixed: unordered placeholders in translatable strings * Fixed: HTTP_USER_AGENT missing wp_unslash() sanitization * Fixed: register_setting() missing sanitize_callback * Fixed: load_plugin_textdomain() removed (deprecated since WP 4.6) * Fixed: date() replaced with gmdate() throughout * Fixed: parse_url() replaced with wp_parse_url() * Fixed: rand() replaced with wp_rand() * Improved: all $_POST/$_GET/$_SERVER superglobals now properly unslashed and sanitized * Improved: all DB queries use $wpdb->prepare() or esc_sql() for identifiers #### 1.6.2 * Custom login slug now loads login form without redirecting to wp-login.php (URL stays masked) #### 1.6.1 * Fixed redirect loop on custom login URL * Improved compatibility when permalinks are not flushed #### 1.6.0 * Added Brute Force protection * Added Firewall module * Added Malware scanner * Added Hardening tools (DB prefix change, wp-content rename) with backup + rollback UI * Added Security Dashboard ## 额外信息 * 版本 **1.6.4** * 最后更新:**3 周前** * 活跃安装数量 **不到10** * WordPress 版本 ** 6.0 或更高版本 ** * 已测试的最高版本为 **6.9.4** * PHP 版本 ** 7.4 或更高版本 ** * 语言 * [English (US)](https://wordpress.org/plugins/custom-login-url-login-designer/) * 标签 * [Brute Force](https://cn.wordpress.org/plugins/tags/brute-force/)[firewall](https://cn.wordpress.org/plugins/tags/firewall/) [login](https://cn.wordpress.org/plugins/tags/login/)[malware scanner](https://cn.wordpress.org/plugins/tags/malware-scanner/) [security](https://cn.wordpress.org/plugins/tags/security/) * [高级视图](https://cn.wordpress.org/plugins/custom-login-url-login-designer/advanced/) ## 评级 尚未提交反馈。 [Your review](https://wordpress.org/support/plugin/custom-login-url-login-designer/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/custom-login-url-login-designer/reviews/) ## 贡献者 * [ maheshsharmads ](https://profiles.wordpress.org/maheshsharmads/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/custom-login-url-login-designer/)