24TT Login Security and Brander is an enterprise-grade, zero-bloat security and white-labeling solution for WordPress. Designed for agencies and security-conscious site owners, it fortifies your WordPress perimeter while delivering a seamless, custom-branded login experience for your clients.

Instead of relying on heavy frameworks, this plugin uses native WordPress APIs and strictly optimized PHP to protect your site without slowing it down.

🛡️ Enterprise Perimeter Defense

Hide wp-login.php & /wp-admin/: Completely obfuscate your login portal. Bots and unauthenticated guests attempting to access default login routes are silently redirected to your homepage before core authentication redirects even trigger.
Brute Force Protection: Transient-based Limit Login Attempts. Locks out attackers for 15 minutes after 3 failed attempts, intercepting them at Priority 1 before heavy database queries execute.
Kill XML-RPC: Permanently disables XML-RPC to shut down massive DDoS and brute-force vectors.
Block User Enumeration: Prevents hackers from scraping usernames via author archives (/?author=1) and the REST API.
Generic Error Masking: Overwrites default login errors so attackers cannot verify if a username exists.

🎨 Agency-Grade Brander

Custom Login Logo: Replace the default WordPress logo with your client’s brand.
Custom Colors: Tailor the background and primary button colors using the native WordPress Color Picker.
Smart Contrast Calculator: Automatically detects if your background is light or dark (using the YIQ formula), adjusting the “Lost Password” and “Back to Site” links to guarantee 100% visual accessibility.
Role-Based Redirects: Automatically route administrators to the backend dashboard, while sending clients or subscribers to a custom URL (like a user portal).