Dotsquares Custom Login URL & Security Suite helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers — all from one beautifully designed dashboard.

🔑 Login Security

Custom login slug — redirect wp-login.php to your own secret URL
Optionally hide wp-login.php (returns 404 for guests)
Optionally block wp-admin for non-logged-in users
Brute force protection with configurable lockout thresholds
Login honeypot trap (hidden field that catches bots)
Two-Factor Authentication (TOTP — works with Google Authenticator, Authy, etc.)
Weak username detection (blocks “admin”, “root”, “test”, etc.)
Force logout after inactivity (configurable timeout)
Manual approval for new user registrations
Prevent display name from matching username

🛡️ Firewall

Disable XML-RPC (common attack vector)
Block bad bots and fake user agents (40+ known bots)
Block POST requests with empty User-Agent headers
Rate limiting per IP address
IP blacklist and whitelist (supports CIDR ranges)
Geo-blocking by country code
Restrict REST API for non-logged-in users
Prevent user enumeration via ?author= scans

🔍 Malware & File Scanner

Deep scan of WordPress core, plugins, themes and uploads
40+ malware signature patterns (PHP shells, backdoors, crypto miners, pharma hacks, SEO spam injections)
Detects known web shells by filename (c99, r57, WSO, b374k, adminer, etc.)
WordPress core file integrity check (compares against official api.wordpress.org checksums)
Detects PHP files hidden inside the uploads folder
Suspicious code pattern detection (eval, exec, base64_decode combos, etc.)
File change detection using MD5 hash baseline
File permission scanner (755/644 standards)
.htaccess security rules generator

👥 User & Session Management

View and kill active user sessions
Session tracking with IP and user-agent logging
Manual user approval workflow

📊 Monitoring & Logs

Security event log (login, logout, failed attempts, plugin/theme changes)
IP blocking log with unblock controls
Real-time security score (A–F grade with per-check breakdown)

⚙️ Other Features

Maintenance mode with custom message
Database backup download
Email alerts for security events
Beautiful admin dashboard with quick-toggle switches

Important

Hardening actions such as DB prefix change and wp-content rename are advanced operations.
Always run these features on a staging environment and ensure you have a full backup before applying them on production.