=== ACS Security ===
Contributors: acs
Tags: security, login, custom-login-url, hide-login
Requires at least: 5.8
Tested up to: 6.7
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Enhance your WordPress security by changing the login URL. Lightweight, extensible, and jQuery-free.

== Description ==

ACS Security lets you easily change the default WordPress login URL (`wp-login.php`) to any custom URL you choose. This simple but effective measure helps reduce automated brute-force attacks that target the standard login page.

= Key Features =

* **Custom Login URL** – Change `wp-login.php` to any custom slug you desire.
* **Automatic 404 Response** – Direct access to `wp-login.php` returns a 404 page for unauthenticated users.
* **Full Compatibility** – Works with password reset, registration, and logout workflows.
* **Lightweight** – No jQuery dependency. Built with pure vanilla JavaScript.
* **Extensible Architecture** – Modular design allows easy addition of future security features.
* **Developer Friendly** – Custom hooks and filters for extending functionality.

= How It Works =

1. Install and activate the plugin.
2. Go to **Settings > ACS Security**.
3. Enter your desired custom login slug (e.g., `my-secret-login`).
4. Save settings. Your login page is now at `https://yoursite.com/my-secret-login/`.
5. The original `wp-login.php` URL will return a 404 page to unauthenticated visitors.

= Important Notes =

* This plugin does **not** modify any WordPress core files.
* Remember your custom login URL. If you forget it, deactivate the plugin via FTP or your hosting file manager to restore the default login URL.
* This feature is best used alongside other security measures such as two-factor authentication and login attempt limiting.

== Installation ==

1. Upload the `acs-security` folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Navigate to **Settings > ACS Security** to configure the plugin.

== Frequently Asked Questions ==

= What happens if I forget my custom login URL? =

You can deactivate the plugin by renaming the plugin folder via FTP (e.g., rename `acs-security` to `acs-security-disabled`). This will restore the default `wp-login.php` login URL.

= Does this plugin modify WordPress core files? =

No. ACS Security uses WordPress hooks and filters to intercept and redirect login requests. No core files are modified.

= Is changing the login URL enough to secure my site? =

Changing the login URL is a useful "security through obscurity" measure that reduces automated attack noise, but it should not be your only security practice. We recommend also using strong passwords, two-factor authentication, and login attempt limiting.

= Will this break my password reset or registration pages? =

No. The plugin automatically rewrites all related URLs (password reset, registration, logout) to use the custom login slug.

= Is this plugin compatible with caching plugins? =

Yes. Since the custom login URL interception happens at the PHP level during the `init` hook, it works with most caching plugins. If you experience issues, try excluding the custom login URL from your cache.

== Screenshots ==

1. Settings page with custom login URL configuration.

== Changelog ==

= 1.0.0 =
* Initial release.
* Custom login URL feature with full URL filtering.
* Admin settings page with live URL preview.
* Client-side and server-side input validation.
* Automatic 404 response for default wp-login.php.
* WordPress coding standards compliance.

== Upgrade Notice ==

= 1.0.0 =
Initial release of ACS Security.
