=== Customize WordPress Login and Registration Page - WPOrLogin ===

Contributors: Oregoom
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CTG69VCQ5TZZN&source=url
Tags: custom login, hide login, limit login, recaptcha, security
Requires at least: 5.2
Tested up to: 6.9
Stable tag: 2.11
Requires PHP: 7.2
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Secure & Customize Login: Hide Login URL, Limit Attempts, reCAPTCHA, Redirects & Pro Design. The complete 6-in-1 solution for your site.

== Description ==

Is your WordPress login page secure? Does it look professional?
The default `wp-login.php` page is the #1 target for hackers and looks unbranded to your customers.

**WPOrLogin** is not just a customizer; it is a **complete 6-Module Suite** designed to secure, brand, and optimize the access point of your website. We combine forensic-grade security with pixel-perfect design control.

Stop installing 6 different plugins. WPOrLogin does it all:

=== 1. DESIGN & BRANDING MODULE ===
**Why do you need it?**
A generic WordPress login confuses users and hurts your brand authority.
**What it does:**
* **Custom Logo:** Replace the WordPress logo with your own business identity.
* **Backgrounds:** Upload custom wallpapers or choose from our HD gallery.
* **Colors:** Match buttons, links, and forms to your brand's color palette.
* **Templates:** Use our Basic, Standard, or Premium layouts for instant results.

=== 2. HIDE LOGIN MODULE (NEW!) ===
**Why do you need it?**
Bots and scripts target `wp-login.php` thousands of times a day, slowing down your server.
**What it does:**
* **Rename URL:** Change your login address to a secret slug like `/access`, `/my-portal`, or `/private`.
* **Stop Attacks:** Anyone visiting the old URL gets a "404 Not Found" error.
* **Hybrid Email Strategy:** Unlike other plugins, our smart technology ensures password reset emails **never break**, keeping your site functional and secure.

=== 3. LIMIT LOGIN ATTEMPTS MODULE ===
**Why do you need it?**
Hackers use "Brute Force" to guess your password by trying millions of combinations.
**What it does:**
* **Block Intruders:** Automatically locks out IPs after too many failed attempts (e.g., 3 failures = 20-minute ban).
* **Forensic Report:** Provides a live report of blocked IPs, attack times, and geolocation.
* **Smart Warning:** Warns real users before they get locked out to prevent frustration.

=== 4. GOOGLE reCAPTCHA MODULE ===
**Why do you need it?**
To distinguish between a human user and an automated script instantly.
**What it does:**
* **Dual Support:** Compatible with **v2 (Checkbox)** and **v3 (Invisible)**.
* **Full Coverage:** Protects Login, Registration, and "Lost Password" forms.

=== 5. REDIRECT MODULE ===
**Why do you need it?**
Sending a customer to the erratic "Dashboard" after login is bad User Experience (UX).
**What it does:**
* **Login Flow:** Send users directly to a Welcome Page, Shop, or Member Area upon login.
* **Logout Flow:** Redirect users to your Home Page or a special "Goodbye" offer page after logging out.

=== 6. REMOVE LANGUAGE MODULE ===
**Why do you need it?**
The language dropdown added by WordPress can be distracting and break your custom design.
**What it does:**
* **Clean Interface:** Completely removes the language selector from the login screen with one click, keeping your design minimalist and focused.

== Installation ==

= Automatic Installation =
1.  Go to **Plugins > Add New** in your WordPress Dashboard.
2.  Search for **WPOrLogin**.
3.  Click **Install Now** and **Activate**.
4.  Navigate to the "WPOrLogin" menu to configure your modules.

= Manual Installation =
1.  Download the `.zip` file.
2.  Go to **Plugins > Add New > Upload**.
3.  Upload `wporlogin.zip` and activate.

== Frequently Asked Questions ==

= HIDE LOGIN & SECURITY =

**Q: If I hide my login, will I get locked out?**
A: No. If you forget your custom URL, you can simply rename the `/plugins/wporlogin/` folder via FTP to deactivate the plugin temporarily. Additionally, the plugin protects you from configuring a broken URL.

**Q: Does "Hide Login" break caching plugins (WP Rocket, etc.)?**
A: It works fine, but we recommend adding your new login slug (e.g., `/access`) to the "Never Cache" exclusion list of your caching plugin to ensure smooth performance.

**Q: How does Limit Login differ from other security plugins?**
A: WPOrLogin is lightweight. We don't bloat your database with millions of logs. We use transient data to handle bans efficiently, keeping your site fast while secure.

= COMPATIBILITY & USAGE =

**Q: Why remove the Language Switcher?**
A: For membership sites or client portals, the language switcher often looks out of place or breaks the visual layout. Removing it creates a seamless "App-like" feel.

**Q: Can I use reCAPTCHA v3 (Invisible)?**
A: Yes! We fully support v3. It analyzes user behavior behind the scenes without requiring them to click a checkbox, offering the best friction-less experience.

**Q: Does the Redirect module work for Administrators?**
A: By default, we prioritize user experience for Subscribers, Customers, and Editors. We often prevent Admin redirection to ensure you always have access to the dashboard settings.

**Q: Is this plugin compliant with GDPR?**
A: Yes. WPOrLogin does not collect personal data from your users. It only processes IP addresses locally for security (Limit Login) and connects to Google for reCAPTCHA (subject to Google's privacy policy).

== Screenshots ==

1. Premium Design - Layout Example
2. Premium Design - Layout Example
3. Premium Design - Layout Example
4. Premium Design - Layout Example
5. Standard Design Layout
6. Basic Design Layout
7. Module: Design Configuration
8. Module: Standard Configuration
9. Module: Premium Configuration
10. Module: Google reCAPTCHA Settings
11. Module: Remove Language Selector
12. Module: Redirect Settings
13. Module: Limit Login (Security Report)
14. Module: Hide Login (Custom URLs)

== Changelog ==

= 2.11 =
* **NEW MODULE:** **Hide Login**. Renames `wp-login.php` to a custom URL to prevent bot attacks.
* **FEATURE:** Smart Hybrid URL Strategy ensuring email password resets work perfectly with custom login URLs.
* **SECURITY:** Added protection to block direct access to `wp-admin` for non-logged-in users.
* **COMPATIBILITY:** Tested up to WordPress 6.9.

= 2.10 =
* **NEW MODULE:** **Limit Login Attempts**. Tracks failed logins and blocks malicious IPs.
* **FEATURE:** Live Block Report with geolocation links.
* **UX:** Dynamic "Attempts Remaining" warning for users.

= 2.9.8 =
* Confirmed compatibility with WordPress 6.8.

= 2.9.7 =
* Improved review notice logic.

= 2.9.6 =
* Added color customization for buttons/links.

= 2.9.4 =
* Multi-language support added.

= 2.9.3 =
* Added Redirect Module functionality.

= 2.9 =
* Added Google reCAPTCHA v3 support.

= 2.7 =
* Added "Remove Language" module.

= 1.0 =
* Initial Release.

== Upgrade Notice ==

= 2.11 =
**Critical Feature:** Added "Hide Login" module. You can now rename your login URL to stop bots instantly. Includes hybrid email protection.

= 2.10 =
**Security Update:** Added "Limit Login Attempts" module to stop brute-force attacks.