=== Custom Login URL ===
Contributors: snehalpancholi
Tags: security, login, custom login, wp-login, security hardening
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.1
Stable tag: 1.0.0
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Change the WordPress login URL from wp-login.php to a custom slug. Direct access to the default login URL returns a 404 or redirects to the homepage.

== Description ==

Custom Login URL moves your WordPress login page to a URL of your choice (e.g., `example.com/my-portal/`). Bots and brute-force scripts that target `wp-login.php` will hit a dead end.

**Features**

* Simple slug input — alphanumeric + hyphens, no reserved WordPress paths
* Blocks direct access to wp-login.php (redirect to home or 404)
* Filters login_url, logout_url, lostpassword_url, register_url
* Multisite network_admin_url compatibility filter
* POST from wp-admin is allowed through (preserves WooCommerce My Account and similar)
* "Copy to clipboard" button on the settings page for the current login URL
* Current login URL shown prominently to avoid lockout

== Installation ==

1. Upload `custom-login-url` to `/wp-content/plugins/`.
2. Activate in **Plugins → Installed Plugins**.
3. Go to **Settings → Custom Login URL**.
4. **Note your custom login URL before enabling** — the URL is shown at the top of the settings page.
5. Set your desired slug, choose a blocking behaviour, and click **Save Settings**.
6. Tick the **Enable** checkbox and save again to activate.

== Frequently Asked Questions ==

= I enabled it and got locked out. What do I do? =
Connect via FTP/SFTP and rename or delete the `custom-login-url` folder inside `wp-content/plugins/`. That deactivates the plugin and restores normal wp-login.php access.

= Does it work with WooCommerce My Account? =
Yes. POST requests to wp-login.php that originate from wp-admin or from the custom login URL are allowed through, preserving WooCommerce checkout login and My Account.

= Does it work on multisite? =
Partial support. The `network_admin_url` filter handles login URL rewriting for network admin links. Test thoroughly on your specific multisite configuration.

= Why doesn't it use .htaccess rewriting? =
PHP-level interception is more portable across hosting environments and does not require Apache mod_rewrite.

== Changelog ==

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
