{"id":233266,"date":"2025-05-31T19:11:25","date_gmt":"2025-05-31T19:11:25","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/wps-protect-login-url-security-headers\/"},"modified":"2025-06-25T11:17:42","modified_gmt":"2025-06-25T11:17:42","slug":"wps-protect-login-url-security-headers","status":"publish","type":"plugin","link":"https:\/\/bal.wordpress.org\/plugins\/wps-protect-login-url-security-headers\/","author":20426440,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1","stable_tag":"1.1","tested":"6.8.5","requires":"5.0","requires_php":"7.0","requires_plugins":null,"header_name":"WPS Protect: Login URL & Security Headers","header_author":"Muhammad Junaid Tariq","header_description":"Secure your site by hiding the login URL (protects from brute force attacks), adding security headers, and enforcing SSL.","assets_banners_color":"645213","last_updated":"2025-06-25 11:17:42","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/github.com\/Junaid43","rating":0,"author_block_rating":0,"active_installs":0,"downloads":334,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0":{"tag":"1.0","author":"junaid434","date":"2025-06-25 11:17:42"},"1.1":{"tag":"1.1","author":"junaid434","date":"2025-06-25 11:17:42"}},"upgrade_notice":{"1.1":"<p>This update includes new security features, improved login handling, and a better user interface. The Permissions-Policy header has been added, and the Content-Security-Policy has been optimized for better compatibility.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3304050,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":3312453,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3312453,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.1"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"<strong>Admin Dashboard<\/strong>: Tab-based interface for easy configuration","2":"<strong>Security Headers<\/strong>: Configure and customize all security headers","3":"<strong>Login Protection<\/strong>: Set up custom login URL and protection","4":"<strong>SSL Settings<\/strong>: Manage SSL enforcement and settings"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2846,602,203031,600,1536],"plugin_category":[38,54],"plugin_contributors":[243208],"plugin_business_model":[],"class_list":["post-233266","plugin","type-plugin","status-publish","hentry","plugin_tags-headers","plugin_tags-login","plugin_tags-permissions-policy","plugin_tags-security","plugin_tags-ssl","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-junaid434","plugin_committers-junaid434"],"banners":{"banner":"https:\/\/ps.w.org\/wps-protect-login-url-security-headers\/assets\/banner-772x250.jpg?rev=3312453","banner_2x":"https:\/\/ps.w.org\/wps-protect-login-url-security-headers\/assets\/banner-1544x500.jpg?rev=3312453","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/wps-protect-login-url-security-headers\/assets\/icon-256x256.png?rev=3304050","icon_2x":"https:\/\/ps.w.org\/wps-protect-login-url-security-headers\/assets\/icon-256x256.png?rev=3304050","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>The <strong>WPS Protect: Login URL &amp; Security Headers<\/strong> plugin enhances your WordPress site security with multiple layers of protection. It provides a comprehensive solution for securing your WordPress installation through custom login URL protection, advanced security headers, and SSL enforcement.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li><p><strong>Custom Login URL Protection<\/strong><\/p>\n\n<ul>\n<li>Change and hide the default WordPress login URL<\/li>\n<li>Protect against brute force attacks<\/li>\n<li>Maintain compatibility with wp-admin access<\/li>\n<\/ul><\/li>\n<li><p><strong>Advanced Security Headers<\/strong><\/p>\n\n<ul>\n<li>X-Frame-Options: Prevent clickjacking attacks<\/li>\n<li>X-XSS-Protection: Enable browser's XSS filtering<\/li>\n<li>X-Content-Type-Options: Prevent MIME-type sniffing<\/li>\n<li>Content-Security-Policy (CSP): Control resource loading<\/li>\n<li>Permissions-Policy: Control browser features and APIs<\/li>\n<li>Strict-Transport-Security (HSTS): Enforce HTTPS<\/li>\n<li>Referrer-Policy: Control referrer information<\/li>\n<li>Access-Control-Allow-Origin: Manage CORS policies<\/li>\n<\/ul><\/li>\n<li><p><strong>SSL Enforcement<\/strong><\/p>\n\n<ul>\n<li>Force HTTPS across your site<\/li>\n<li>Secure cookie handling<\/li>\n<li>Mixed content protection<\/li>\n<\/ul><\/li>\n<li><p><strong>User-Friendly Interface<\/strong><\/p>\n\n<ul>\n<li>Tab-based admin interface<\/li>\n<li>Easy configuration of all security features<\/li>\n<li>Recommended values for security headers<\/li>\n<li>Real-time feedback on settings changes<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to the <code>\/wp-content\/plugins\/wordpress-security<\/code> directory, or install the plugin through the WordPress plugins screen directly.<\/li>\n<li>Activate the plugin through the 'Plugins' screen in WordPress.<\/li>\n<li>Use the <strong>WPS Protect<\/strong> menu in the WordPress Admin Dashboard to configure the plugin.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='what%20happens%20if%20i%20forget%20the%20new%20login%20url%3F'><h3>What happens if I forget the new login URL?<\/h3><\/dt>\n<dd><p>If you forget the new login URL, you can access your WordPress database and modify the <code>wpsplu_options<\/code> option. Alternatively, you can deactivate the plugin through FTP or the database to restore the default login URL.<\/p><\/dd>\n<dt id='will%20this%20plugin%20interfere%20with%20other%20security%20plugins%3F'><h3>Will this plugin interfere with other security plugins?<\/h3><\/dt>\n<dd><p>No, the <strong>WPS Protect: Login URL &amp; Security Headers<\/strong> plugin is designed to work alongside other security plugins. However, if you're using another plugin that modifies security headers, you should configure them to avoid conflicts.<\/p><\/dd>\n<dt id='how%20do%20i%20know%20if%20the%20security%20headers%20are%20working%3F'><h3>How do I know if the security headers are working?<\/h3><\/dt>\n<dd><p>You can verify the security headers using online tools like SecurityHeaders.com or by checking your site's response headers using browser developer tools.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1<\/h4>\n\n<ul>\n<li>Added Permissions-Policy header support<\/li>\n<li>Improved Content-Security-Policy configuration<\/li>\n<li>Enhanced login URL handling<\/li>\n<li>Added tab-based admin interface<\/li>\n<li>Fixed wp-admin access issues<\/li>\n<li>Updated security headers with recommended values<\/li>\n<\/ul>\n\n<h4>1.0<\/h4>\n\n<ul>\n<li>Initial release with basic security features<\/li>\n<\/ul>","raw_excerpt":"The WPS Protect: Login URL &amp; Security Headers plugin enhances your WordPress site security with multiple layers of protection.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/233266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=233266"}],"author":[{"embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/junaid434"}],"wp:attachment":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=233266"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=233266"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=233266"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=233266"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=233266"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=233266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}