Critical security update. Fixes IP spoofing vulnerability, removes debug backdoor, and adds activity logging, email notifications, WP-CLI support, and progressive brute-force protection.<\/p>","1.2.1":"
MaskMyAdmin<\/strong> is a lightweight WordPress plugin designed to enhance your login page security by:<\/p>\n\n \u2013 Replacing the default Designed for site owners and developers who want to hide their admin panel from bots, attackers, or curious users.<\/p>\n\n Whether you're running a blog, WooCommerce store, or enterprise WordPress install \u2014 MaskMyAdmin gives you a simple, intuitive way to lock down your admin entry points.<\/p>\n\n Features:<\/strong>\n* Change wp-admin login path to a custom one (e.g., After activating the plugin, go to MaskMyAdmin<\/strong> in the admin menu and enter your desired login slug (e.g., Both Under the plugin settings (Advanced Security tab), you can enable IP whitelisting and enter allowed IP addresses. Only visitors from these IPs will be able to access the login page.<\/p><\/dd>\n Go to Advanced Security \u2192 Proxy \/ CDN Configuration<\/strong> and select the appropriate header for your setup (e.g., \"Cloudflare\" for CF-Connecting-IP).<\/p><\/dd>\n You have several recovery options:<\/p>\n\n Yes. The plugin uses PHP for all URL masking and IP enforcement, which works on any server. The .htaccess rules are an additional layer for Apache servers only.<\/p><\/dd>\n Log entries older than 30 days are automatically cleaned up daily via WP-Cron.<\/p><\/dd>\n MaskMyAdmin registers the wp-admin<\/code> and wp-login.php<\/code> URLs with a custom login path of your choice\n\u2013 Enforcing IP-based access controls for the WordPress dashboard and login screen\n\u2013 Preventing unauthorized access or brute-force attempts by obscuring default login endpoints<\/p>\n\n\/secure-login<\/code>)\n* Optional IP-based whitelist \u2014 restrict dashboard access to specific IPs only\n* Redirect blocked attempts to a custom page or homepage\n* Progressive brute-force lockout (15 min \u2192 1 hour \u2192 24 hours)\n* Activity log for login attempts and settings changes\n* Email notifications for blocked IPs, failed logins, and settings changes\n* Configurable proxy\/CDN header for accurate IP detection (Cloudflare, Nginx, etc.)\n* WP-CLI commands for emergency recovery and management\n* Emergency disable via wp-config.php<\/code> constant\n* Defense-in-depth .htaccess rules for Apache servers (PHP handles all server types)\n* Lightweight and fast \u2014 minimal performance impact\n* Clean uninstall \u2014 all data removed when plugin is deleted<\/p>\n\n\n\n
How do I change the admin URL?<\/h3><\/dt>\n
my-login<\/code>). Your admin URL will become yourdomain.com\/my-login<\/code>.<\/p><\/dd>\nWhat happens to wp-login.php and wp-admin?<\/h3><\/dt>\n
wp-login.php<\/code> and \/wp-admin<\/code> access will redirect to the homepage or a custom URL (configurable), effectively hiding them from bots or attackers.<\/p><\/dd>\nHow do I enable IP whitelisting?<\/h3><\/dt>\n
I'm behind Cloudflare \/ a proxy. How do I get the correct IP?<\/h3><\/dt>\n
What if I get locked out?<\/h3><\/dt>\n
\n
wp maskmy disable<\/code> to disable all protections<\/li>\ndefine('MASKMY_DISABLE', true);<\/code> to bypass the plugin entirely<\/li>\nDoes this work with Nginx?<\/h3><\/dt>\n
How long are activity logs kept?<\/h3><\/dt>\n
What WP-CLI commands are available?<\/h3><\/dt>\n
wp maskmy<\/code> command namespace with the following subcommands:<\/p>\n\n\n
wp maskmy status<\/code> \u2014 Show current configuration (login slug, redirect mode, IP whitelist status, allowed IPs, proxy header)<\/li>\nwp maskmy reset<\/code> \u2014 Reset the login URL back to the WordPress default (wp-login.php<\/code>)<\/li>\nwp maskmy add-ip <ip><\/code> \u2014 Add an IP address or CIDR range to the whitelist (e.g., wp maskmy add-ip 192.168.1.100<\/code> or wp maskmy add-ip 10.0.0.0\/24<\/code>)<\/li>\nwp maskmy remove-ip <ip><\/code> \u2014 Remove an IP address or CIDR range from the whitelist (auto-disables whitelist if the list becomes empty)<\/li>\nwp maskmy disable<\/code> \u2014 Disable all protections immediately (resets login slug, redirect, and IP whitelist \u2014 useful for emergency recovery)<\/li>\nwp maskmy enable --slug=<slug><\/code> \u2014 Re-enable protections with a custom login slug (e.g., wp maskmy enable --slug=my-login<\/code>). If --slug<\/code> is omitted, re-enables with the previously saved slug.<\/li>\n<\/ul><\/dd>\n\n<\/dl>\n\n\n1.2.0<\/h4>\n\n
\n
wp maskmy status<\/code>, reset<\/code>, add-ip<\/code>, remove-ip<\/code>, disable<\/code>, enable<\/code><\/li>\ndefine('MASKMY_DISABLE', true)<\/code> in wp-config.php<\/li>\n1.1.0<\/h4>\n\n
\n
1.0.0<\/h4>\n\n
\n