=== AxisWebArt – Agency Login Suite ===
Contributors: axiswebartindia
Tags: login page, white label, admin branding, custom login, agency
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

White-label the WordPress login page for client sites. Wizard, 8 templates, 40 colour presets, fingerprint removal, branded emails and redirects.

== Description ==

**Agency Login Suite** is the white label login and admin branding plugin built specifically for agencies managing client WordPress sites.

Open the wizard, upload a logo, choose colours, add your support contact details. Your saved branding is applied in under 2 minutes — no rebuilding from scratch on every site.

= What makes it different =

* **3-step setup wizard** — Upload your logo, pick a template and colours, add support contact details. The whole setup takes under 2 minutes.
* **8 professional templates** — Pre-built designs, not just a blank colour picker. Minimal, Split, Dark, Fullscreen, Gradient, Corporate, Bold and Agency layouts.
* **40 one-click colour presets** — 5 curated palettes per template so you can match any brand without touching a colour picker.
* **Full WordPress fingerprint removal** — Strips the generator meta tag, version strings from scripts and styles, WordPress from the RSS feed, and normalises login error messages so they cannot be used for username enumeration.
* **Branded password reset emails** — Replaces "WordPress" in all system email subjects and bodies. Sets a custom From name and From address. Works out of the box with no SMTP plugin required.
* **Role-based login redirects** — Send administrators to the dashboard, editors to the post list, subscribers to a custom page. Fully configurable per role including WooCommerce Customer.
* **Admin footer branding** — Replace "Thank you for creating with WordPress" with your agency name and a link to your website.
* **Dashboard welcome widget** — Remove the default WordPress welcome panel.
* **Custom login URL** — Move wp-login.php to any slug (e.g. /client-portal/). The old URL returns 404. REST API and AJAX are never blocked.
* **Support contact on login page** — Display your agency name, email and phone below the login form so clients know exactly who to call if they get locked out.
* **Settings export and import** — Save your branding as a JSON file, download it, and import it on the next client site in one click.

= Who it is built for =

WordPress agencies, freelancers and developers who manage multiple client sites and need a fast, reliable way to white label the login experience without spending 20 minutes configuring it on every new site.

= Templates included =

1. **Minimal** — Clean centred card on a plain background. Simple, professional, works with any brand.
2. **Split** — Left brand panel, right login form. Logo and headline left-aligned for maximum brand presence.
3. **Dark** — Dark card on a dark background with light text. Ideal for tech or creative brands.
4. **Fullscreen** — Full-bleed background image with a frosted glass form overlay.
5. **Gradient** — Smooth gradient background with a clean white card. High-impact, low-maintenance.
6. **Corporate** — Wide header with boxed login form. Centred logo and headline feel authoritative.
7. **Bold** — Large typographic layout with a bold accent bar above the form.
8. **Agency** — Includes a "Maintained by [your agency]" badge below the form.

== Installation ==

1. Upload the `agency-login-suite` folder to `/wp-content/plugins/`
2. Activate the plugin in **Plugins > Installed Plugins**
3. Follow the **Setup Wizard** that appears in the admin notice after activation
4. Or go to **Settings > Agency Login Suite** to configure manually at any time

== Frequently Asked Questions ==

= Does this work with WooCommerce? =

Yes. The WooCommerce Customer role appears in the role-based redirect settings. Login page templates are fully compatible with WooCommerce-powered sites.

= Will my settings survive a plugin update? =

Yes. All settings are stored in a single WordPress option (`als_settings`) and are never touched by an update. Your branding stays intact.

= Can I copy my settings to another site? =

Yes. Go to **Settings > Agency Login Suite > Tools**, click **Export Settings** to download a JSON file, then use the **Import** field on the next site to apply the same branding instantly.

= Does the custom login URL break anything? =

No. The REST API (`/wp-json/`), AJAX (`/wp-admin/admin-ajax.php`), admin-post, and WP-Cron are always allowed through. Only browser-facing requests to `/wp-login.php` and `/wp-admin/` (for non-logged-in users) are redirected.

= What happens if I get locked out after changing the login URL? =

Two recovery options are built in: (1) Check your admin email — every time the URL changes, a notification email is sent with the new URL written out in full. (2) Add `define( 'ALS_DISABLE_HIDE_LOGIN', true );` to `wp-config.php` to immediately restore access via `/wp-login.php`, then log in and update the slug.

= Does it replace the WordPress logo on the login page? =

Yes. Upload your own logo in the Login Page tab. It replaces the WordPress logo and links to your site homepage instead of wordpress.org.

= Is it compatible with multisite? =

The plugin works on individual sites in a multisite network. Network-wide branding management from a single admin is planned for a future release.

= Does it work with caching plugins? =

Yes. The login page is never cached by WordPress caching plugins (they exclude wp-login.php and any page that sets cookies). If you use a server-level cache, ensure your custom login slug is excluded.

= Is the code up to WordPress coding standards? =

Yes. The plugin follows WordPress coding standards throughout: `wp_unslash()` before all `$_POST` reads, `wp_safe_redirect()` for all redirects, sanitization on input, escaping on output, nonce verification on all form submissions, and `wp_date()` for timezone-correct date formatting.

== Screenshots ==

1. The 3-step Setup Wizard — logo, colours and contact details in under 2 minutes
2. Template selector with 8 pre-built professional login page designs
3. Minimal template — clean white card on a neutral background
4. Dark template — dark card with light text, ideal for tech brands
5. Gradient template — smooth gradient background with white card
6. Split template — two-column layout with left-aligned logo and headline
7. Settings page — Login tab with colour pickers and 40 one-click presets
8. Settings page — Tools tab with export, import and reset

== Privacy Policy ==

This plugin does not collect, store, or transmit any personal data to external servers. No external HTTP requests are made by the plugin itself. All settings are stored in your WordPress database exclusively.

The support contact details you enter (name, email, phone) are displayed on your own login page for your own site visitors. They are never sent anywhere outside your server.

For more information see the [WordPress Privacy Policy](https://wordpress.org/about/privacy/).

== Changelog ==

= 1.0.2 =
* Fix: Custom login URL slug no longer shows a spurious "404" error injected by third-party plugins (Rank Math SEO, etc.) on fresh page loads — WordPress's internal 404 flag is now correctly cleared for the custom slug
* Fix: Session-expired popup (interim login) no longer shows the support footer overflowing the bottom of the popup
* Enhancement: Settings link added directly to the plugin row in Plugins → Installed Plugins for faster access
* Fix: Password reset emails and lost-password redirect correctly rewrite to the custom login URL slug

= 1.0.1 =
* Fix: Custom Headline now correctly left-aligns on the Split template
* Fix: Custom Headline now correctly centres on the Corporate template
* Fix: Nav links (Lost your password, Back to site) are now visible on dark, gradient and fullscreen templates
* Fix: Added smart colour defaults — dark templates automatically use light headline and nav link colours
* Fix: Added more spacing between form labels, inputs, the Remember Me checkbox and the Log In button
* Fix: `ob_start()` in fingerprint class now always paired with `ob_end_flush()` — no stale output buffer
* Fix: Settings export, import and reset moved to `admin_init` hooks (PRG pattern) — no header-already-sent errors
* Fix: All `$_POST` reads now use `wp_unslash()` per WordPress coding standards
* Fix: All redirects updated to `wp_safe_redirect()`
* Fix: Export uses `wp_date()` for timezone-correct filename dates
* Fix: `ALS_Settings::defaults()` no longer calls `home_url()` or `get_bloginfo()` during activation
* Fix: `wp-json` duplicate check removed from hide-login allow-list
* Fix: Inline slug-preview script replaced with `data-*` attribute (no inline JS)
* Fix: Uninstall now cleans up all `als_saved_*` and `als_notice_*` transients via `$wpdb`
* Enhancement: 40 preset colour schemes (5 per template) now include `headline_color` and `nav_link_color`
* Enhancement: All 16 WordPress coding standards issues identified by audit resolved

= 1.0.0 =
* Initial release
* 3-step setup wizard
* 8 login page templates
* Full WordPress fingerprint removal
* Branded emails (from name, from address, subject prefix, body cleanup)
* Role-based login redirects
* Admin footer branding
* Dashboard welcome widget removal
* Support contact display on login page
* Privacy notice field
* Settings export and import (JSON)
* Custom login URL with recovery options

== Upgrade Notice ==

= 1.0.2 =
Fixes a "404" error appearing on the custom login page and cleans up the session-expired popup. Recommended for all users of the Custom Login URL feature.

= 1.0.1 =
Recommended update. Fixes colour visibility on dark/gradient templates, form spacing, and resolves 16 WordPress coding standards issues. No settings changes required.

= 1.0.0 =
Initial release.
