=== GhostGate ===
Contributors: codegee0958
Tags: security, two-factor authentication, limit login attempts, rest api, xml-rpc
Requires at least: 5.8
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.3.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Invisible, intelligent protection for WordPress. GhostGate hides your login page, blocks bots, and turns your site into a ghost fortress.

== Description ==

**GhostGate** is a lightweight yet powerful WordPress security plugin that eliminates the login page as an attack surface. Instead of just defending, it **erases the entrance** entirely with dynamic login URLs and multi-layer access verification.

- 🔒 Hide your login URL with a custom slug and time-based code
- 🔑 Built-in 2FA via email verification
- 🚫 Auto-block brute force attacks by IP
- 🧱 Disable/limit unused endpoints like XML-RPC and REST API
- 👤 Prevent user enumeration via REST, RSS, and author queries
- 🔍 Visualize security status and detect conflicts
- 📜 Activity logs with optional file rotation

GhostGate doesn’t just defend — it disappears.  
Invisible to bots. Intuitive for users.

👉 **Full features / screenshots / pricing / docs**:  
https://arce-experience.com/product/

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/ghostgate`
2. Activate the plugin via the Plugins menu
3. Go to **GhostGate > Settings** and configure your gate logic
4. Optionally enable 2FA, IP blocking, REST/API controls, and more

Need help with setup?  
See the installation & setup video:  
https://arce-experience.com/product/

== Frequently Asked Questions ==

= Is GhostGate compatible with other security plugins? =
Yes. It detects common conflicts and shows visual warnings. You can use it alongside plugins like Wordfence or iThemes.

= What happens if I forget my login code or get locked out? =
You can always access your site via recovery mode or disable the plugin via FTP if needed.

= Does it affect performance? =
GhostGate is built for speed. It only runs at login and admin hooks, keeping overhead minimal.

== Screenshots ==

1. Admin settings page with tabbed UI
2. Security status diagnostics
3. IP block log and unblock controls
4. Access code input screen for login URL (e.g., date-based code)
5. Security explanation tab

== Privacy ==

GhostGate can store the following data locally on your site to provide rate-limiting and security auditing:
- IP addresses (for temporary throttling / block lists)
- Timestamps and event metadata (login attempts, REST/XML-RPC hits)
- Optional log files under `wp-content/uploads/ghostgate/logs` (if enabled)

No data is sent to third-party services.  
Site owners are responsible for informing users/visitors where required by local laws. You can clear blocks/logs from the admin UI or by deleting the log files.

== Changelog ==

= 1.3.3 - 2026-01-21 =
* Compatibility: Verified support for WordPress 6.9.
* Fix: Enhanced PHP 8.x compatibility (stricter type casting in internal key generation).
* Fix: Improved login slug detection to strictly handle trailing slashes, preventing 404 errors in some server configurations.

= 1.3.2 - 2025-09-24 =
* Fix – Resolved “Undefined variable $user_login / $errors” warnings on the login screen.
* Fix – Prevented potential “headers already sent” issues.
* Improvement – Hardened login flow compatibility with core.
* Improvement – Minor internal refactors around request path normalization.

= 1.3.0 - 2025-09-22 =
* Security: Strengthened “Hide wp-json structure”.
* Fix: Route allowlist UI now correctly preserves selections for regex endpoints.
* Fix: Resolved rare fatal error on “Unblock IP” admin action.
* Tested: Confirmed compatibility with WordPress 6.8.

= 1.2.1 =
* Tweak: Added brand header (logo + subtitle) to the code entry screen.
* Tweak: Minor CSS polish.

= 1.2.0 =
* New: Added an option to block direct access to preview URLs.

= 1.1.1 =
* Maintenance and compliance improvements.

= 1.1.0 =
* REST/JSON structure stealth options.

= 1.0.0 =
* Initial public release.

== Upgrade Notice ==
= 1.3.3 =
This update includes compatibility verification for WordPress 6.9 and PHP 8.x improvements. Recommended for all users.