=== Mamotte! Login URL Changer ===
Contributors:      satohata
Tags:              login, security, login-url, ip-whitelist, two-factor
Requires at least: 6.3
Tested up to:      7.0
Requires PHP:      8.1
Stable tag:        1.0.6
License:           GPL-2.0-or-later
License URI:       https://www.gnu.org/licenses/gpl-2.0.html
Plugin URI:        https://satoruhatano.xsrv.jp/mamotte-login-url-changer/

Change your WordPress login URL to a custom slug, with optional IP whitelist and trusted device management for enhanced security.

== Description ==

**Mamotte! Login URL Changer** protects your WordPress site by replacing the default `/wp-login.php` with a custom URL of your choice. Unauthorized users who don't know the secret URL will receive a 404 error or be redirected to the top page — keeping bots and brute-force attacks away from your login screen.

= Key Features =

* **Custom login URL** — Set any slug (e.g. `mylogin` or `2024/secret`) as your new login endpoint.
* **Flexible block behavior** — Choose to show a 404 page or redirect to the site top when the original URL is accessed.
* **IP whitelist** — Restrict login access to specific IP addresses. Editors can register their own personal IP from the dashboard.
* **Trusted device management** — Skip repeated authentication challenges on devices you trust (via OTP cookie).
* **Login question (story quiz)** — Generate a unique story-based CAPTCHA from your own word lists (characters, places, drinks, foods, activities, items, animals). Makes login both secure and fun.
* **Login screen designer** — Customize the login page's background color, button color, logo, form style, and more — all with a live preview.
* **Contact form tab** — Configure a built-in inquiry form displayed on the login screen.
* **Access log** — View a history of login attempts with IP addresses, results, and timestamps.
* **Editor-safe settings** — Editors (non-administrators) can update only their own IP entry via Ajax; all other settings require administrator privileges.
* **Clean uninstall** — All plugin data is removed from the database on deletion.

= Use Cases =

* Block automated brute-force attacks without a heavy security plugin.
* Add a lightweight second layer of authentication for small teams.
* Customize the login experience to match your brand.

== Installation ==

1. Upload the `mamotte-login-url-changer` folder to the `/wp-content/plugins/` directory, or install it directly from the WordPress Plugin Directory.
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Go to **Mamotte! LUC** in the admin menu and set your custom login slug.
4. **Important:** Bookmark your new login URL before saving. If you forget it, you will not be able to log in.

== Frequently Asked Questions ==

= I forgot my custom login URL. How do I get back in? =

Connect to your server via FTP/SFTP or your hosting file manager and deactivate the plugin by renaming the plugin folder (e.g. `mamotte-login-url-changer` → `mamotte-login-url-changer-off`). WordPress will automatically deactivate it and restore the default `wp-login.php`. After logging in, rename the folder back and reactivate.

= Can I use a subfolder-style slug like `2024/secret`? =

Yes. Slash-separated slugs are supported and treated as a pseudo-folder URL.

= Which slugs are reserved and cannot be used? =

The following slugs are blocked: `wp-login.php`, `wp-login`, `wp-admin`, `admin`, `login`, `dashboard`.

= Does this plugin work with caching plugins? =

Yes, but make sure your caching plugin excludes the custom login URL from caching. Add the slug to the exclusion list in your cache plugin's settings.

= Will the plugin work with multisite? =

Multisite is not officially supported in the current version.

== Screenshots ==

1. Protection settings — set your custom login slug and block behavior.
2. Login question settings — manage word lists for the story-based CAPTCHA.
3. Login screen designer — live preview with color and style controls.
4. Access log — view recent login attempts.

== Changelog ==

= 1.0.6 =
* Fixed: Replaced conditional language branching with standard i18n function for proper translation support.
* Removed: Deleted the languages folder as translation files are no longer bundled.

= 1.0.5 =
* Fixed: Corrected broken promotional link on the settings page.

= 1.0.4 =
* Improved: Moved SMTP enable toggle and test email button to the bottom of the SMTP settings section.
* Added: Separate wp_mail test email button above SMTP settings for quick delivery check before SMTP configuration.
* Improved: SMTP test email button is now active only when all required fields (host, username, password) are filled and the enable toggle is on.
* Improved: Password field placeholder defaults to "Password"; changes to "App Password" when Gmail is selected from the SMTP server preset.

= 1.0.3 =
* Added: `Domain Path` header to support plugin translations.
* Added: `load_plugin_textdomain()` to load translation files from the languages folder.

= 1.0.2 =
* Fixed: Stable tag corrected in readme.txt.

= 1.0.1 =
* Improved: Plugin promotion section now displays actual plugin icons when available, with Dashicons as fallback. 

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.0 =
Initial release. No upgrade steps required.