=== WPS Protect: Login URL & Security Headers ===
Short Description: Enhance your WordPress site security with custom login URL protection, comprehensive security headers, and SSL enforcement.
Contributors: junaid434
Tags: security, ssl, login, headers, permissions-policy, csp, hsts, xss-protection, frame-options
Requires at least: 5.0
Tested up to: 6.8
Requires PHP: 7.0
Stable tag: 1.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

== Description ==

The **WPS Protect: Login URL & Security Headers** plugin enhances your WordPress site security with multiple layers of protection. It provides a comprehensive solution for securing your WordPress installation through custom login URL protection, advanced security headers, and SSL enforcement.

**Key Features:**

* **Custom Login URL Protection**
  * Change and hide the default WordPress login URL
  * Protect against brute force attacks
  * Maintain compatibility with wp-admin access

* **Advanced Security Headers**
  * X-Frame-Options: Prevent clickjacking attacks
  * X-XSS-Protection: Enable browser's XSS filtering
  * X-Content-Type-Options: Prevent MIME-type sniffing
  * Content-Security-Policy (CSP): Control resource loading
  * Permissions-Policy: Control browser features and APIs
  * Strict-Transport-Security (HSTS): Enforce HTTPS
  * Referrer-Policy: Control referrer information
  * Access-Control-Allow-Origin: Manage CORS policies

* **SSL Enforcement**
  * Force HTTPS across your site
  * Secure cookie handling
  * Mixed content protection

* **User-Friendly Interface**
  * Tab-based admin interface
  * Easy configuration of all security features
  * Recommended values for security headers
  * Real-time feedback on settings changes

== Installation ==

1. Upload the plugin files to the `/wp-content/plugins/wordpress-security` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the 'Plugins' screen in WordPress.
3. Use the **WPS Protect** menu in the WordPress Admin Dashboard to configure the plugin.

== Frequently Asked Questions ==

= What happens if I forget the new login URL? =
If you forget the new login URL, you can access your WordPress database and modify the `wpsplu_options` option. Alternatively, you can deactivate the plugin through FTP or the database to restore the default login URL.

= Will this plugin interfere with other security plugins? =
No, the **WPS Protect: Login URL & Security Headers** plugin is designed to work alongside other security plugins. However, if you're using another plugin that modifies security headers, you should configure them to avoid conflicts.

= How do I know if the security headers are working? =
You can verify the security headers using online tools like SecurityHeaders.com or by checking your site's response headers using browser developer tools.

== Screenshots ==

1. **Admin Dashboard**: Tab-based interface for easy configuration
2. **Security Headers**: Configure and customize all security headers
3. **Login Protection**: Set up custom login URL and protection
4. **SSL Settings**: Manage SSL enforcement and settings

== Changelog ==

= 1.1 =
* Added Permissions-Policy header support
* Improved Content-Security-Policy configuration
* Enhanced login URL handling
* Added tab-based admin interface
* Fixed wp-admin access issues
* Updated security headers with recommended values

= 1.0 =
* Initial release with basic security features

== Upgrade Notice ==

= 1.1 =
This update includes new security features, improved login handling, and a better user interface. The Permissions-Policy header has been added, and the Content-Security-Policy has been optimized for better compatibility.