=== zmadmin - Admin Access Key ===
Contributors: zmaxcoder
Tags: security, admin, login, protection
Requires at least: 5.0
Tested up to: 6.9
Stable tag: 1.1.2
Requires PHP: 7.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Enhance WordPress backend security with access key protection. Protect your admin dashboard with custom URL parameters to prevent unauthorized access.

== Description ==

zmadmin - Admin Access Key is a simple yet powerful security plugin that adds an extra layer of protection to your WordPress admin dashboard. By requiring a custom URL parameter, it prevents unauthorized users from even reaching your login page.

**Key Features:**

* 🛡️ **Enhanced Security**: Protects your admin dashboard with customizable URL parameters
* 🔧 **Easy Configuration**: Simple settings page with intuitive interface
* 🌍 **Multilingual Support**: Full internationalization support
* ⚡ **Lightweight**: Minimal impact on site performance
* 🔒 **WordPress Standards**: Follows WordPress coding standards and security best practices

**How It Works:**

1. Set up your custom access parameters (parameter name and value)
2. Access your admin dashboard using the secure URL provided
3. Only users with the correct parameters can reach the login page
4. Normal login process continues as usual after reaching the login page

**Perfect For:**

* Developers who want to hide their admin areas
* Websites requiring additional security layers
* Preventing bots and automated attacks on login pages
* Clients who need simple but effective admin protection

== Installation ==

1. Upload the `zmadmin` folder to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Navigate to **Settings → Admin Access Key** to configure your access parameters
4. Set your parameter name (default: `who`) and parameter value
5. Use the generated secure URL to access your admin dashboard

== Frequently Asked Questions ==

= Will this affect my normal login process? =

No. Once you reach the login page with the correct parameters, the login process works exactly as before. The plugin only controls who can reach the login page.

= Can I use custom parameter names? =

Yes! You can customize both the parameter name and value through the settings page. For example, instead of `?who=admin`, you could use `?secret=MySecretKey123`.

= What if I forget my access parameters? =

You can still access your settings if you're already logged in. If you're logged out and forget your parameters, you may need to disable the plugin temporarily via FTP or file manager.

= Does this work with other security plugins? =

Yes, zmadmin is designed to work alongside other security plugins. It provides an additional layer of protection without conflicting with existing security measures.

= Is this plugin compatible with multisite installations? =

Yes, the plugin works on multisite installations. However, you'll need to configure it separately for each site where you want protection.

== Screenshots ==

1. Settings page showing access key configuration

== Changelog ==

= 1.1.2 =
* Enhanced security with comprehensive nonce verification
* Added user permission checks for all admin functions
* Improved input validation and sanitization
* Fixed Ajax endpoint URL detection for all WordPress configurations
* Added additional validation for parameter names and values
* Enhanced error handling and user feedback

= 1.1.0 =
* Added internationalization support
* Improved WordPress standards compliance
* Added plugin metadata links
* Enhanced security validation
* Updated for WordPress 6.4 compatibility

= 1.0.0 =
* Initial release
* Basic access key protection functionality
* Settings page integration
* Plugin action links

== Upgrade Notice ==

= 1.1.0 =
This update includes internationalization support and WordPress standards improvements. Your existing settings will be preserved.

== Arbitrary section ==

**Security Note:**
This plugin adds an additional layer of security but should not be considered a replacement for other security measures like strong passwords, two-factor authentication, and regular WordPress updates.

**Development:**
This plugin follows WordPress coding standards and security best practices. The code is fully commented and follows PHP best practices.

== A brief Markdown Example ==

Access your admin dashboard securely:
`https://yoursite.com/wp-admin/?who=your-secret-key`

Customize your parameters:
`https://yoursite.com/wp-admin/?custom-param=custom-value`