{"id":301946,"date":"2026-05-08T22:09:00","date_gmt":"2026-05-08T22:09:00","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/24tt-login-security-and-brander\/"},"modified":"2026-05-08T22:30:54","modified_gmt":"2026-05-08T22:30:54","slug":"24tt-login-security-and-brander","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/24tt-login-security-and-brander\/","author":23237695,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.2","stable_tag":"1.0.2","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"24TT Login Security and Brander","header_author":"24 Tech Time","header_description":"Agency-level visual branding alongside critical perimeter defense, login obfuscation, and strict access controls.","assets_banners_color":"d4d6dc","last_updated":"2026-05-08 22:30:54","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/24techtime.com\/24tt-login-security-and-brander\/","header_author_uri":"https:\/\/24techtime.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":36,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"24techtime","date":"2026-05-08 22:30:54"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3526886,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3526886,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3526886,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3526886,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3526886,"resolution":"3","location":"assets","locale":""}},"screenshots":{"1":"The Visual Branding &amp; User Interface (UI) settings panel.","2":"The Perimeter Defense &amp; Routing configuration.","3":"A fully white-labeled, secure login portal with dynamic contrast text."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,3691,25642,600,3765],"plugin_category":[54],"plugin_contributors":[245082,245083],"plugin_business_model":[],"class_list":["post-301946","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-custom-login","plugin_tags-hide-login","plugin_tags-security","plugin_tags-white-label","plugin_category-security-and-spam-protection","plugin_contributors-24techtime","plugin_contributors-johniouspatriot","plugin_committers-24techtime"],"banners":{"banner":"https:\/\/ps.w.org\/24tt-login-security-and-brander\/assets\/banner-772x250.jpg?rev=3526886","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/24tt-login-security-and-brander\/assets\/icon-256x256.png?rev=3526886","icon_2x":"https:\/\/ps.w.org\/24tt-login-security-and-brander\/assets\/icon-256x256.png?rev=3526886","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/24tt-login-security-and-brander\/assets\/screenshot-1.png?rev=3526886","caption":"The Visual Branding &amp; User Interface (UI) settings panel."},{"src":"https:\/\/ps.w.org\/24tt-login-security-and-brander\/assets\/screenshot-2.png?rev=3526886","caption":"The Perimeter Defense &amp; Routing configuration."},{"src":"https:\/\/ps.w.org\/24tt-login-security-and-brander\/assets\/screenshot-3.png?rev=3526886","caption":"A fully white-labeled, secure login portal with dynamic contrast text."}],"raw_content":"<!--section=description-->\n<p><strong>24TT Login Security and Brander<\/strong> is an enterprise-grade, zero-bloat security and white-labeling solution for WordPress. Designed for agencies and security-conscious site owners, it fortifies your WordPress perimeter while delivering a seamless, custom-branded login experience for your clients.<\/p>\n\n<p>Instead of relying on heavy frameworks, this plugin uses native WordPress APIs and strictly optimized PHP to protect your site without slowing it down.<\/p>\n\n<h3>\ud83d\udee1\ufe0f Enterprise Perimeter Defense<\/h3>\n\n<ul>\n<li><strong>Hide wp-login.php &amp; \/wp-admin\/:<\/strong> Completely obfuscate your login portal. Bots and unauthenticated guests attempting to access default login routes are silently redirected to your homepage before core authentication redirects even trigger.<\/li>\n<li><strong>Brute Force Protection:<\/strong> Transient-based Limit Login Attempts. Locks out attackers for 15 minutes after 3 failed attempts, intercepting them at Priority 1 before heavy database queries execute.<\/li>\n<li><strong>Kill XML-RPC:<\/strong> Permanently disables XML-RPC to shut down massive DDoS and brute-force vectors.<\/li>\n<li><strong>Block User Enumeration:<\/strong> Prevents hackers from scraping usernames via author archives (<code>\/?author=1<\/code>) and the REST API.<\/li>\n<li><strong>Generic Error Masking:<\/strong> Overwrites default login errors so attackers cannot verify if a username exists.<\/li>\n<\/ul>\n\n<h3>\ud83c\udfa8 Agency-Grade Brander<\/h3>\n\n<ul>\n<li><strong>Custom Login Logo:<\/strong> Replace the default WordPress logo with your client's brand.<\/li>\n<li><strong>Custom Colors:<\/strong> Tailor the background and primary button colors using the native WordPress Color Picker.<\/li>\n<li><strong>Smart Contrast Calculator:<\/strong> Automatically detects if your background is light or dark (using the YIQ formula), adjusting the \"Lost Password\" and \"Back to Site\" links to guarantee 100% visual accessibility.<\/li>\n<li><strong>Role-Based Redirects:<\/strong> Automatically route administrators to the backend dashboard, while sending clients or subscribers to a custom URL (like a user portal).<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>24tt-login-security-and-brander<\/code> directory to the <code>\/wp-content\/plugins\/<\/code> directory via FTP, or upload the zipped file directly through the WordPress plugins screen.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Navigate to <strong>Settings &gt; 24TT Security<\/strong> to configure your secret login slug, branding colors, and client redirects.<\/li>\n<li><strong>Important:<\/strong> If you set a custom login slug, remember it! You will need it to log back in.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"i%20forgot%20my%20secret%20login%20slug%20and%20am%20locked%20out%21%20what%20do%20i%20do%3F\"><h3>I forgot my secret login slug and am locked out! What do I do?<\/h3><\/dt>\n<dd><p>Simply access your site via FTP or a File Manager. Navigate to <code>\/wp-content\/plugins\/<\/code> and temporarily rename the <code>24tt-login-security-and-brander<\/code> folder to something else (e.g., <code>disabled-24tt<\/code>). This will safely deactivate the plugin, and you can log in normally via <code>wp-login.php<\/code>. Once logged in, rename the folder back, reactivate the plugin, and check your settings.<\/p><\/dd>\n<dt id=\"will%20this%20slow%20down%20my%20website%3F\"><h3>Will this slow down my website?<\/h3><\/dt>\n<dd><p>Absolutely not. The admin settings interface only loads in the backend, and the security rules are designed to intercept attacks at the earliest possible hook (<code>init<\/code> and <code>authenticate<\/code>), saving your server from processing heavy WordPress database queries.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Minor version bump for repository resubmission.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Minor version bump for repository resubmission.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial Release: The fortress is sealed.<\/li>\n<\/ul>","raw_excerpt":"Agency-level visual branding alongside critical perimeter defense, login obfuscation, and strict access controls.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/301946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=301946"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/24techtime"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=301946"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=301946"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=301946"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=301946"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=301946"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=301946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}