MaskMyAdmin

MaskMyAdmin is a lightweight WordPress plugin designed to enhance your login page security by:

– Replacing the default wp-admin and wp-login.php URLs with a custom login path of your choice – Enforcing IP-based access controls for the WordPress dashboard and login screen – Preventing unauthorized access or brute-force attempts by obscuring default login endpoints

Designed for site owners and developers who want to hide their admin panel from bots, attackers, or curious users.

Whether you’re running a blog, WooCommerce store, or enterprise WordPress install — MaskMyAdmin gives you a simple, intuitive way to lock down your admin entry points.

Features: * Change wp-admin login path to a custom one (e.g., /secure-login) * Optional IP-based whitelist — restrict dashboard access to specific IPs only * Redirect blocked attempts to a custom page or homepage * Progressive brute-force lockout (15 min → 1 hour → 24 hours) * Activity log for login attempts and settings changes * Email notifications for blocked IPs, failed logins, and settings changes * Configurable proxy/CDN header for accurate IP detection (Cloudflare, Nginx, etc.) * WP-CLI commands for emergency recovery and management * Emergency disable via wp-config.php constant * Defense-in-depth .htaccess rules for Apache servers (PHP handles all server types) * Lightweight and fast — minimal performance impact * Clean uninstall — all data removed when plugin is deleted