وەسف

GhostGate is a lightweight yet powerful WordPress security plugin that eliminates the login page as an attack surface. Instead of just defending, it erases the entrance entirely with dynamic login URLs and multi-layer access verification.

🔒 Hide your login URL with a custom slug and time-based code
🔑 Built-in 2FA via email verification
🚫 Auto-block brute force attacks by IP
🧱 Disable/limit unused endpoints like XML-RPC and REST API
👤 Prevent user enumeration via REST, RSS, and author queries
🔍 Visualize security status and detect conflicts
📜 Activity logs with optional file rotation

GhostGate doesn’t just defend — it disappears.
Invisible to bots. Intuitive for users.

👉 Full features / screenshots / pricing / docs:
https://arce-experience.com/product/

Privacy

GhostGate can store the following data locally on your site to provide rate-limiting and security auditing:
– IP addresses (for temporary throttling / block lists)
– Timestamps and event metadata (login attempts, REST/XML-RPC hits)
– Optional log files under wp-content/uploads/ghostgate/logs (if enabled)

No data is sent to third-party services.
Site owners are responsible for informing users/visitors where required by local laws. You can clear blocks/logs from the admin UI or by deleting the log files.

سکرین شۆتەکان

Admin settings page with tabbed UI
Security status diagnostics
IP block log and unblock controls
Access code input screen for login URL (e.g., date-based code)
Security explanation tab

دامەزراندن

Upload the plugin folder to /wp-content/plugins/ghostgate
Activate the plugin via the Plugins menu
Go to GhostGate > Settings and configure your gate logic
Optionally enable 2FA, IP blocking, REST/API controls, and more

Need help with setup?
See the installation & setup video:
https://arce-experience.com/product/

پهد

Is GhostGate compatible with other security plugins?: Yes. It detects common conflicts and shows visual warnings. You can use it alongside plugins like Wordfence or iThemes.
What happens if I forget my login code or get locked out?: You can always access your site via recovery mode or disable the plugin via FTP if needed.
Does it affect performance?: GhostGate is built for speed. It only runs at login and admin hooks, keeping overhead minimal.

پێداچوونەوەکان

هیچ پێداچوونەوەیەک نەنووسراوە بۆ ئەم پێوەکراوە.

بەشداربووان و گەشەپێدەران

“GhostGate” نەرمەواڵەیەکی سەرچاوە کراوەیە. ئەم کەسانەی خوارەوە بەشدارییان تێدا کردووە.

codegee0958

“GhostGate” وەربگێڕە بۆ زمانەکەی خۆت.

دەتەوێت بەشداربیت لە گەشەپێدان؟

گەڕان لە کۆدەکەدا بکە، سەیری تەمارگەی (SVN) بکە، یان بەشداربە لە ڕووداوتۆماری گەشەپێدان لە ڕێگەی (RSS).

ڕووداوتۆمارگەریی گۆڕین

1.3.3 – 2026-01-21

Compatibility: Verified support for WordPress 6.9.
Fix: Enhanced PHP 8.x compatibility (stricter type casting in internal key generation).
Fix: Improved login slug detection to strictly handle trailing slashes, preventing 404 errors in some server configurations.

1.3.2 – 2025-09-24

Fix – Resolved “Undefined variable $user_login / $errors” warnings on the login screen.
Fix – Prevented potential “headers already sent” issues.
Improvement – Hardened login flow compatibility with core.
Improvement – Minor internal refactors around request path normalization.

1.3.0 – 2025-09-22

Security: Strengthened “Hide wp-json structure”.
Fix: Route allowlist UI now correctly preserves selections for regex endpoints.
Fix: Resolved rare fatal error on “Unblock IP” admin action.
Tested: Confirmed compatibility with WordPress 6.8.

1.2.1

Tweak: Added brand header (logo + subtitle) to the code entry screen.
Tweak: Minor CSS polish.

1.2.0

New: Added an option to block direct access to preview URLs.

1.1.1

Maintenance and compliance improvements.

1.1.0

REST/JSON structure stealth options.

1.0.0

Initial public release.