Deskripsi
ALD Login Page lets you fully customize the WordPress login page — logo, colors, dimensions, and padding — through a clean admin settings panel. Built on WordPress core APIs, the plugin follows WordPress security best practices from top to bottom so you can customize your login page with confidence.
Why security matters for a login page plugin
The WordPress login screen is the most exposed entry point to your admin area. A poorly coded login plugin can become an attack vector. ALD Login Page is designed to avoid the most common pitfalls:
- Settings API + Sanitization callbacks — all saved values pass through WordPress core sanitizers (`sanitize_text_field`, `sanitize_hex_color`, `esc_url_raw`) before they ever touch the database.
- Output escaping everywhere — `esc_url()`, `esc_attr()`, and `esc_html()` are used on every dynamic value that reaches the browser, eliminating XSS vectors.
- Capability gate on admin page — only users with `manage_options` can access settings. Unauthorized users are blocked before any output is rendered.
- Direct-access gate — `defined( ‘ABSPATH’ ) or die` on every PHP file prevents direct URL access to plugin files.
- Nonce + CSRF handled automatically — the WordPress Settings API inserts and validates security nonces on every settings save.
- No raw SQL — the plugin never calls `$wpdb->query()` or similar directly.
- No shell commands — no `eval()`, `exec()`, or `shell_exec()` anywhere.
- Superglobal sanitization — all user-supplied query parameters are passed through `sanitize_key()` with strict comparison before being evaluated.
The result: a lightweight login customizer with a clean security posture. If you are reviewing this plugin for code quality, you will find no raw echo $_GET, no unescaped output, and no capability bypasses. We take security seriously and keep this plugin up to date with the latest WordPress core versions.
ALD Login Page Needs Your Support
It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using ALD Login Page and find it useful, please consider use these support channels appropriately. Your support will help encourage and support the plugin’s continued development and better user support.
Tangkapan Layar
Instalasi
- Upload the entire
ald-login-pagefolder to the/wp-content/plugins/directory. - Activate the plugin through the ‘Plugins’ menu in WordPress.
You will find ‘ALD Login Page’ menu in your WordPress admin panel Setting.
Tanya Jawab
Do you have questions or issues with ALD Login Page? Use these support channels appropriately.
Ulasan
Kontributor & Pengembang
“ALD Login Page” adalah perangkat lunak open source. Berikut ini mereka yang sudah berkontribusi pada plugin ini.
Kontributor
Terjemahkan “ALD Login Page” dalam bahasa Anda.
Tertarik mengembangkan?
Lihat kode, periksa repositori SVN , atau mendaftar ke log pengembangan melalui RSS.
Log Perubahan
1.3.1
- Hardened activate flag check with sanitize_key() + strict comparison to prevent type-juggling bypasses.
- Replaced deprecated ‘login_headertitle’ filter with ‘login_headertext’ (deprecated since WP 5.2.0).
- Fixed WordPress 6.7+ textdomain loading notice by hooking load_plugin_textdomain() to after_setup_theme.
- Removed UTF-8 BOM from plugin file to prevent ‘unexpected output’ activation warning.
1.3
- Refactored admin page to use WordPress Settings API for standard styling.
- Added options for Logo Width, Height, and Padding.
- Fixed color picker script dependency issue.
1.2
- Improved admin page UI with sections, descriptions, and better media uploader integration.
1.1
- Dynamically define plugin version.
- Security improvements
1.0
- Initial Release.