GhostGate
by codegee0958 on WordPress.org
Invisible, intelligent protection for WordPress. GhostGate hides your login page, blocks bots, and turns your site into a ghost fortress.
Admin settings page with tabbed UI
GhostGate is a lightweight yet powerful WordPress security plugin that eliminates the login page as an attack surface. Instead of just defending, it erases the entrance entirely with dynamic login URLs and multi-layer access verification.
- 🔒 Hide your login URL with a custom slug and time-based code
- 🔑 Built-in 2FA via email verification
- 🚫 Auto-block brute force attacks by IP
- 🧱 Disable/limit unused endpoints like XML-RPC and REST API
- 👤 Prevent user enumeration via REST, RSS, and author queries
- 🔍 Visualize security status and detect conflicts
- 📜 Activity logs with optional file rotation
GhostGate doesn’t just defend — it disappears.
Invisible to bots. Intuitive for users.
👉 Full features / screenshots / pricing / docs:
https://arce-experience.com/product/
Privacy
GhostGate can store the following data locally on your site to provide rate-limiting and security auditing:
– IP addresses (for temporary throttling / block lists)
– Timestamps and event metadata (login attempts, REST/XML-RPC hits)
– Optional log files under wp-content/uploads/ghostgate/logs (if enabled)
No data is sent to third-party services.
Site owners are responsible for informing users/visitors where required by local laws. You can clear blocks/logs from the admin UI or by deleting the log files.
