Dotsquares Custom Login URL & Security Suite

1.6.3

• Added deep malware scanner with 40+ signature patterns (PHP shells, backdoors, crypto miners, pharma hacks)
• Added WordPress core file integrity check via api.wordpress.org checksums
• Added detection of known web shell filenames (c99, r57, WSO, b374k, adminer, etc.)
• Added PHP-in-uploads detection (critical severity)
• Added suspicious code pattern detection (eval/exec/base64 combos)
• Added file change detection using MD5 hash baseline comparison
• Added animated scan progress UI with step-by-step status
• Added colour-coded scan results (Critical / High / Medium / Low / Info)
• Added scan options: toggle Core / Plugins / Themes / Uploads / Deep Malware independently
• Fixed: all WordPress coding standards errors and warnings (PHPCS clean)
• Fixed: namespace declaration order in all module files
• Fixed: missing translators comments on all i18n printf() calls
• Fixed: unordered placeholders in translatable strings
• Fixed: HTTP_USER_AGENT missing wp_unslash() sanitization
• Fixed: register_setting() missing sanitize_callback
• Fixed: load_plugin_textdomain() removed (deprecated since WP 4.6)
• Fixed: date() replaced with gmdate() throughout
• Fixed: parse_url() replaced with wp_parse_url()
• Fixed: rand() replaced with wp_rand()
• Improved: all $_POST/$_GET/$_SERVER superglobals now properly unslashed and sanitized
• Improved: all DB queries use $wpdb->prepare() or esc_sql() for identifiers

1.6.2

• Custom login slug now loads login form without redirecting to wp-login.php (URL stays masked)

1.6.1

• Fixed redirect loop on custom login URL
• Improved compatibility when permalinks are not flushed

1.6.0

• Added Brute Force protection
• Added Firewall module
• Added Malware scanner
• Added Hardening tools (DB prefix change, wp-content rename) with backup + rollback UI
• Added Security Dashboard