| 开发者 | axiswebartindia |
|---|---|
| 更新时间 | 2026年6月25日 16:43 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
agency-login-suite folder to /wp-content/plugins/Yes. The WooCommerce Customer role appears in the role-based redirect settings. Login page templates are fully compatible with WooCommerce-powered sites.
Yes. All settings are stored in a single WordPress option (als_settings) and are never touched by an update. Your branding stays intact.
Yes. Go to Settings > Agency Login Suite > Tools, click Export Settings to download a JSON file, then use the Import field on the next site to apply the same branding instantly.
No. The REST API (/wp-json/), AJAX (/wp-admin/admin-ajax.php), admin-post, and WP-Cron are always allowed through. Only browser-facing requests to /wp-login.php and /wp-admin/ (for non-logged-in users) are redirected.
Two recovery options are built in: (1) Check your admin email — every time the URL changes, a notification email is sent with the new URL written out in full. (2) Add define( 'ALS_DISABLE_HIDE_LOGIN', true ); to wp-config.php to immediately restore access via /wp-login.php, then log in and update the slug.
Yes. Upload your own logo in the Login Page tab. It replaces the WordPress logo and links to your site homepage instead of wordpress.org.
The plugin works on individual sites in a multisite network. Network-wide branding management from a single admin is planned for a future release.
Yes. The login page is never cached by WordPress caching plugins (they exclude wp-login.php and any page that sets cookies). If you use a server-level cache, ensure your custom login slug is excluded.
Yes. The plugin follows WordPress coding standards throughout: wp_unslash() before all $_POST reads, wp_safe_redirect() for all redirects, sanitization on input, escaping on output, nonce verification on all form submissions, and wp_date() for timezone-correct date formatting.
ob_start() in fingerprint class now always paired with ob_end_flush() — no stale output bufferadmin_init hooks (PRG pattern) — no header-already-sent errors$_POST reads now use wp_unslash() per WordPress coding standardswp_safe_redirect()wp_date() for timezone-correct filename datesALS_Settings::defaults() no longer calls home_url() or get_bloginfo() during activationwp-json duplicate check removed from hide-login allow-listdata-* attribute (no inline JS)als_saved_* and als_notice_* transients via $wpdbheadline_color and nav_link_color