GhostGate is a lightweight yet powerful WordPress security plugin that eliminates the login page as an attack surface. Instead of just defending, it erases the entrance entirely with dynamic login URLs and multi-layer access verification.

• 🔒 Hide your login URL with a custom slug and time-based code
• 🔑 Built-in 2FA via email verification
• 🚫 Auto-block brute force attacks by IP
• 🧱 Disable/limit unused endpoints like XML-RPC and REST API
• 👤 Prevent user enumeration via REST, RSS, and author queries
• 🔍 Visualize security status and detect conflicts
• 📜 Activity logs with optional file rotation

GhostGate doesn’t just defend — it disappears.
Invisible to bots. Intuitive for users.

👉 Full features / screenshots / pricing / docs:
https://arce-experience.com/product/

Privacy

GhostGate can store the following data locally on your site to provide rate-limiting and security auditing:
– IP addresses (for temporary throttling / block lists)
– Timestamps and event metadata (login attempts, REST/XML-RPC hits)
– Optional log files under wp-content/uploads/ghostgate/logs (if enabled)

No data is sent to third-party services.
Site owners are responsible for informing users/visitors where required by local laws. You can clear blocks/logs from the admin UI or by deleting the log files.