Changeset 3481425

vulntitan/tags/2.0.6/CHANGELOG.md

-                      r3480442
+                      r3481425
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.0.6] - 2026-03-12
+### Added
+- Added configurable custom login slug support so administrators can expose a private login URL instead of the default `wp-login.php` path.
+### Changed
+- Reworked the Firewall admin page into a tabbed settings workspace with more breathing room between controls and a dedicated full-width recent events section.
+- Replaced inline Firewall action notices with floating toast feedback for save, refresh, clear-log, warning, and error states.
+### Security
+- Hidden login access now blocks direct guest access to `wp-login.php` and default `wp-admin` entry points with `404` responses while preserving the custom login route.
 ## [2.0.5] - 2026-03-11

vulntitan/tags/2.0.6/assets/css/admin.css

-                      r3479599
+                      r3481425
 .vulntitan-firewall-feedback {
+    margin-top: 10px;
+}
+.vulntitan-firewall-notice {
+    padding: 10px 12px;
+    border-radius: 8px;
+    position: fixed;
+    top: 48px;
+    right: 20px;
+    z-index: 100000;
+    width: min(380px, calc(100vw - 32px));
+    margin: 0;
+    pointer-events: none;
+}
+.vulntitan-firewall-toast {
+    pointer-events: auto;
+    display: grid;
+    grid-template-columns: auto minmax(0, 1fr) auto;
+    align-items: start;
+    gap: 12px;
+    padding: 14px 14px 14px 12px;
+    border-radius: 14px;
     border: 1px solid #1f3346;
     background: #101a24;
+    background: rgba(10, 18, 28, 0.96);
     color: #bfdbfe;
     font-size: 12px;
+    line-height: 1.45;
+}
+.vulntitan-firewall-notice.is-success {
+    line-height: 1.5;
+    box-shadow: 0 18px 34px rgba(4, 9, 16, 0.38);
+    backdrop-filter: blur(14px);
+    opacity: 0;
+    transform: translateY(-8px);
+    transition: opacity 0.18s ease, transform 0.18s ease;
+}
+.vulntitan-firewall-feedback.is-visible .vulntitan-firewall-toast {
+    opacity: 1;
+    transform: translateY(0);
+}
+.vulntitan-firewall-toast-badge {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-width: 58px;
+    min-height: 28px;
+    padding: 0 10px;
+    border-radius: 999px;
+    border: 1px solid rgba(90, 176, 255, 0.24);
+    background: rgba(90, 176, 255, 0.12);
+    color: #cfe4ff;
+    font-size: 10px;
+    font-weight: 700;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+}
+.vulntitan-firewall-toast-message {
+    min-width: 0;
+    padding-top: 3px;
+    color: inherit;
+}
+.vulntitan-firewall-toast-close {
+    appearance: none;
+    width: 28px;
+    height: 28px;
+    border: 0;
+    border-radius: 999px;
+    background: rgba(255, 255, 255, 0.04);
+    color: #8fa7bf;
+    font-size: 12px;
+    font-weight: 700;
+    line-height: 1;
+    cursor: pointer;
+    transition: background-color 0.18s ease, color 0.18s ease;
+}
+.vulntitan-firewall-toast-close:hover,
+.vulntitan-firewall-toast-close:focus {
+    outline: none;
+    background: rgba(255, 255, 255, 0.08);
+    color: #e2e8f0;
+}
+.vulntitan-firewall-toast.is-success {
     border-color: #1f5131;
     background: #0f1d16;
+    background: rgba(11, 29, 21, 0.96);
     color: #86efac;
+}
+.vulntitan-firewall-notice.is-error {
+.vulntitan-firewall-toast.is-success .vulntitan-firewall-toast-badge {
+    border-color: rgba(91, 206, 122, 0.28);
+    background: rgba(31, 81, 49, 0.32);
+    color: #bbf7d0;
+}
+.vulntitan-firewall-toast.is-error {
     border-color: #5f1f1f;
     background: #221416;
+    background: rgba(34, 20, 22, 0.97);
     color: #fecaca;
+}
+.vulntitan-firewall-notice.is-warning {
+.vulntitan-firewall-toast.is-error .vulntitan-firewall-toast-badge {
+    border-color: rgba(248, 113, 113, 0.28);
+    background: rgba(127, 29, 29, 0.28);
+    color: #fecaca;
+}
+.vulntitan-firewall-toast.is-warning {
     border-color: #5f4a1f;
+    background: #221d13;
+    background: rgba(34, 29, 19, 0.97);
+    color: #fde68a;
+}
+.vulntitan-firewall-toast.is-warning .vulntitan-firewall-toast-badge {
+    border-color: rgba(245, 158, 11, 0.28);
+    background: rgba(95, 74, 31, 0.3);
     color: #fde68a;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-feedback {
     margin-top: 18px;
+    margin-top: 0;
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-grid {
     margin-top: 22px;
+    gap: 18px;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 22px;
+}
 …
     border-radius: 16px;
     box-shadow: 0 16px 30px rgba(6, 10, 16, 0.35);
+    padding: 18px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings,
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings {
+    padding: 20px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+    padding: 20px;
+    background: linear-gradient(180deg, rgba(11, 18, 28, 0.96), rgba(8, 14, 22, 0.98));
+}
 .vulntitan-firewall-panel-head {
     display: flex;
     align-items: center;
+    align-items: flex-start;
     justify-content: space-between;
     gap: 12px;
     margin-bottom: 16px;
+    flex-wrap: wrap;
+}
 …
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-workspace {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 18px;
+    align-items: start;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tabs {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 12px;
+    align-content: start;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab {
+    appearance: none;
+    width: 100%;
+    border: 1px solid rgba(90, 176, 255, 0.16);
+    border-radius: 14px;
+    background: linear-gradient(180deg, rgba(11, 17, 24, 0.94), rgba(7, 12, 18, 0.98));
+    min-height: 112px;
+    padding: 16px 18px;
+    text-align: left;
+    display: grid;
+    gap: 6px;
+    color: var(--vt-fw-text);
+    cursor: pointer;
+    transition: transform 0.18s ease, border-color 0.18s ease, box-shadow 0.18s ease, background 0.18s ease;
+    box-shadow: 0 10px 20px rgba(6, 10, 16, 0.2);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:hover {
+    border-color: rgba(90, 176, 255, 0.32);
+    transform: translateY(-1px);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:focus {
+    outline: none;
+    box-shadow: 0 0 0 3px rgba(90, 176, 255, 0.18), 0 14px 26px rgba(6, 10, 16, 0.3);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:disabled {
+    opacity: 0.6;
+    cursor: wait;
+    transform: none;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab.is-active {
+    border-color: rgba(90, 176, 255, 0.38);
+    background: linear-gradient(180deg, rgba(16, 27, 40, 0.96), rgba(9, 16, 24, 0.98));
+    box-shadow: inset 0 0 0 1px rgba(51, 209, 160, 0.1), 0 18px 32px rgba(6, 10, 16, 0.35);
+    transform: translateY(-2px);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-title {
+    font-size: 12px;
+    font-weight: 700;
+    letter-spacing: 0.1em;
+    text-transform: uppercase;
+    color: #d7e8fb;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-desc {
+    font-size: 12px;
+    line-height: 1.5;
+    color: var(--vt-fw-muted);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab.is-active .vulntitan-firewall-tab-desc {
+    color: #cfe4ff;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panels {
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel {
+    display: grid;
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+    gap: 16px;
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel[hidden] {
+    display: none !important;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel-head {
+    grid-column: 1 / -1;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel .vulntitan-firewall-section + .vulntitan-firewall-section {
+    margin-top: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel > .vulntitan-firewall-section:only-of-type {
+    grid-column: 1 / -1;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel-head {
+    padding: 16px 18px;
+    border-radius: 14px;
+    border: 1px solid rgba(90, 176, 255, 0.16);
+    background: linear-gradient(135deg, rgba(51, 209, 160, 0.08), rgba(90, 176, 255, 0.08)), rgba(9, 14, 20, 0.72);
+    display: grid;
+    gap: 8px;
+}
 .vulntitan-firewall-section {
     padding: 12px 14px;
     border-radius: 12px;
+    padding: 16px 18px;
+    border-radius: 14px;
     border: 1px solid rgba(90, 176, 255, 0.18);
     background: rgba(9, 14, 20, 0.7);
     display: grid;
     gap: 10px;
+    gap: 12px;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-field-help {
     color: var(--vt-fw-muted);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-field-grid {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 14px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-field-grid .vulntitan-firewall-input {
+    max-width: none;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-list {
+    background: rgba(9, 14, 20, 0.5);
+    border-radius: 12px;
+    padding: 6px;
+    margin-top: 0;
+    max-height: 720px;
+    background: transparent;
+    border-radius: 0;
+    padding: 0;
+    gap: 14px;
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-item {
+    border-radius: 12px;
+    border: 1px solid rgba(90, 176, 255, 0.12);
+    background: rgba(11, 17, 24, 0.7);
+    border-radius: 16px;
+    border: 1px solid rgba(90, 176, 255, 0.14);
+    background: linear-gradient(180deg, rgba(8, 14, 21, 0.96), rgba(6, 11, 18, 0.98));
+    padding: 16px 18px;
+    gap: 10px;
+    box-shadow: inset 0 0 0 1px rgba(51, 209, 160, 0.03);
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-request {
     color: #cde2f7;
+    font-size: 14px;
+    line-height: 1.5;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-meta {
+    gap: 10px 18px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-meta-item {
+    font-size: 12px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-reason {
+    font-size: 13px;
+    color: #d4dfeb;
+}
 …
         grid-template-columns: 1fr;
+    }
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel {
+        grid-template-columns: 1fr;
+    }
+}
+@media (max-width: 1280px) {
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tabs {
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+    }
+}
 @media (max-width: 782px) {
+    .vulntitan-firewall-feedback {
+        top: 58px;
+        right: 12px;
+        width: calc(100vw - 24px);
+    }
+    .vulntitan-firewall-toast {
+        grid-template-columns: 1fr auto;
+        gap: 10px;
+    }
+    .vulntitan-firewall-toast-badge {
+        grid-column: 1 / 2;
+        justify-self: start;
+    }
+    .vulntitan-firewall-toast-message {
+        grid-column: 1 / 2;
+        padding-top: 0;
+    }
+    .vulntitan-firewall-toast-close {
+        grid-column: 2 / 3;
+        grid-row: 1 / 2;
+    }
     .vulntitan-wrapper--firewall {
         padding: 1.25rem;
+    }
+}
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tabs,
+    .vulntitan-wrapper--firewall .vulntitan-firewall-field-grid {
+        grid-template-columns: 1fr;
+    }
+    .vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings,
+    .vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+        padding: 16px;
+    }
+}

vulntitan/tags/2.0.6/assets/css/admin.min.css

-                      r3479599
+                      r3481425
 .vulntitan-firewall-feedback {
+    margin-top: 10px;
+}
+.vulntitan-firewall-notice {
+    padding: 10px 12px;
+    border-radius: 8px;
+    position: fixed;
+    top: 48px;
+    right: 20px;
+    z-index: 100000;
+    width: min(380px, calc(100vw - 32px));
+    margin: 0;
+    pointer-events: none;
+}
+.vulntitan-firewall-toast {
+    pointer-events: auto;
+    display: grid;
+    grid-template-columns: auto minmax(0, 1fr) auto;
+    align-items: start;
+    gap: 12px;
+    padding: 14px 14px 14px 12px;
+    border-radius: 14px;
     border: 1px solid #1f3346;
     background: #101a24;
+    background: rgba(10, 18, 28, 0.96);
     color: #bfdbfe;
     font-size: 12px;
+    line-height: 1.45;
+}
+.vulntitan-firewall-notice.is-success {
+    line-height: 1.5;
+    box-shadow: 0 18px 34px rgba(4, 9, 16, 0.38);
+    backdrop-filter: blur(14px);
+    opacity: 0;
+    transform: translateY(-8px);
+    transition: opacity 0.18s ease, transform 0.18s ease;
+}
+.vulntitan-firewall-feedback.is-visible .vulntitan-firewall-toast {
+    opacity: 1;
+    transform: translateY(0);
+}
+.vulntitan-firewall-toast-badge {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-width: 58px;
+    min-height: 28px;
+    padding: 0 10px;
+    border-radius: 999px;
+    border: 1px solid rgba(90, 176, 255, 0.24);
+    background: rgba(90, 176, 255, 0.12);
+    color: #cfe4ff;
+    font-size: 10px;
+    font-weight: 700;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+}
+.vulntitan-firewall-toast-message {
+    min-width: 0;
+    padding-top: 3px;
+    color: inherit;
+}
+.vulntitan-firewall-toast-close {
+    appearance: none;
+    width: 28px;
+    height: 28px;
+    border: 0;
+    border-radius: 999px;
+    background: rgba(255, 255, 255, 0.04);
+    color: #8fa7bf;
+    font-size: 12px;
+    font-weight: 700;
+    line-height: 1;
+    cursor: pointer;
+    transition: background-color 0.18s ease, color 0.18s ease;
+}
+.vulntitan-firewall-toast-close:hover,
+.vulntitan-firewall-toast-close:focus {
+    outline: none;
+    background: rgba(255, 255, 255, 0.08);
+    color: #e2e8f0;
+}
+.vulntitan-firewall-toast.is-success {
     border-color: #1f5131;
     background: #0f1d16;
+    background: rgba(11, 29, 21, 0.96);
     color: #86efac;
+}
+.vulntitan-firewall-notice.is-error {
+.vulntitan-firewall-toast.is-success .vulntitan-firewall-toast-badge {
+    border-color: rgba(91, 206, 122, 0.28);
+    background: rgba(31, 81, 49, 0.32);
+    color: #bbf7d0;
+}
+.vulntitan-firewall-toast.is-error {
     border-color: #5f1f1f;
     background: #221416;
+    background: rgba(34, 20, 22, 0.97);
     color: #fecaca;
+}
+.vulntitan-firewall-notice.is-warning {
+.vulntitan-firewall-toast.is-error .vulntitan-firewall-toast-badge {
+    border-color: rgba(248, 113, 113, 0.28);
+    background: rgba(127, 29, 29, 0.28);
+    color: #fecaca;
+}
+.vulntitan-firewall-toast.is-warning {
     border-color: #5f4a1f;
+    background: #221d13;
+    background: rgba(34, 29, 19, 0.97);
+    color: #fde68a;
+}
+.vulntitan-firewall-toast.is-warning .vulntitan-firewall-toast-badge {
+    border-color: rgba(245, 158, 11, 0.28);
+    background: rgba(95, 74, 31, 0.3);
     color: #fde68a;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-feedback {
     margin-top: 18px;
+    margin-top: 0;
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-grid {
     margin-top: 22px;
+    gap: 18px;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 22px;
+}
 …
     border-radius: 16px;
     box-shadow: 0 16px 30px rgba(6, 10, 16, 0.35);
+    padding: 18px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings,
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings {
+    padding: 20px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+    padding: 20px;
+    background: linear-gradient(180deg, rgba(11, 18, 28, 0.96), rgba(8, 14, 22, 0.98));
+}
 .vulntitan-firewall-panel-head {
     display: flex;
     align-items: center;
+    align-items: flex-start;
     justify-content: space-between;
     gap: 12px;
     margin-bottom: 16px;
+    flex-wrap: wrap;
+}
 …
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-workspace {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 18px;
+    align-items: start;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tabs {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 12px;
+    align-content: start;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab {
+    appearance: none;
+    width: 100%;
+    border: 1px solid rgba(90, 176, 255, 0.16);
+    border-radius: 14px;
+    background: linear-gradient(180deg, rgba(11, 17, 24, 0.94), rgba(7, 12, 18, 0.98));
+    min-height: 112px;
+    padding: 16px 18px;
+    text-align: left;
+    display: grid;
+    gap: 6px;
+    color: var(--vt-fw-text);
+    cursor: pointer;
+    transition: transform 0.18s ease, border-color 0.18s ease, box-shadow 0.18s ease, background 0.18s ease;
+    box-shadow: 0 10px 20px rgba(6, 10, 16, 0.2);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:hover {
+    border-color: rgba(90, 176, 255, 0.32);
+    transform: translateY(-1px);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:focus {
+    outline: none;
+    box-shadow: 0 0 0 3px rgba(90, 176, 255, 0.18), 0 14px 26px rgba(6, 10, 16, 0.3);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:disabled {
+    opacity: 0.6;
+    cursor: wait;
+    transform: none;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab.is-active {
+    border-color: rgba(90, 176, 255, 0.38);
+    background: linear-gradient(180deg, rgba(16, 27, 40, 0.96), rgba(9, 16, 24, 0.98));
+    box-shadow: inset 0 0 0 1px rgba(51, 209, 160, 0.1), 0 18px 32px rgba(6, 10, 16, 0.35);
+    transform: translateY(-2px);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-title {
+    font-size: 12px;
+    font-weight: 700;
+    letter-spacing: 0.1em;
+    text-transform: uppercase;
+    color: #d7e8fb;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-desc {
+    font-size: 12px;
+    line-height: 1.5;
+    color: var(--vt-fw-muted);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab.is-active .vulntitan-firewall-tab-desc {
+    color: #cfe4ff;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panels {
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel {
+    display: grid;
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+    gap: 16px;
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel[hidden] {
+    display: none !important;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel-head {
+    grid-column: 1 / -1;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel .vulntitan-firewall-section + .vulntitan-firewall-section {
+    margin-top: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel > .vulntitan-firewall-section:only-of-type {
+    grid-column: 1 / -1;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel-head {
+    padding: 16px 18px;
+    border-radius: 14px;
+    border: 1px solid rgba(90, 176, 255, 0.16);
+    background: linear-gradient(135deg, rgba(51, 209, 160, 0.08), rgba(90, 176, 255, 0.08)), rgba(9, 14, 20, 0.72);
+    display: grid;
+    gap: 8px;
+}
 .vulntitan-firewall-section {
     padding: 12px 14px;
     border-radius: 12px;
+    padding: 16px 18px;
+    border-radius: 14px;
     border: 1px solid rgba(90, 176, 255, 0.18);
     background: rgba(9, 14, 20, 0.7);
     display: grid;
     gap: 10px;
+    gap: 12px;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-field-help {
     color: var(--vt-fw-muted);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-field-grid {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 14px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-field-grid .vulntitan-firewall-input {
+    max-width: none;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-list {
+    background: rgba(9, 14, 20, 0.5);
+    border-radius: 12px;
+    padding: 6px;
+    margin-top: 0;
+    max-height: 720px;
+    background: transparent;
+    border-radius: 0;
+    padding: 0;
+    gap: 14px;
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-item {
+    border-radius: 12px;
+    border: 1px solid rgba(90, 176, 255, 0.12);
+    background: rgba(11, 17, 24, 0.7);
+    border-radius: 16px;
+    border: 1px solid rgba(90, 176, 255, 0.14);
+    background: linear-gradient(180deg, rgba(8, 14, 21, 0.96), rgba(6, 11, 18, 0.98));
+    padding: 16px 18px;
+    gap: 10px;
+    box-shadow: inset 0 0 0 1px rgba(51, 209, 160, 0.03);
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-request {
     color: #cde2f7;
+    font-size: 14px;
+    line-height: 1.5;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-meta {
+    gap: 10px 18px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-meta-item {
+    font-size: 12px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-reason {
+    font-size: 13px;
+    color: #d4dfeb;
+}
 …
         grid-template-columns: 1fr;
+    }
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel {
+        grid-template-columns: 1fr;
+    }
+}
+@media (max-width: 1280px) {
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tabs {
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+    }
+}
 @media (max-width: 782px) {
+    .vulntitan-firewall-feedback {
+        top: 58px;
+        right: 12px;
+        width: calc(100vw - 24px);
+    }
+    .vulntitan-firewall-toast {
+        grid-template-columns: 1fr auto;
+        gap: 10px;
+    }
+    .vulntitan-firewall-toast-badge {
+        grid-column: 1 / 2;
+        justify-self: start;
+    }
+    .vulntitan-firewall-toast-message {
+        grid-column: 1 / 2;
+        padding-top: 0;
+    }
+    .vulntitan-firewall-toast-close {
+        grid-column: 2 / 3;
+        grid-row: 1 / 2;
+    }
     .vulntitan-wrapper--firewall {
         padding: 1.25rem;
+    }
+}
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tabs,
+    .vulntitan-wrapper--firewall .vulntitan-firewall-field-grid {
+        grid-template-columns: 1fr;
+    }
+    .vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings,
+    .vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+        padding: 16px;
+    }
+}

vulntitan/tags/2.0.6/assets/js/firewall.js

-                      r3469591
+                      r3481425
     const $firewallEnabled = $('#vulntitan-firewall-enabled');
     const $firewallLoginProtection = $('#vulntitan-firewall-login-protection');
+    const $firewallCustomLoginSlug = $('#vulntitan-firewall-custom-login-slug');
+    const $firewallCustomLoginUrl = $('#vulntitan-firewall-custom-login-url');
     const $firewallWafSqliEnabled = $('#vulntitan-firewall-waf-sqli-enabled');
     const $firewallWafCommandEnabled = $('#vulntitan-firewall-waf-command-enabled');
 …
     const $firewallRefresh = $('#vulntitan-firewall-refresh');
     const $firewallClearLogs = $('#vulntitan-firewall-clear-logs');
+    const $firewallTabs = $firewallRoot.find('[data-firewall-tab]');
+    const $firewallTabPanels = $firewallRoot.find('[data-firewall-tab-panel]');
     const i18n = (window.VulnTitan && window.VulnTitan.i18n) ? window.VulnTitan.i18n : {};
     let latestMuLoaderStatus = null;
+    let feedbackTimer = null;
+    let feedbackHideTimer = null;
     function escapeHtml(str) {
 …
+    }
+    function clearFeedbackTimers() {
+        if (feedbackTimer) {
+            window.clearTimeout(feedbackTimer);
+            feedbackTimer = null;
+        }
+        if (feedbackHideTimer) {
+            window.clearTimeout(feedbackHideTimer);
+            feedbackHideTimer = null;
+        }
+    }
+    function dismissFeedback() {
+        clearFeedbackTimers();
+        $firewallFeedback.removeClass('is-visible');
+        feedbackHideTimer = window.setTimeout(function () {
+            $firewallFeedback.hide().empty();
+            feedbackHideTimer = null;
+        }, 180);
+    }
+    function getFeedbackConfig(type) {
+        switch (type) {
+            case 'success':
+                return {
+                    label: i18n.firewall_toast_success || 'Saved',
+                    duration: 3200
+                };
+            case 'warning':
+                return {
+                    label: i18n.firewall_toast_warning || 'Review',
+                    duration: 5200
+                };
+            case 'error':
+                return {
+                    label: i18n.firewall_toast_error || 'Error',
+                    duration: 6200
+                };
+            default:
+                return {
+                    label: i18n.firewall_toast_info || 'Working',
+                    duration: 0
+                };
+        }
+    }
     function setFeedback(type, message) {
         if (!message) {
             $firewallFeedback.hide().empty();
+            dismissFeedback();
             return;
+        }
         const normalizedType = (type === 'success' || type === 'error' || type === 'warning') ? type : 'info';
+        const config = getFeedbackConfig(normalizedType);
+        const liveMode = normalizedType === 'error' ? 'assertive' : 'polite';
+        clearFeedbackTimers();
         $firewallFeedback
+            .html(`<div class="vulntitan-firewall-notice is-${normalizedType}">${escapeHtml(message)}</div>`)
+            .html(`
+                <div class="vulntitan-firewall-toast is-${normalizedType}" role="status" aria-live="${liveMode}">
+                    <span class="vulntitan-firewall-toast-badge">${escapeHtml(config.label)}</span>
+                    <div class="vulntitan-firewall-toast-message">${escapeHtml(message)}</div>
+                    <button type="button" class="vulntitan-firewall-toast-close" data-firewall-toast-close aria-label="${escapeHtml(i18n.firewall_toast_close || 'Dismiss notification')}">x</button>
+                </div>
+            `)
             .show();
+        window.requestAnimationFrame(function () {
+            $firewallFeedback.addClass('is-visible');
+        });
+        if (config.duration > 0) {
+            feedbackTimer = window.setTimeout(function () {
+                dismissFeedback();
+            }, config.duration);
+        }
+    }
 …
+    }
+    function renderLoginAccess(loginAccess) {
+        const data = loginAccess || {};
+        const customUrl = String(data.url || '').trim();
+        if (!customUrl) {
+            $firewallCustomLoginUrl.text(
+                i18n.firewall_custom_login_disabled || 'Custom login URL is disabled. Leave the slug blank to keep the default WordPress login endpoints.'
+            );
+            return;
+        }
+        $firewallCustomLoginUrl.text(customUrl);
+    }
+    function activateTab(tabId) {
+        const normalizedTab = String(tabId || '').trim();
+        if (!normalizedTab) {
+            return;
+        }
+        $firewallTabs.each(function () {
+            const $tab = $(this);
+            const isActive = String($tab.data('firewallTab')) === normalizedTab;
+            $tab
+                .toggleClass('is-active', isActive)
+                .attr('aria-selected', isActive ? 'true' : 'false')
+                .attr('tabindex', isActive ? '0' : '-1');
+        });
+        $firewallTabPanels.each(function () {
+            const $panel = $(this);
+            const isActive = String($panel.data('firewallTabPanel')) === normalizedTab;
+            $panel
+                .toggleClass('is-active', isActive)
+                .prop('hidden', !isActive);
+        });
+    }
     function applySettings(settings) {
         const data = settings || {};
 …
         $firewallEnabled.prop('checked', !!Number(data.enabled || 0));
         $firewallLoginProtection.prop('checked', !!Number(data.login_protection_enabled || 0));
+        $firewallCustomLoginSlug.val(String(data.custom_login_slug || ''));
         $firewallWafSqliEnabled.prop('checked', !!Number(data.waf_sqli_enabled || 0));
         $firewallWafCommandEnabled.prop('checked', !!Number(data.waf_command_injection_enabled || 0));
 …
         $firewallRefresh.prop('disabled', isBusy);
         $firewallClearLogs.prop('disabled', isBusy);
+        $firewallTabs.prop('disabled', isBusy);
         $firewallEnabled.prop('disabled', isBusy);
         $firewallLoginProtection.prop('disabled', isBusy);
+        $firewallCustomLoginSlug.prop('disabled', isBusy);
         $firewallWafSqliEnabled.prop('disabled', isBusy);
         $firewallWafCommandEnabled.prop('disabled', isBusy);
 …
         if (showLoadingNotice) {
             setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+            setFeedback('info', i18n.firewall_refreshing || 'Refreshing firewall data...');
+        }
 …
             latestMuLoaderStatus = payload.mu_loader || null;
             applySettings(payload.settings || {});
+            renderLoginAccess(payload.login_access || {});
             renderOverview(payload.summary || {}, latestMuLoaderStatus || {});
             renderLogs(payload.logs || []);
 …
     function saveSettings() {
         setBusyState(true);
         setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+        setFeedback('info', i18n.firewall_saving || 'Saving firewall settings...');
         $.post(VulnTitan.ajaxUrl, {
 …
             enabled: $firewallEnabled.is(':checked') ? 1 : 0,
             login_protection_enabled: $firewallLoginProtection.is(':checked') ? 1 : 0,
+            custom_login_slug: String($firewallCustomLoginSlug.val() || ''),
             waf_sqli_enabled: $firewallWafSqliEnabled.is(':checked') ? 1 : 0,
             waf_command_injection_enabled: $firewallWafCommandEnabled.is(':checked') ? 1 : 0,
 …
             latestMuLoaderStatus = payload.mu_loader || latestMuLoaderStatus;
             applySettings(payload.settings || {});
+            renderLoginAccess(payload.login_access || {});
             renderOverview(payload.summary || {}, latestMuLoaderStatus || {});
             renderLogs(payload.logs || []);
             const muInstall = payload.mu_loader_install || {};
+            if (payload.notice) {
+                setFeedback('warning', payload.notice);
+                return;
+            }
             if (muInstall.success === false && muInstall.error) {
                 setFeedback('warning', muInstall.error);
 …
         setBusyState(true);
         setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+        setFeedback('info', i18n.firewall_clearing || 'Clearing firewall logs...');
         $.post(VulnTitan.ajaxUrl, {
 …
     });
+    loadFirewallData(true);
+    $firewallFeedback.off('click', '[data-firewall-toast-close]').on('click', '[data-firewall-toast-close]', function () {
+        dismissFeedback();
+    });
+    $firewallTabs.off('click').on('click', function () {
+        activateTab($(this).data('firewallTab'));
+    });
+    $firewallTabs.off('keydown').on('keydown', function (event) {
+        const keys = ['ArrowLeft', 'ArrowRight', 'ArrowUp', 'ArrowDown', 'Home', 'End'];
+        if (keys.indexOf(event.key) === -1) {
+            return;
+        }
+        event.preventDefault();
+        const currentIndex = $firewallTabs.index(this);
+        if (currentIndex < 0) {
+            return;
+        }
+        let nextIndex = currentIndex;
+        if (event.key === 'Home') {
+            nextIndex = 0;
+        } else if (event.key === 'End') {
+            nextIndex = $firewallTabs.length - 1;
+        } else if (event.key === 'ArrowLeft' || event.key === 'ArrowUp') {
+            nextIndex = currentIndex === 0 ? $firewallTabs.length - 1 : currentIndex - 1;
+        } else if (event.key === 'ArrowRight' || event.key === 'ArrowDown') {
+            nextIndex = currentIndex === $firewallTabs.length - 1 ? 0 : currentIndex + 1;
+        }
+        const $nextTab = $firewallTabs.eq(nextIndex);
+        activateTab($nextTab.data('firewallTab'));
+        $nextTab.trigger('focus');
+    });
+    activateTab($firewallTabs.filter('.is-active').first().data('firewallTab') || $firewallTabs.first().data('firewallTab'));
+    loadFirewallData(false);
 });

vulntitan/tags/2.0.6/assets/js/firewall.min.js

-                      r3469591
+                      r3481425
     const $firewallEnabled = $('#vulntitan-firewall-enabled');
     const $firewallLoginProtection = $('#vulntitan-firewall-login-protection');
+    const $firewallCustomLoginSlug = $('#vulntitan-firewall-custom-login-slug');
+    const $firewallCustomLoginUrl = $('#vulntitan-firewall-custom-login-url');
     const $firewallWafSqliEnabled = $('#vulntitan-firewall-waf-sqli-enabled');
     const $firewallWafCommandEnabled = $('#vulntitan-firewall-waf-command-enabled');
 …
     const $firewallRefresh = $('#vulntitan-firewall-refresh');
     const $firewallClearLogs = $('#vulntitan-firewall-clear-logs');
+    const $firewallTabs = $firewallRoot.find('[data-firewall-tab]');
+    const $firewallTabPanels = $firewallRoot.find('[data-firewall-tab-panel]');
     const i18n = (window.VulnTitan && window.VulnTitan.i18n) ? window.VulnTitan.i18n : {};
     let latestMuLoaderStatus = null;
+    let feedbackTimer = null;
+    let feedbackHideTimer = null;
     function escapeHtml(str) {
 …
+    }
+    function clearFeedbackTimers() {
+        if (feedbackTimer) {
+            window.clearTimeout(feedbackTimer);
+            feedbackTimer = null;
+        }
+        if (feedbackHideTimer) {
+            window.clearTimeout(feedbackHideTimer);
+            feedbackHideTimer = null;
+        }
+    }
+    function dismissFeedback() {
+        clearFeedbackTimers();
+        $firewallFeedback.removeClass('is-visible');
+        feedbackHideTimer = window.setTimeout(function () {
+            $firewallFeedback.hide().empty();
+            feedbackHideTimer = null;
+        }, 180);
+    }
+    function getFeedbackConfig(type) {
+        switch (type) {
+            case 'success':
+                return {
+                    label: i18n.firewall_toast_success || 'Saved',
+                    duration: 3200
+                };
+            case 'warning':
+                return {
+                    label: i18n.firewall_toast_warning || 'Review',
+                    duration: 5200
+                };
+            case 'error':
+                return {
+                    label: i18n.firewall_toast_error || 'Error',
+                    duration: 6200
+                };
+            default:
+                return {
+                    label: i18n.firewall_toast_info || 'Working',
+                    duration: 0
+                };
+        }
+    }
     function setFeedback(type, message) {
         if (!message) {
             $firewallFeedback.hide().empty();
+            dismissFeedback();
             return;
+        }
         const normalizedType = (type === 'success' || type === 'error' || type === 'warning') ? type : 'info';
+        const config = getFeedbackConfig(normalizedType);
+        const liveMode = normalizedType === 'error' ? 'assertive' : 'polite';
+        clearFeedbackTimers();
         $firewallFeedback
+            .html(`<div class="vulntitan-firewall-notice is-${normalizedType}">${escapeHtml(message)}</div>`)
+            .html(`
+                <div class="vulntitan-firewall-toast is-${normalizedType}" role="status" aria-live="${liveMode}">
+                    <span class="vulntitan-firewall-toast-badge">${escapeHtml(config.label)}</span>
+                    <div class="vulntitan-firewall-toast-message">${escapeHtml(message)}</div>
+                    <button type="button" class="vulntitan-firewall-toast-close" data-firewall-toast-close aria-label="${escapeHtml(i18n.firewall_toast_close || 'Dismiss notification')}">x</button>
+                </div>
+            `)
             .show();
+        window.requestAnimationFrame(function () {
+            $firewallFeedback.addClass('is-visible');
+        });
+        if (config.duration > 0) {
+            feedbackTimer = window.setTimeout(function () {
+                dismissFeedback();
+            }, config.duration);
+        }
+    }
 …
+    }
+    function renderLoginAccess(loginAccess) {
+        const data = loginAccess || {};
+        const customUrl = String(data.url || '').trim();
+        if (!customUrl) {
+            $firewallCustomLoginUrl.text(
+                i18n.firewall_custom_login_disabled || 'Custom login URL is disabled. Leave the slug blank to keep the default WordPress login endpoints.'
+            );
+            return;
+        }
+        $firewallCustomLoginUrl.text(customUrl);
+    }
+    function activateTab(tabId) {
+        const normalizedTab = String(tabId || '').trim();
+        if (!normalizedTab) {
+            return;
+        }
+        $firewallTabs.each(function () {
+            const $tab = $(this);
+            const isActive = String($tab.data('firewallTab')) === normalizedTab;
+            $tab
+                .toggleClass('is-active', isActive)
+                .attr('aria-selected', isActive ? 'true' : 'false')
+                .attr('tabindex', isActive ? '0' : '-1');
+        });
+        $firewallTabPanels.each(function () {
+            const $panel = $(this);
+            const isActive = String($panel.data('firewallTabPanel')) === normalizedTab;
+            $panel
+                .toggleClass('is-active', isActive)
+                .prop('hidden', !isActive);
+        });
+    }
     function applySettings(settings) {
         const data = settings || {};
 …
         $firewallEnabled.prop('checked', !!Number(data.enabled || 0));
         $firewallLoginProtection.prop('checked', !!Number(data.login_protection_enabled || 0));
+        $firewallCustomLoginSlug.val(String(data.custom_login_slug || ''));
         $firewallWafSqliEnabled.prop('checked', !!Number(data.waf_sqli_enabled || 0));
         $firewallWafCommandEnabled.prop('checked', !!Number(data.waf_command_injection_enabled || 0));
 …
         $firewallRefresh.prop('disabled', isBusy);
         $firewallClearLogs.prop('disabled', isBusy);
+        $firewallTabs.prop('disabled', isBusy);
         $firewallEnabled.prop('disabled', isBusy);
         $firewallLoginProtection.prop('disabled', isBusy);
+        $firewallCustomLoginSlug.prop('disabled', isBusy);
         $firewallWafSqliEnabled.prop('disabled', isBusy);
         $firewallWafCommandEnabled.prop('disabled', isBusy);
 …
         if (showLoadingNotice) {
             setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+            setFeedback('info', i18n.firewall_refreshing || 'Refreshing firewall data...');
+        }
 …
             latestMuLoaderStatus = payload.mu_loader || null;
             applySettings(payload.settings || {});
+            renderLoginAccess(payload.login_access || {});
             renderOverview(payload.summary || {}, latestMuLoaderStatus || {});
             renderLogs(payload.logs || []);
 …
     function saveSettings() {
         setBusyState(true);
         setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+        setFeedback('info', i18n.firewall_saving || 'Saving firewall settings...');
         $.post(VulnTitan.ajaxUrl, {
 …
             enabled: $firewallEnabled.is(':checked') ? 1 : 0,
             login_protection_enabled: $firewallLoginProtection.is(':checked') ? 1 : 0,
+            custom_login_slug: String($firewallCustomLoginSlug.val() || ''),
             waf_sqli_enabled: $firewallWafSqliEnabled.is(':checked') ? 1 : 0,
             waf_command_injection_enabled: $firewallWafCommandEnabled.is(':checked') ? 1 : 0,
 …
             latestMuLoaderStatus = payload.mu_loader || latestMuLoaderStatus;
             applySettings(payload.settings || {});
+            renderLoginAccess(payload.login_access || {});
             renderOverview(payload.summary || {}, latestMuLoaderStatus || {});
             renderLogs(payload.logs || []);
             const muInstall = payload.mu_loader_install || {};
+            if (payload.notice) {
+                setFeedback('warning', payload.notice);
+                return;
+            }
             if (muInstall.success === false && muInstall.error) {
                 setFeedback('warning', muInstall.error);
 …
         setBusyState(true);
         setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+        setFeedback('info', i18n.firewall_clearing || 'Clearing firewall logs...');
         $.post(VulnTitan.ajaxUrl, {
 …
     });
+    loadFirewallData(true);
+    $firewallFeedback.off('click', '[data-firewall-toast-close]').on('click', '[data-firewall-toast-close]', function () {
+        dismissFeedback();
+    });
+    $firewallTabs.off('click').on('click', function () {
+        activateTab($(this).data('firewallTab'));
+    });
+    $firewallTabs.off('keydown').on('keydown', function (event) {
+        const keys = ['ArrowLeft', 'ArrowRight', 'ArrowUp', 'ArrowDown', 'Home', 'End'];
+        if (keys.indexOf(event.key) === -1) {
+            return;
+        }
+        event.preventDefault();
+        const currentIndex = $firewallTabs.index(this);
+        if (currentIndex < 0) {
+            return;
+        }
+        let nextIndex = currentIndex;
+        if (event.key === 'Home') {
+            nextIndex = 0;
+        } else if (event.key === 'End') {
+            nextIndex = $firewallTabs.length - 1;
+        } else if (event.key === 'ArrowLeft' || event.key === 'ArrowUp') {
+            nextIndex = currentIndex === 0 ? $firewallTabs.length - 1 : currentIndex - 1;
+        } else if (event.key === 'ArrowRight' || event.key === 'ArrowDown') {
+            nextIndex = currentIndex === $firewallTabs.length - 1 ? 0 : currentIndex + 1;
+        }
+        const $nextTab = $firewallTabs.eq(nextIndex);
+        activateTab($nextTab.data('firewallTab'));
+        $nextTab.trigger('focus');
+    });
+    activateTab($firewallTabs.filter('.is-active').first().data('firewallTab') || $firewallTabs.first().data('firewallTab'));
+    loadFirewallData(false);
 });

vulntitan/tags/2.0.6/includes/Admin/Admin.php

r3479599	r3481425
118	118	'firewall_mu_inactive' => esc_html__('MU loader inactive', 'vulntitan'),
119	119	'firewall_no_logs' => esc_html__('No firewall events recorded yet.', 'vulntitan'),
	120	'firewall_custom_login_disabled' => esc_html__('Custom login URL is disabled. Leave the slug blank to keep the default WordPress login endpoints.', 'vulntitan'),
120	121	'firewall_event_unknown' => esc_html__('Unknown event', 'vulntitan'),
121	122	'firewall_event_login_failed' => esc_html__('Login failed', 'vulntitan'),

vulntitan/tags/2.0.6/includes/Admin/Ajax.php

-                      r3479541
+                      r3481425
             'summary' => FirewallService::getSummary(24),
             'logs' => FirewallService::getRecentLogs(80),
+            'login_access' => FirewallService::getLoginAccessData(),
             'mu_loader' => FirewallService::getMuLoaderStatus(),
         ]);
 …
             wp_send_json_error(['message' => esc_html__('Insufficient permissions.', 'vulntitan')], 403);
+        }
+        $customLoginValidation = FirewallService::validateCustomLoginSlug(
+            isset($_POST['custom_login_slug']) ? (string) wp_unslash($_POST['custom_login_slug']) : ''
+        );
         $input = [
             'enabled' => isset($_POST['enabled']) ? (int) wp_unslash($_POST['enabled']) : 1,
             'login_protection_enabled' => isset($_POST['login_protection_enabled']) ? (int) wp_unslash($_POST['login_protection_enabled']) : 1,
+            'custom_login_slug' => $customLoginValidation['slug'],
             'waf_sqli_enabled' => isset($_POST['waf_sqli_enabled']) ? (int) wp_unslash($_POST['waf_sqli_enabled']) : 1,
             'waf_command_injection_enabled' => isset($_POST['waf_command_injection_enabled']) ? (int) wp_unslash($_POST['waf_command_injection_enabled']) : 1,
 …
         $settings = FirewallService::saveSettings($input);
         $muLoaderResult = FirewallService::installMuLoader();
+        $notice = '';
+        if (($customLoginValidation['error'] ?? '') === 'invalid') {
+            $notice = esc_html__('Custom login slug was not saved because it is invalid or reserved.', 'vulntitan');
+        } elseif (($customLoginValidation['error'] ?? '') === 'conflict') {
+            $notice = esc_html__('Custom login slug was not saved because that path is already used by existing WordPress content.', 'vulntitan');
+        }
         wp_send_json_success([
 …
             'summary' => FirewallService::getSummary(24),
             'logs' => FirewallService::getRecentLogs(80),
+            'login_access' => FirewallService::getLoginAccessData(),
             'mu_loader' => FirewallService::getMuLoaderStatus(),
             'mu_loader_install' => $muLoaderResult,
+            'notice' => $notice,
         ]);
+    }

vulntitan/tags/2.0.6/includes/Admin/Pages/Firewall.php

-                      r3479599
+                      r3481425
                                 <div class="vulntitan-firewall-form">
+                                    <div class="vulntitan-firewall-section">
+                                        <div class="vulntitan-firewall-section-title"><?php esc_html_e('Core Protection', 'vulntitan'); ?></div>
+                                        <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Master switches for the firewall runtime and login shield.', 'vulntitan'); ?></div>
+                                        <label class="vulntitan-firewall-toggle">
+                                            <input type="checkbox" id="vulntitan-firewall-enabled" class="vulntitan-firewall-checkbox" checked>
+                                            <span><?php esc_html_e('Enable Firewall', 'vulntitan'); ?></span>
+                                        </label>
+                                        <label class="vulntitan-firewall-toggle">
+                                            <input type="checkbox" id="vulntitan-firewall-login-protection" class="vulntitan-firewall-checkbox" checked>
+                                            <span><?php esc_html_e('Enable Login Protection', 'vulntitan'); ?></span>
+                                        </label>
+                                    </div>
+                                    <div class="vulntitan-firewall-section">
+                                        <div class="vulntitan-firewall-section-title"><?php esc_html_e('WAF Payload Protection', 'vulntitan'); ?></div>
+                                        <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Inspect request parameters for common SQL injection and command injection payloads.', 'vulntitan'); ?></div>
+                                        <label class="vulntitan-firewall-toggle">
+                                            <input type="checkbox" id="vulntitan-firewall-waf-sqli-enabled" class="vulntitan-firewall-checkbox" checked>
+                                            <span><?php esc_html_e('Enable SQL Injection Rule Set', 'vulntitan'); ?></span>
+                                        </label>
+                                        <label class="vulntitan-firewall-toggle">
+                                            <input type="checkbox" id="vulntitan-firewall-waf-command-enabled" class="vulntitan-firewall-checkbox" checked>
+                                            <span><?php esc_html_e('Enable Command Injection Rule Set', 'vulntitan'); ?></span>
+                                        </label>
+                                        <label class="vulntitan-firewall-field">
+                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('WAF Whitelist (Path patterns)', 'vulntitan'); ?></span>
+                                            <textarea id="vulntitan-firewall-waf-whitelist-paths" class="vulntitan-firewall-input vulntitan-firewall-textarea" rows="5" placeholder="/wp-json/my-plugin/*&#10;/custom-safe-endpoint"></textarea>
+                                            <small class="vulntitan-firewall-field-help"><?php esc_html_e('One pattern per line. Use * wildcard only when needed. Whitelist applies to SQLi/Command rules, not traversal/sensitive-file blocks.', 'vulntitan'); ?></small>
+                                        </label>
+                                    </div>
+                                    <div class="vulntitan-firewall-section">
+                                        <div class="vulntitan-firewall-section-title"><?php esc_html_e('Login Lockout Policy', 'vulntitan'); ?></div>
+                                        <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Tighten brute force resilience with adaptive limits and retention.', 'vulntitan'); ?></div>
+                                        <label class="vulntitan-firewall-field">
+                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Max failed attempts', 'vulntitan'); ?></span>
+                                            <input type="number" id="vulntitan-firewall-max-attempts" class="vulntitan-firewall-input" min="2" max="20" value="5">
+                                        </label>
+                                        <label class="vulntitan-firewall-field">
+                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Lockout duration (minutes)', 'vulntitan'); ?></span>
+                                            <input type="number" id="vulntitan-firewall-lockout-minutes" class="vulntitan-firewall-input" min="5" max="240" value="15">
+                                        </label>
+                                        <label class="vulntitan-firewall-field">
+                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Log retention (days)', 'vulntitan'); ?></span>
+                                            <input type="number" id="vulntitan-firewall-log-retention" class="vulntitan-firewall-input" min="1" max="365" value="30">
+                                        </label>
+                                    <div class="vulntitan-firewall-workspace">
+                                        <div class="vulntitan-firewall-tabs" role="tablist" aria-label="<?php esc_attr_e('Firewall setting groups', 'vulntitan'); ?>">
+                                            <button
+                                                type="button"
+                                                class="vulntitan-firewall-tab is-active"
+                                                id="vulntitan-firewall-tab-access"
+                                                data-firewall-tab="access"
+                                                role="tab"
+                                                aria-selected="true"
+                                                aria-controls="vulntitan-firewall-panel-access"
+                                            >
+                                                <span class="vulntitan-firewall-tab-title"><?php esc_html_e('Access Shield', 'vulntitan'); ?></span>
+                                                <span class="vulntitan-firewall-tab-desc"><?php esc_html_e('Runtime, login gate, and hidden entry path.', 'vulntitan'); ?></span>
+                                            </button>
+                                            <button
+                                                type="button"
+                                                class="vulntitan-firewall-tab"
+                                                id="vulntitan-firewall-tab-waf"
+                                                data-firewall-tab="waf"
+                                                role="tab"
+                                                aria-selected="false"
+                                                aria-controls="vulntitan-firewall-panel-waf"
+                                                tabindex="-1"
+                                            >
+                                                <span class="vulntitan-firewall-tab-title"><?php esc_html_e('WAF Rules', 'vulntitan'); ?></span>
+                                                <span class="vulntitan-firewall-tab-desc"><?php esc_html_e('Payload inspection and safe route exceptions.', 'vulntitan'); ?></span>
+                                            </button>
+                                            <button
+                                                type="button"
+                                                class="vulntitan-firewall-tab"
+                                                id="vulntitan-firewall-tab-lockouts"
+                                                data-firewall-tab="lockouts"
+                                                role="tab"
+                                                aria-selected="false"
+                                                aria-controls="vulntitan-firewall-panel-lockouts"
+                                                tabindex="-1"
+                                            >
+                                                <span class="vulntitan-firewall-tab-title"><?php esc_html_e('Lockouts & Logs', 'vulntitan'); ?></span>
+                                                <span class="vulntitan-firewall-tab-desc"><?php esc_html_e('Brute-force thresholds, lock windows, and retention.', 'vulntitan'); ?></span>
+                                            </button>
+                                        </div>
+                                        <div class="vulntitan-firewall-tab-panels">
+                                            <section
+                                                class="vulntitan-firewall-tab-panel is-active"
+                                                id="vulntitan-firewall-panel-access"
+                                                data-firewall-tab-panel="access"
+                                                role="tabpanel"
+                                                aria-labelledby="vulntitan-firewall-tab-access"
+                                            >
+                                                <div class="vulntitan-firewall-tab-panel-head">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Access Shield', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Control the live firewall runtime and hide the default WordPress login endpoints behind a custom entry path.', 'vulntitan'); ?></div>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Core Protection', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Master switches for the firewall runtime and login shield.', 'vulntitan'); ?></div>
+                                                    <label class="vulntitan-firewall-toggle">
+                                                        <input type="checkbox" id="vulntitan-firewall-enabled" class="vulntitan-firewall-checkbox" checked>
+                                                        <span><?php esc_html_e('Enable Firewall', 'vulntitan'); ?></span>
+                                                    </label>
+                                                    <label class="vulntitan-firewall-toggle">
+                                                        <input type="checkbox" id="vulntitan-firewall-login-protection" class="vulntitan-firewall-checkbox" checked>
+                                                        <span><?php esc_html_e('Enable Login Protection', 'vulntitan'); ?></span>
+                                                    </label>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Hidden Login Route', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Replace the public login path with a private slug known only to administrators.', 'vulntitan'); ?></div>
+                                                    <label class="vulntitan-firewall-field">
+                                                        <span class="vulntitan-firewall-field-label"><?php esc_html_e('Custom Login Slug', 'vulntitan'); ?></span>
+                                                        <input type="text" id="vulntitan-firewall-custom-login-slug" class="vulntitan-firewall-input" placeholder="secure-portal" autocomplete="off" spellcheck="false">
+                                                        <small class="vulntitan-firewall-field-help"><?php esc_html_e('Leave blank to keep the default WordPress login URLs. When set, logged-out visitors hitting wp-login.php or wp-admin will receive a 404 instead of the login screen.', 'vulntitan'); ?></small>
+                                                        <small class="vulntitan-firewall-field-help"><?php esc_html_e('Use a unique slug that is not already used by an existing page.', 'vulntitan'); ?></small>
+                                                        <small class="vulntitan-firewall-field-help">
+                                                            <?php esc_html_e('Active login URL:', 'vulntitan'); ?>
+                                                            <code id="vulntitan-firewall-custom-login-url" class="vulntitan-firewall-runtime-path"><?php esc_html_e('Disabled', 'vulntitan'); ?></code>
+                                                        </small>
+                                                    </label>
+                                                </div>
+                                            </section>
+                                            <section
+                                                class="vulntitan-firewall-tab-panel"
+                                                id="vulntitan-firewall-panel-waf"
+                                                data-firewall-tab-panel="waf"
+                                                role="tabpanel"
+                                                aria-labelledby="vulntitan-firewall-tab-waf"
+                                                hidden
+                                            >
+                                                <div class="vulntitan-firewall-tab-panel-head">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('WAF Rules', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Tune payload inspection so risky requests are blocked early while known-safe paths stay operational.', 'vulntitan'); ?></div>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Payload Protection', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Inspect request parameters for common SQL injection and command injection payloads.', 'vulntitan'); ?></div>
+                                                    <label class="vulntitan-firewall-toggle">
+                                                        <input type="checkbox" id="vulntitan-firewall-waf-sqli-enabled" class="vulntitan-firewall-checkbox" checked>
+                                                        <span><?php esc_html_e('Enable SQL Injection Rule Set', 'vulntitan'); ?></span>
+                                                    </label>
+                                                    <label class="vulntitan-firewall-toggle">
+                                                        <input type="checkbox" id="vulntitan-firewall-waf-command-enabled" class="vulntitan-firewall-checkbox" checked>
+                                                        <span><?php esc_html_e('Enable Command Injection Rule Set', 'vulntitan'); ?></span>
+                                                    </label>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Trusted Exceptions', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Whitelist routes that should bypass payload rules, without weakening traversal or sensitive-file protection.', 'vulntitan'); ?></div>
+                                                    <label class="vulntitan-firewall-field">
+                                                        <span class="vulntitan-firewall-field-label"><?php esc_html_e('WAF Whitelist (Path patterns)', 'vulntitan'); ?></span>
+                                                        <textarea id="vulntitan-firewall-waf-whitelist-paths" class="vulntitan-firewall-input vulntitan-firewall-textarea" rows="5" placeholder="/wp-json/my-plugin/*&#10;/custom-safe-endpoint"></textarea>
+                                                        <small class="vulntitan-firewall-field-help"><?php esc_html_e('One pattern per line. Use * wildcard only when needed. Whitelist applies to SQLi/Command rules, not traversal/sensitive-file blocks.', 'vulntitan'); ?></small>
+                                                    </label>
+                                                </div>
+                                            </section>
+                                            <section
+                                                class="vulntitan-firewall-tab-panel"
+                                                id="vulntitan-firewall-panel-lockouts"
+                                                data-firewall-tab-panel="lockouts"
+                                                role="tabpanel"
+                                                aria-labelledby="vulntitan-firewall-tab-lockouts"
+                                                hidden
+                                            >
+                                                <div class="vulntitan-firewall-tab-panel-head">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Lockouts & Logs', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Set aggressive but safe thresholds for failed logins and determine how long firewall intelligence stays available in the log store.', 'vulntitan'); ?></div>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Login Lockout Policy', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Tighten brute force resilience with adaptive limits and retention.', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-field-grid">
+                                                        <label class="vulntitan-firewall-field">
+                                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Max failed attempts', 'vulntitan'); ?></span>
+                                                            <input type="number" id="vulntitan-firewall-max-attempts" class="vulntitan-firewall-input" min="2" max="20" value="5">
+                                                        </label>
+                                                        <label class="vulntitan-firewall-field">
+                                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Lockout duration (minutes)', 'vulntitan'); ?></span>
+                                                            <input type="number" id="vulntitan-firewall-lockout-minutes" class="vulntitan-firewall-input" min="5" max="240" value="15">
+                                                        </label>
+                                                        <label class="vulntitan-firewall-field">
+                                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Log retention (days)', 'vulntitan'); ?></span>
+                                                            <input type="number" id="vulntitan-firewall-log-retention" class="vulntitan-firewall-input" min="1" max="365" value="30">
+                                                        </label>
+                                                    </div>
+                                                </div>
+                                            </section>
+                                        </div>
                                     </div>
                                 </div>

vulntitan/tags/2.0.6/includes/Plugin.php

-                      r3469591
+                      r3481425
 use VulnTitan\Admin\Admin;
 use VulnTitan\Services\FirewallService;
+use VulnTitan\Services\LoginAccessService;
 class Plugin {
 …
         $this->ensure_firewall_components();
         $this->register_scheduled_events();
+        LoginAccessService::boot();
         $this->admin = new Admin();
         $this->admin->init();

vulntitan/tags/2.0.6/includes/Services/FirewallService.php

-                      r3469591
+                      r3481425
             'enabled' => 1,
             'login_protection_enabled' => 1,
+            'custom_login_slug' => '',
             'waf_sqli_enabled' => 1,
             'waf_command_injection_enabled' => 1,
 …
         return $normalized;
+    }
+    public static function getCustomLoginSlug(): string
+    {
+        $settings = self::getSettings();
+        return (string) ($settings['custom_login_slug'] ?? '');
+    }
+    public static function isCustomLoginEnabled(): bool
+    {
+        return self::getCustomLoginSlug() !== '';
+    }
+    public static function getCustomLoginUrl(array $queryArgs = [], string $scheme = 'login'): string
+    {
+        $slug = self::getCustomLoginSlug();
+        if ($slug === '') {
+            return '';
+        }
+        $url = home_url('/' . user_trailingslashit($slug), $scheme);
+        if ($queryArgs) {
+            $url = add_query_arg($queryArgs, $url);
+        }
+        return $url;
+    }
+    public static function getLoginAccessData(): array
+    {
+        $slug = self::getCustomLoginSlug();
+        return [
+            'enabled' => $slug !== '',
+            'slug' => $slug,
+            'url' => $slug !== '' ? self::getCustomLoginUrl() : '',
+        ];
+    }
+    public static function validateCustomLoginSlug($input): array
+    {
+        $raw = is_scalar($input) ? trim((string) $input) : '';
+        $slug = self::sanitizeCustomLoginSlug($input);
+        if ($raw !== '' && $slug === '') {
+            return [
+                'slug' => '',
+                'error' => 'invalid',
+            ];
+        }
+        if ($slug !== '' && self::customLoginSlugConflicts($slug)) {
+            return [
+                'slug' => '',
+                'error' => 'conflict',
+            ];
+        }
+        return [
+            'slug' => $slug,
+            'error' => '',
+        ];
+    }
 …
             'enabled' => !empty($settings['enabled']) ? 1 : 0,
             'login_protection_enabled' => !empty($settings['login_protection_enabled']) ? 1 : 0,
+            'custom_login_slug' => self::sanitizeCustomLoginSlug($settings['custom_login_slug'] ?? $defaults['custom_login_slug']),
             'waf_sqli_enabled' => !empty($settings['waf_sqli_enabled']) ? 1 : 0,
             'waf_command_injection_enabled' => !empty($settings['waf_command_injection_enabled']) ? 1 : 0,
 …
+    }
+    public static function sanitizeCustomLoginSlug($input): string
+    {
+        if (!is_scalar($input)) {
+            return '';
+        }
+        $value = trim((string) $input);
+        if ($value === '') {
+            return '';
+        }
+        $value = preg_replace('/[\?#].*$/', '', $value);
+        $value = str_replace('\\', '/', (string) $value);
+        $value = preg_replace('#/+#', '/', (string) $value);
+        $value = trim((string) $value, "/ \t\n\r\0\x0B.");
+        if ($value === '') {
+            return '';
+        }
+        $segments = explode('/', $value);
+        $normalized = [];
+        foreach ($segments as $segment) {
+            $segment = sanitize_title_with_dashes((string) $segment, '', 'save');
+            $segment = trim($segment, '-');
+            if ($segment === '') {
+                continue;
+            }
+            $normalized[] = substr($segment, 0, 40);
+            if (count($normalized) >= 4) {
+                break;
+            }
+        }
+        if (!$normalized) {
+            return '';
+        }
+        $slug = implode('/', $normalized);
+        $slug = substr($slug, 0, 90);
+        $slug = trim($slug, '/');
+        if ($slug === '') {
+            return '';
+        }
+        $reservedPaths = [
+            'admin',
+            'admin-ajax.php',
+            'admin-post.php',
+            'feed',
+            'index.php',
+            'login',
+            'robots.txt',
+            'sitemap.xml',
+            'wp-admin',
+            'wp-json',
+            'wp-login',
+            'wp-login.php',
+            'xmlrpc.php',
+        ];
+        if (in_array($slug, $reservedPaths, true)) {
+            return '';
+        }
+        if (preg_match('#(^|/)(?:wp-admin|wp-login(?:\.php)?|wp-json|xmlrpc(?:\.php)?|admin-ajax(?:\.php)?|admin-post(?:\.php)?)(/|$)#', $slug)) {
+            return '';
+        }
+        return $slug;
+    }
     protected static function sanitizeWhitelistPaths($input): array
+    {
 …
         return array_keys($normalized);
+    }
+    protected static function customLoginSlugConflicts(string $slug): bool
+    {
+        if ($slug === '') {
+            return false;
+        }
+        if (function_exists('url_to_postid')) {
+            $postId = url_to_postid(home_url('/' . user_trailingslashit($slug)));
+            if ($postId > 0) {
+                return true;
+            }
+        }
+        if (function_exists('get_page_by_path')) {
+            $page = get_page_by_path($slug, OBJECT, ['page']);
+            if ($page instanceof \WP_Post) {
+                return true;
+            }
+        }
+        return false;
+    }

vulntitan/tags/2.0.6/readme.txt

-                      r3480442
+                      r3481425
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 2.0.5
+Stable tag: 2.0.6
 License: GPLv2
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 Instantly scan your WordPress site for malware infections and known vulnerabilities, review detailed results, and clean or remove malware safely using a guided fix workflow with automatic backups.
 Unlike heavy security suites, VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, and essential firewall protection — without unnecessary bloat.
+Unlike heavy security suites, VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, essential firewall protection, and hidden custom login access — without unnecessary bloat.
 = Malware Scanner =
 …
 = Firewall & Login Protection =
 VulnTitan includes lightweight firewall and WAF protection to block common attack patterns.
+VulnTitan includes lightweight firewall and WAF protection to block common attack patterns and protect the WordPress login surface.
 - Early MU-plugin runtime request guards
 …
 - Endpoint whitelisting controls
 - Login lockout protection against brute-force attacks
+- Configurable custom login slug so administrators can use a private login URL instead of the default `wp-login.php`
+- Default `wp-login.php` and guest `wp-admin` access can be hidden behind a `404` response when custom login is enabled
 = Security-First Architecture =
 …
 . Firewall and WAF protection settings panel.
 . Vulnerability scan progress bar.
+. Firewall hidden custom login configuration and activity overview.
+. When custom login url is set and user goes to wp-login.php or wp-admin route.
 == Installation ==
 …
 == Changelog ==
+= v2.0.6 - 12 Mar, 2026 =
+* Added configurable custom login slug support so administrators can use a private login URL instead of the default `wp-login.php` path.
+* Hidden direct guest access to default `wp-login.php` and `wp-admin` entry points when custom login protection is enabled.
+* Reworked the Firewall page with a tabbed settings layout, a wider recent events section, and toast-style action feedback.
 = v2.0.4 - 10 Mar, 2026 =
 * Redesigned the VulnTitan Dashboard into an elite, professional security command center layout.

vulntitan/tags/2.0.6/vulntitan.php

-                      r3480442
+                      r3481425
  * Plugin URI: https://vulntitan.com/vulntitan/
  * Description: VulnTitan is a lightweight WordPress security plugin with vulnerability scanning, malware detection, file integrity monitoring, and a built-in firewall with WAF payload rules and login protection.
  * Version: 2.0.5
+ * Version: 2.0.6
  * Author: Jaroslav Svetlik
  * Author URI: https://vulntitan.com
 …
 // Define plugin constants
 define('VULNTITAN_PLUGIN_VERSION', VULNTITAN_DEVELOPMENT ? uniqid() : '2.0.5');
+define('VULNTITAN_PLUGIN_VERSION', VULNTITAN_DEVELOPMENT ? uniqid() : '2.0.6');
 define('VULNTITAN_PLUGIN_BASENAME', plugin_basename(__FILE__));
 define('VULNTITAN_PLUGIN_DIR', untrailingslashit(plugin_dir_path(__FILE__)));

vulntitan/trunk/CHANGELOG.md

-                      r3480442
+                      r3481425
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.0.6] - 2026-03-12
+### Added
+- Added configurable custom login slug support so administrators can expose a private login URL instead of the default `wp-login.php` path.
+### Changed
+- Reworked the Firewall admin page into a tabbed settings workspace with more breathing room between controls and a dedicated full-width recent events section.
+- Replaced inline Firewall action notices with floating toast feedback for save, refresh, clear-log, warning, and error states.
+### Security
+- Hidden login access now blocks direct guest access to `wp-login.php` and default `wp-admin` entry points with `404` responses while preserving the custom login route.
 ## [2.0.5] - 2026-03-11

vulntitan/trunk/assets/css/admin.css

-                      r3479599
+                      r3481425
 .vulntitan-firewall-feedback {
+    margin-top: 10px;
+}
+.vulntitan-firewall-notice {
+    padding: 10px 12px;
+    border-radius: 8px;
+    position: fixed;
+    top: 48px;
+    right: 20px;
+    z-index: 100000;
+    width: min(380px, calc(100vw - 32px));
+    margin: 0;
+    pointer-events: none;
+}
+.vulntitan-firewall-toast {
+    pointer-events: auto;
+    display: grid;
+    grid-template-columns: auto minmax(0, 1fr) auto;
+    align-items: start;
+    gap: 12px;
+    padding: 14px 14px 14px 12px;
+    border-radius: 14px;
     border: 1px solid #1f3346;
     background: #101a24;
+    background: rgba(10, 18, 28, 0.96);
     color: #bfdbfe;
     font-size: 12px;
+    line-height: 1.45;
+}
+.vulntitan-firewall-notice.is-success {
+    line-height: 1.5;
+    box-shadow: 0 18px 34px rgba(4, 9, 16, 0.38);
+    backdrop-filter: blur(14px);
+    opacity: 0;
+    transform: translateY(-8px);
+    transition: opacity 0.18s ease, transform 0.18s ease;
+}
+.vulntitan-firewall-feedback.is-visible .vulntitan-firewall-toast {
+    opacity: 1;
+    transform: translateY(0);
+}
+.vulntitan-firewall-toast-badge {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-width: 58px;
+    min-height: 28px;
+    padding: 0 10px;
+    border-radius: 999px;
+    border: 1px solid rgba(90, 176, 255, 0.24);
+    background: rgba(90, 176, 255, 0.12);
+    color: #cfe4ff;
+    font-size: 10px;
+    font-weight: 700;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+}
+.vulntitan-firewall-toast-message {
+    min-width: 0;
+    padding-top: 3px;
+    color: inherit;
+}
+.vulntitan-firewall-toast-close {
+    appearance: none;
+    width: 28px;
+    height: 28px;
+    border: 0;
+    border-radius: 999px;
+    background: rgba(255, 255, 255, 0.04);
+    color: #8fa7bf;
+    font-size: 12px;
+    font-weight: 700;
+    line-height: 1;
+    cursor: pointer;
+    transition: background-color 0.18s ease, color 0.18s ease;
+}
+.vulntitan-firewall-toast-close:hover,
+.vulntitan-firewall-toast-close:focus {
+    outline: none;
+    background: rgba(255, 255, 255, 0.08);
+    color: #e2e8f0;
+}
+.vulntitan-firewall-toast.is-success {
     border-color: #1f5131;
     background: #0f1d16;
+    background: rgba(11, 29, 21, 0.96);
     color: #86efac;
+}
+.vulntitan-firewall-notice.is-error {
+.vulntitan-firewall-toast.is-success .vulntitan-firewall-toast-badge {
+    border-color: rgba(91, 206, 122, 0.28);
+    background: rgba(31, 81, 49, 0.32);
+    color: #bbf7d0;
+}
+.vulntitan-firewall-toast.is-error {
     border-color: #5f1f1f;
     background: #221416;
+    background: rgba(34, 20, 22, 0.97);
     color: #fecaca;
+}
+.vulntitan-firewall-notice.is-warning {
+.vulntitan-firewall-toast.is-error .vulntitan-firewall-toast-badge {
+    border-color: rgba(248, 113, 113, 0.28);
+    background: rgba(127, 29, 29, 0.28);
+    color: #fecaca;
+}
+.vulntitan-firewall-toast.is-warning {
     border-color: #5f4a1f;
+    background: #221d13;
+    background: rgba(34, 29, 19, 0.97);
+    color: #fde68a;
+}
+.vulntitan-firewall-toast.is-warning .vulntitan-firewall-toast-badge {
+    border-color: rgba(245, 158, 11, 0.28);
+    background: rgba(95, 74, 31, 0.3);
     color: #fde68a;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-feedback {
     margin-top: 18px;
+    margin-top: 0;
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-grid {
     margin-top: 22px;
+    gap: 18px;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 22px;
+}
 …
     border-radius: 16px;
     box-shadow: 0 16px 30px rgba(6, 10, 16, 0.35);
+    padding: 18px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings,
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings {
+    padding: 20px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+    padding: 20px;
+    background: linear-gradient(180deg, rgba(11, 18, 28, 0.96), rgba(8, 14, 22, 0.98));
+}
 .vulntitan-firewall-panel-head {
     display: flex;
     align-items: center;
+    align-items: flex-start;
     justify-content: space-between;
     gap: 12px;
     margin-bottom: 16px;
+    flex-wrap: wrap;
+}
 …
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-workspace {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 18px;
+    align-items: start;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tabs {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 12px;
+    align-content: start;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab {
+    appearance: none;
+    width: 100%;
+    border: 1px solid rgba(90, 176, 255, 0.16);
+    border-radius: 14px;
+    background: linear-gradient(180deg, rgba(11, 17, 24, 0.94), rgba(7, 12, 18, 0.98));
+    min-height: 112px;
+    padding: 16px 18px;
+    text-align: left;
+    display: grid;
+    gap: 6px;
+    color: var(--vt-fw-text);
+    cursor: pointer;
+    transition: transform 0.18s ease, border-color 0.18s ease, box-shadow 0.18s ease, background 0.18s ease;
+    box-shadow: 0 10px 20px rgba(6, 10, 16, 0.2);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:hover {
+    border-color: rgba(90, 176, 255, 0.32);
+    transform: translateY(-1px);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:focus {
+    outline: none;
+    box-shadow: 0 0 0 3px rgba(90, 176, 255, 0.18), 0 14px 26px rgba(6, 10, 16, 0.3);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:disabled {
+    opacity: 0.6;
+    cursor: wait;
+    transform: none;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab.is-active {
+    border-color: rgba(90, 176, 255, 0.38);
+    background: linear-gradient(180deg, rgba(16, 27, 40, 0.96), rgba(9, 16, 24, 0.98));
+    box-shadow: inset 0 0 0 1px rgba(51, 209, 160, 0.1), 0 18px 32px rgba(6, 10, 16, 0.35);
+    transform: translateY(-2px);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-title {
+    font-size: 12px;
+    font-weight: 700;
+    letter-spacing: 0.1em;
+    text-transform: uppercase;
+    color: #d7e8fb;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-desc {
+    font-size: 12px;
+    line-height: 1.5;
+    color: var(--vt-fw-muted);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab.is-active .vulntitan-firewall-tab-desc {
+    color: #cfe4ff;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panels {
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel {
+    display: grid;
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+    gap: 16px;
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel[hidden] {
+    display: none !important;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel-head {
+    grid-column: 1 / -1;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel .vulntitan-firewall-section + .vulntitan-firewall-section {
+    margin-top: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel > .vulntitan-firewall-section:only-of-type {
+    grid-column: 1 / -1;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel-head {
+    padding: 16px 18px;
+    border-radius: 14px;
+    border: 1px solid rgba(90, 176, 255, 0.16);
+    background: linear-gradient(135deg, rgba(51, 209, 160, 0.08), rgba(90, 176, 255, 0.08)), rgba(9, 14, 20, 0.72);
+    display: grid;
+    gap: 8px;
+}
 .vulntitan-firewall-section {
     padding: 12px 14px;
     border-radius: 12px;
+    padding: 16px 18px;
+    border-radius: 14px;
     border: 1px solid rgba(90, 176, 255, 0.18);
     background: rgba(9, 14, 20, 0.7);
     display: grid;
     gap: 10px;
+    gap: 12px;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-field-help {
     color: var(--vt-fw-muted);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-field-grid {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 14px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-field-grid .vulntitan-firewall-input {
+    max-width: none;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-list {
+    background: rgba(9, 14, 20, 0.5);
+    border-radius: 12px;
+    padding: 6px;
+    margin-top: 0;
+    max-height: 720px;
+    background: transparent;
+    border-radius: 0;
+    padding: 0;
+    gap: 14px;
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-item {
+    border-radius: 12px;
+    border: 1px solid rgba(90, 176, 255, 0.12);
+    background: rgba(11, 17, 24, 0.7);
+    border-radius: 16px;
+    border: 1px solid rgba(90, 176, 255, 0.14);
+    background: linear-gradient(180deg, rgba(8, 14, 21, 0.96), rgba(6, 11, 18, 0.98));
+    padding: 16px 18px;
+    gap: 10px;
+    box-shadow: inset 0 0 0 1px rgba(51, 209, 160, 0.03);
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-request {
     color: #cde2f7;
+    font-size: 14px;
+    line-height: 1.5;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-meta {
+    gap: 10px 18px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-meta-item {
+    font-size: 12px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-reason {
+    font-size: 13px;
+    color: #d4dfeb;
+}
 …
         grid-template-columns: 1fr;
+    }
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel {
+        grid-template-columns: 1fr;
+    }
+}
+@media (max-width: 1280px) {
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tabs {
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+    }
+}
 @media (max-width: 782px) {
+    .vulntitan-firewall-feedback {
+        top: 58px;
+        right: 12px;
+        width: calc(100vw - 24px);
+    }
+    .vulntitan-firewall-toast {
+        grid-template-columns: 1fr auto;
+        gap: 10px;
+    }
+    .vulntitan-firewall-toast-badge {
+        grid-column: 1 / 2;
+        justify-self: start;
+    }
+    .vulntitan-firewall-toast-message {
+        grid-column: 1 / 2;
+        padding-top: 0;
+    }
+    .vulntitan-firewall-toast-close {
+        grid-column: 2 / 3;
+        grid-row: 1 / 2;
+    }
     .vulntitan-wrapper--firewall {
         padding: 1.25rem;
+    }
+}
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tabs,
+    .vulntitan-wrapper--firewall .vulntitan-firewall-field-grid {
+        grid-template-columns: 1fr;
+    }
+    .vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings,
+    .vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+        padding: 16px;
+    }
+}

vulntitan/trunk/assets/css/admin.min.css

-                      r3479599
+                      r3481425
 .vulntitan-firewall-feedback {
+    margin-top: 10px;
+}
+.vulntitan-firewall-notice {
+    padding: 10px 12px;
+    border-radius: 8px;
+    position: fixed;
+    top: 48px;
+    right: 20px;
+    z-index: 100000;
+    width: min(380px, calc(100vw - 32px));
+    margin: 0;
+    pointer-events: none;
+}
+.vulntitan-firewall-toast {
+    pointer-events: auto;
+    display: grid;
+    grid-template-columns: auto minmax(0, 1fr) auto;
+    align-items: start;
+    gap: 12px;
+    padding: 14px 14px 14px 12px;
+    border-radius: 14px;
     border: 1px solid #1f3346;
     background: #101a24;
+    background: rgba(10, 18, 28, 0.96);
     color: #bfdbfe;
     font-size: 12px;
+    line-height: 1.45;
+}
+.vulntitan-firewall-notice.is-success {
+    line-height: 1.5;
+    box-shadow: 0 18px 34px rgba(4, 9, 16, 0.38);
+    backdrop-filter: blur(14px);
+    opacity: 0;
+    transform: translateY(-8px);
+    transition: opacity 0.18s ease, transform 0.18s ease;
+}
+.vulntitan-firewall-feedback.is-visible .vulntitan-firewall-toast {
+    opacity: 1;
+    transform: translateY(0);
+}
+.vulntitan-firewall-toast-badge {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-width: 58px;
+    min-height: 28px;
+    padding: 0 10px;
+    border-radius: 999px;
+    border: 1px solid rgba(90, 176, 255, 0.24);
+    background: rgba(90, 176, 255, 0.12);
+    color: #cfe4ff;
+    font-size: 10px;
+    font-weight: 700;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+}
+.vulntitan-firewall-toast-message {
+    min-width: 0;
+    padding-top: 3px;
+    color: inherit;
+}
+.vulntitan-firewall-toast-close {
+    appearance: none;
+    width: 28px;
+    height: 28px;
+    border: 0;
+    border-radius: 999px;
+    background: rgba(255, 255, 255, 0.04);
+    color: #8fa7bf;
+    font-size: 12px;
+    font-weight: 700;
+    line-height: 1;
+    cursor: pointer;
+    transition: background-color 0.18s ease, color 0.18s ease;
+}
+.vulntitan-firewall-toast-close:hover,
+.vulntitan-firewall-toast-close:focus {
+    outline: none;
+    background: rgba(255, 255, 255, 0.08);
+    color: #e2e8f0;
+}
+.vulntitan-firewall-toast.is-success {
     border-color: #1f5131;
     background: #0f1d16;
+    background: rgba(11, 29, 21, 0.96);
     color: #86efac;
+}
+.vulntitan-firewall-notice.is-error {
+.vulntitan-firewall-toast.is-success .vulntitan-firewall-toast-badge {
+    border-color: rgba(91, 206, 122, 0.28);
+    background: rgba(31, 81, 49, 0.32);
+    color: #bbf7d0;
+}
+.vulntitan-firewall-toast.is-error {
     border-color: #5f1f1f;
     background: #221416;
+    background: rgba(34, 20, 22, 0.97);
     color: #fecaca;
+}
+.vulntitan-firewall-notice.is-warning {
+.vulntitan-firewall-toast.is-error .vulntitan-firewall-toast-badge {
+    border-color: rgba(248, 113, 113, 0.28);
+    background: rgba(127, 29, 29, 0.28);
+    color: #fecaca;
+}
+.vulntitan-firewall-toast.is-warning {
     border-color: #5f4a1f;
+    background: #221d13;
+    background: rgba(34, 29, 19, 0.97);
+    color: #fde68a;
+}
+.vulntitan-firewall-toast.is-warning .vulntitan-firewall-toast-badge {
+    border-color: rgba(245, 158, 11, 0.28);
+    background: rgba(95, 74, 31, 0.3);
     color: #fde68a;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-feedback {
     margin-top: 18px;
+    margin-top: 0;
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-grid {
     margin-top: 22px;
+    gap: 18px;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 22px;
+}
 …
     border-radius: 16px;
     box-shadow: 0 16px 30px rgba(6, 10, 16, 0.35);
+    padding: 18px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings,
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings {
+    padding: 20px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+    padding: 20px;
+    background: linear-gradient(180deg, rgba(11, 18, 28, 0.96), rgba(8, 14, 22, 0.98));
+}
 .vulntitan-firewall-panel-head {
     display: flex;
     align-items: center;
+    align-items: flex-start;
     justify-content: space-between;
     gap: 12px;
     margin-bottom: 16px;
+    flex-wrap: wrap;
+}
 …
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-workspace {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 18px;
+    align-items: start;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tabs {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 12px;
+    align-content: start;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab {
+    appearance: none;
+    width: 100%;
+    border: 1px solid rgba(90, 176, 255, 0.16);
+    border-radius: 14px;
+    background: linear-gradient(180deg, rgba(11, 17, 24, 0.94), rgba(7, 12, 18, 0.98));
+    min-height: 112px;
+    padding: 16px 18px;
+    text-align: left;
+    display: grid;
+    gap: 6px;
+    color: var(--vt-fw-text);
+    cursor: pointer;
+    transition: transform 0.18s ease, border-color 0.18s ease, box-shadow 0.18s ease, background 0.18s ease;
+    box-shadow: 0 10px 20px rgba(6, 10, 16, 0.2);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:hover {
+    border-color: rgba(90, 176, 255, 0.32);
+    transform: translateY(-1px);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:focus {
+    outline: none;
+    box-shadow: 0 0 0 3px rgba(90, 176, 255, 0.18), 0 14px 26px rgba(6, 10, 16, 0.3);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab:disabled {
+    opacity: 0.6;
+    cursor: wait;
+    transform: none;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab.is-active {
+    border-color: rgba(90, 176, 255, 0.38);
+    background: linear-gradient(180deg, rgba(16, 27, 40, 0.96), rgba(9, 16, 24, 0.98));
+    box-shadow: inset 0 0 0 1px rgba(51, 209, 160, 0.1), 0 18px 32px rgba(6, 10, 16, 0.35);
+    transform: translateY(-2px);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-title {
+    font-size: 12px;
+    font-weight: 700;
+    letter-spacing: 0.1em;
+    text-transform: uppercase;
+    color: #d7e8fb;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-desc {
+    font-size: 12px;
+    line-height: 1.5;
+    color: var(--vt-fw-muted);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab.is-active .vulntitan-firewall-tab-desc {
+    color: #cfe4ff;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panels {
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel {
+    display: grid;
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+    gap: 16px;
+    min-width: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel[hidden] {
+    display: none !important;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel-head {
+    grid-column: 1 / -1;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel .vulntitan-firewall-section + .vulntitan-firewall-section {
+    margin-top: 0;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel > .vulntitan-firewall-section:only-of-type {
+    grid-column: 1 / -1;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel-head {
+    padding: 16px 18px;
+    border-radius: 14px;
+    border: 1px solid rgba(90, 176, 255, 0.16);
+    background: linear-gradient(135deg, rgba(51, 209, 160, 0.08), rgba(90, 176, 255, 0.08)), rgba(9, 14, 20, 0.72);
+    display: grid;
+    gap: 8px;
+}
 .vulntitan-firewall-section {
     padding: 12px 14px;
     border-radius: 12px;
+    padding: 16px 18px;
+    border-radius: 14px;
     border: 1px solid rgba(90, 176, 255, 0.18);
     background: rgba(9, 14, 20, 0.7);
     display: grid;
     gap: 10px;
+    gap: 12px;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-field-help {
     color: var(--vt-fw-muted);
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-field-grid {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 14px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-field-grid .vulntitan-firewall-input {
+    max-width: none;
+}
 …
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-list {
+    background: rgba(9, 14, 20, 0.5);
+    border-radius: 12px;
+    padding: 6px;
+    margin-top: 0;
+    max-height: 720px;
+    background: transparent;
+    border-radius: 0;
+    padding: 0;
+    gap: 14px;
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-item {
+    border-radius: 12px;
+    border: 1px solid rgba(90, 176, 255, 0.12);
+    background: rgba(11, 17, 24, 0.7);
+    border-radius: 16px;
+    border: 1px solid rgba(90, 176, 255, 0.14);
+    background: linear-gradient(180deg, rgba(8, 14, 21, 0.96), rgba(6, 11, 18, 0.98));
+    padding: 16px 18px;
+    gap: 10px;
+    box-shadow: inset 0 0 0 1px rgba(51, 209, 160, 0.03);
+}
 .vulntitan-wrapper--firewall .vulntitan-firewall-log-request {
     color: #cde2f7;
+    font-size: 14px;
+    line-height: 1.5;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-meta {
+    gap: 10px 18px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-meta-item {
+    font-size: 12px;
+}
+.vulntitan-wrapper--firewall .vulntitan-firewall-log-reason {
+    font-size: 13px;
+    color: #d4dfeb;
+}
 …
         grid-template-columns: 1fr;
+    }
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tab-panel {
+        grid-template-columns: 1fr;
+    }
+}
+@media (max-width: 1280px) {
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tabs {
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+    }
+}
 @media (max-width: 782px) {
+    .vulntitan-firewall-feedback {
+        top: 58px;
+        right: 12px;
+        width: calc(100vw - 24px);
+    }
+    .vulntitan-firewall-toast {
+        grid-template-columns: 1fr auto;
+        gap: 10px;
+    }
+    .vulntitan-firewall-toast-badge {
+        grid-column: 1 / 2;
+        justify-self: start;
+    }
+    .vulntitan-firewall-toast-message {
+        grid-column: 1 / 2;
+        padding-top: 0;
+    }
+    .vulntitan-firewall-toast-close {
+        grid-column: 2 / 3;
+        grid-row: 1 / 2;
+    }
     .vulntitan-wrapper--firewall {
         padding: 1.25rem;
+    }
+}
+    .vulntitan-wrapper--firewall .vulntitan-firewall-tabs,
+    .vulntitan-wrapper--firewall .vulntitan-firewall-field-grid {
+        grid-template-columns: 1fr;
+    }
+    .vulntitan-wrapper--firewall .vulntitan-firewall-panel--settings,
+    .vulntitan-wrapper--firewall .vulntitan-firewall-panel--logs {
+        padding: 16px;
+    }
+}

vulntitan/trunk/assets/js/firewall.js

-                      r3469591
+                      r3481425
     const $firewallEnabled = $('#vulntitan-firewall-enabled');
     const $firewallLoginProtection = $('#vulntitan-firewall-login-protection');
+    const $firewallCustomLoginSlug = $('#vulntitan-firewall-custom-login-slug');
+    const $firewallCustomLoginUrl = $('#vulntitan-firewall-custom-login-url');
     const $firewallWafSqliEnabled = $('#vulntitan-firewall-waf-sqli-enabled');
     const $firewallWafCommandEnabled = $('#vulntitan-firewall-waf-command-enabled');
 …
     const $firewallRefresh = $('#vulntitan-firewall-refresh');
     const $firewallClearLogs = $('#vulntitan-firewall-clear-logs');
+    const $firewallTabs = $firewallRoot.find('[data-firewall-tab]');
+    const $firewallTabPanels = $firewallRoot.find('[data-firewall-tab-panel]');
     const i18n = (window.VulnTitan && window.VulnTitan.i18n) ? window.VulnTitan.i18n : {};
     let latestMuLoaderStatus = null;
+    let feedbackTimer = null;
+    let feedbackHideTimer = null;
     function escapeHtml(str) {
 …
+    }
+    function clearFeedbackTimers() {
+        if (feedbackTimer) {
+            window.clearTimeout(feedbackTimer);
+            feedbackTimer = null;
+        }
+        if (feedbackHideTimer) {
+            window.clearTimeout(feedbackHideTimer);
+            feedbackHideTimer = null;
+        }
+    }
+    function dismissFeedback() {
+        clearFeedbackTimers();
+        $firewallFeedback.removeClass('is-visible');
+        feedbackHideTimer = window.setTimeout(function () {
+            $firewallFeedback.hide().empty();
+            feedbackHideTimer = null;
+        }, 180);
+    }
+    function getFeedbackConfig(type) {
+        switch (type) {
+            case 'success':
+                return {
+                    label: i18n.firewall_toast_success || 'Saved',
+                    duration: 3200
+                };
+            case 'warning':
+                return {
+                    label: i18n.firewall_toast_warning || 'Review',
+                    duration: 5200
+                };
+            case 'error':
+                return {
+                    label: i18n.firewall_toast_error || 'Error',
+                    duration: 6200
+                };
+            default:
+                return {
+                    label: i18n.firewall_toast_info || 'Working',
+                    duration: 0
+                };
+        }
+    }
     function setFeedback(type, message) {
         if (!message) {
             $firewallFeedback.hide().empty();
+            dismissFeedback();
             return;
+        }
         const normalizedType = (type === 'success' || type === 'error' || type === 'warning') ? type : 'info';
+        const config = getFeedbackConfig(normalizedType);
+        const liveMode = normalizedType === 'error' ? 'assertive' : 'polite';
+        clearFeedbackTimers();
         $firewallFeedback
+            .html(`<div class="vulntitan-firewall-notice is-${normalizedType}">${escapeHtml(message)}</div>`)
+            .html(`
+                <div class="vulntitan-firewall-toast is-${normalizedType}" role="status" aria-live="${liveMode}">
+                    <span class="vulntitan-firewall-toast-badge">${escapeHtml(config.label)}</span>
+                    <div class="vulntitan-firewall-toast-message">${escapeHtml(message)}</div>
+                    <button type="button" class="vulntitan-firewall-toast-close" data-firewall-toast-close aria-label="${escapeHtml(i18n.firewall_toast_close || 'Dismiss notification')}">x</button>
+                </div>
+            `)
             .show();
+        window.requestAnimationFrame(function () {
+            $firewallFeedback.addClass('is-visible');
+        });
+        if (config.duration > 0) {
+            feedbackTimer = window.setTimeout(function () {
+                dismissFeedback();
+            }, config.duration);
+        }
+    }
 …
+    }
+    function renderLoginAccess(loginAccess) {
+        const data = loginAccess || {};
+        const customUrl = String(data.url || '').trim();
+        if (!customUrl) {
+            $firewallCustomLoginUrl.text(
+                i18n.firewall_custom_login_disabled || 'Custom login URL is disabled. Leave the slug blank to keep the default WordPress login endpoints.'
+            );
+            return;
+        }
+        $firewallCustomLoginUrl.text(customUrl);
+    }
+    function activateTab(tabId) {
+        const normalizedTab = String(tabId || '').trim();
+        if (!normalizedTab) {
+            return;
+        }
+        $firewallTabs.each(function () {
+            const $tab = $(this);
+            const isActive = String($tab.data('firewallTab')) === normalizedTab;
+            $tab
+                .toggleClass('is-active', isActive)
+                .attr('aria-selected', isActive ? 'true' : 'false')
+                .attr('tabindex', isActive ? '0' : '-1');
+        });
+        $firewallTabPanels.each(function () {
+            const $panel = $(this);
+            const isActive = String($panel.data('firewallTabPanel')) === normalizedTab;
+            $panel
+                .toggleClass('is-active', isActive)
+                .prop('hidden', !isActive);
+        });
+    }
     function applySettings(settings) {
         const data = settings || {};
 …
         $firewallEnabled.prop('checked', !!Number(data.enabled || 0));
         $firewallLoginProtection.prop('checked', !!Number(data.login_protection_enabled || 0));
+        $firewallCustomLoginSlug.val(String(data.custom_login_slug || ''));
         $firewallWafSqliEnabled.prop('checked', !!Number(data.waf_sqli_enabled || 0));
         $firewallWafCommandEnabled.prop('checked', !!Number(data.waf_command_injection_enabled || 0));
 …
         $firewallRefresh.prop('disabled', isBusy);
         $firewallClearLogs.prop('disabled', isBusy);
+        $firewallTabs.prop('disabled', isBusy);
         $firewallEnabled.prop('disabled', isBusy);
         $firewallLoginProtection.prop('disabled', isBusy);
+        $firewallCustomLoginSlug.prop('disabled', isBusy);
         $firewallWafSqliEnabled.prop('disabled', isBusy);
         $firewallWafCommandEnabled.prop('disabled', isBusy);
 …
         if (showLoadingNotice) {
             setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+            setFeedback('info', i18n.firewall_refreshing || 'Refreshing firewall data...');
+        }
 …
             latestMuLoaderStatus = payload.mu_loader || null;
             applySettings(payload.settings || {});
+            renderLoginAccess(payload.login_access || {});
             renderOverview(payload.summary || {}, latestMuLoaderStatus || {});
             renderLogs(payload.logs || []);
 …
     function saveSettings() {
         setBusyState(true);
         setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+        setFeedback('info', i18n.firewall_saving || 'Saving firewall settings...');
         $.post(VulnTitan.ajaxUrl, {
 …
             enabled: $firewallEnabled.is(':checked') ? 1 : 0,
             login_protection_enabled: $firewallLoginProtection.is(':checked') ? 1 : 0,
+            custom_login_slug: String($firewallCustomLoginSlug.val() || ''),
             waf_sqli_enabled: $firewallWafSqliEnabled.is(':checked') ? 1 : 0,
             waf_command_injection_enabled: $firewallWafCommandEnabled.is(':checked') ? 1 : 0,
 …
             latestMuLoaderStatus = payload.mu_loader || latestMuLoaderStatus;
             applySettings(payload.settings || {});
+            renderLoginAccess(payload.login_access || {});
             renderOverview(payload.summary || {}, latestMuLoaderStatus || {});
             renderLogs(payload.logs || []);
             const muInstall = payload.mu_loader_install || {};
+            if (payload.notice) {
+                setFeedback('warning', payload.notice);
+                return;
+            }
             if (muInstall.success === false && muInstall.error) {
                 setFeedback('warning', muInstall.error);
 …
         setBusyState(true);
         setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+        setFeedback('info', i18n.firewall_clearing || 'Clearing firewall logs...');
         $.post(VulnTitan.ajaxUrl, {
 …
     });
+    loadFirewallData(true);
+    $firewallFeedback.off('click', '[data-firewall-toast-close]').on('click', '[data-firewall-toast-close]', function () {
+        dismissFeedback();
+    });
+    $firewallTabs.off('click').on('click', function () {
+        activateTab($(this).data('firewallTab'));
+    });
+    $firewallTabs.off('keydown').on('keydown', function (event) {
+        const keys = ['ArrowLeft', 'ArrowRight', 'ArrowUp', 'ArrowDown', 'Home', 'End'];
+        if (keys.indexOf(event.key) === -1) {
+            return;
+        }
+        event.preventDefault();
+        const currentIndex = $firewallTabs.index(this);
+        if (currentIndex < 0) {
+            return;
+        }
+        let nextIndex = currentIndex;
+        if (event.key === 'Home') {
+            nextIndex = 0;
+        } else if (event.key === 'End') {
+            nextIndex = $firewallTabs.length - 1;
+        } else if (event.key === 'ArrowLeft' || event.key === 'ArrowUp') {
+            nextIndex = currentIndex === 0 ? $firewallTabs.length - 1 : currentIndex - 1;
+        } else if (event.key === 'ArrowRight' || event.key === 'ArrowDown') {
+            nextIndex = currentIndex === $firewallTabs.length - 1 ? 0 : currentIndex + 1;
+        }
+        const $nextTab = $firewallTabs.eq(nextIndex);
+        activateTab($nextTab.data('firewallTab'));
+        $nextTab.trigger('focus');
+    });
+    activateTab($firewallTabs.filter('.is-active').first().data('firewallTab') || $firewallTabs.first().data('firewallTab'));
+    loadFirewallData(false);
 });

vulntitan/trunk/assets/js/firewall.min.js

-                      r3469591
+                      r3481425
     const $firewallEnabled = $('#vulntitan-firewall-enabled');
     const $firewallLoginProtection = $('#vulntitan-firewall-login-protection');
+    const $firewallCustomLoginSlug = $('#vulntitan-firewall-custom-login-slug');
+    const $firewallCustomLoginUrl = $('#vulntitan-firewall-custom-login-url');
     const $firewallWafSqliEnabled = $('#vulntitan-firewall-waf-sqli-enabled');
     const $firewallWafCommandEnabled = $('#vulntitan-firewall-waf-command-enabled');
 …
     const $firewallRefresh = $('#vulntitan-firewall-refresh');
     const $firewallClearLogs = $('#vulntitan-firewall-clear-logs');
+    const $firewallTabs = $firewallRoot.find('[data-firewall-tab]');
+    const $firewallTabPanels = $firewallRoot.find('[data-firewall-tab-panel]');
     const i18n = (window.VulnTitan && window.VulnTitan.i18n) ? window.VulnTitan.i18n : {};
     let latestMuLoaderStatus = null;
+    let feedbackTimer = null;
+    let feedbackHideTimer = null;
     function escapeHtml(str) {
 …
+    }
+    function clearFeedbackTimers() {
+        if (feedbackTimer) {
+            window.clearTimeout(feedbackTimer);
+            feedbackTimer = null;
+        }
+        if (feedbackHideTimer) {
+            window.clearTimeout(feedbackHideTimer);
+            feedbackHideTimer = null;
+        }
+    }
+    function dismissFeedback() {
+        clearFeedbackTimers();
+        $firewallFeedback.removeClass('is-visible');
+        feedbackHideTimer = window.setTimeout(function () {
+            $firewallFeedback.hide().empty();
+            feedbackHideTimer = null;
+        }, 180);
+    }
+    function getFeedbackConfig(type) {
+        switch (type) {
+            case 'success':
+                return {
+                    label: i18n.firewall_toast_success || 'Saved',
+                    duration: 3200
+                };
+            case 'warning':
+                return {
+                    label: i18n.firewall_toast_warning || 'Review',
+                    duration: 5200
+                };
+            case 'error':
+                return {
+                    label: i18n.firewall_toast_error || 'Error',
+                    duration: 6200
+                };
+            default:
+                return {
+                    label: i18n.firewall_toast_info || 'Working',
+                    duration: 0
+                };
+        }
+    }
     function setFeedback(type, message) {
         if (!message) {
             $firewallFeedback.hide().empty();
+            dismissFeedback();
             return;
+        }
         const normalizedType = (type === 'success' || type === 'error' || type === 'warning') ? type : 'info';
+        const config = getFeedbackConfig(normalizedType);
+        const liveMode = normalizedType === 'error' ? 'assertive' : 'polite';
+        clearFeedbackTimers();
         $firewallFeedback
+            .html(`<div class="vulntitan-firewall-notice is-${normalizedType}">${escapeHtml(message)}</div>`)
+            .html(`
+                <div class="vulntitan-firewall-toast is-${normalizedType}" role="status" aria-live="${liveMode}">
+                    <span class="vulntitan-firewall-toast-badge">${escapeHtml(config.label)}</span>
+                    <div class="vulntitan-firewall-toast-message">${escapeHtml(message)}</div>
+                    <button type="button" class="vulntitan-firewall-toast-close" data-firewall-toast-close aria-label="${escapeHtml(i18n.firewall_toast_close || 'Dismiss notification')}">x</button>
+                </div>
+            `)
             .show();
+        window.requestAnimationFrame(function () {
+            $firewallFeedback.addClass('is-visible');
+        });
+        if (config.duration > 0) {
+            feedbackTimer = window.setTimeout(function () {
+                dismissFeedback();
+            }, config.duration);
+        }
+    }
 …
+    }
+    function renderLoginAccess(loginAccess) {
+        const data = loginAccess || {};
+        const customUrl = String(data.url || '').trim();
+        if (!customUrl) {
+            $firewallCustomLoginUrl.text(
+                i18n.firewall_custom_login_disabled || 'Custom login URL is disabled. Leave the slug blank to keep the default WordPress login endpoints.'
+            );
+            return;
+        }
+        $firewallCustomLoginUrl.text(customUrl);
+    }
+    function activateTab(tabId) {
+        const normalizedTab = String(tabId || '').trim();
+        if (!normalizedTab) {
+            return;
+        }
+        $firewallTabs.each(function () {
+            const $tab = $(this);
+            const isActive = String($tab.data('firewallTab')) === normalizedTab;
+            $tab
+                .toggleClass('is-active', isActive)
+                .attr('aria-selected', isActive ? 'true' : 'false')
+                .attr('tabindex', isActive ? '0' : '-1');
+        });
+        $firewallTabPanels.each(function () {
+            const $panel = $(this);
+            const isActive = String($panel.data('firewallTabPanel')) === normalizedTab;
+            $panel
+                .toggleClass('is-active', isActive)
+                .prop('hidden', !isActive);
+        });
+    }
     function applySettings(settings) {
         const data = settings || {};
 …
         $firewallEnabled.prop('checked', !!Number(data.enabled || 0));
         $firewallLoginProtection.prop('checked', !!Number(data.login_protection_enabled || 0));
+        $firewallCustomLoginSlug.val(String(data.custom_login_slug || ''));
         $firewallWafSqliEnabled.prop('checked', !!Number(data.waf_sqli_enabled || 0));
         $firewallWafCommandEnabled.prop('checked', !!Number(data.waf_command_injection_enabled || 0));
 …
         $firewallRefresh.prop('disabled', isBusy);
         $firewallClearLogs.prop('disabled', isBusy);
+        $firewallTabs.prop('disabled', isBusy);
         $firewallEnabled.prop('disabled', isBusy);
         $firewallLoginProtection.prop('disabled', isBusy);
+        $firewallCustomLoginSlug.prop('disabled', isBusy);
         $firewallWafSqliEnabled.prop('disabled', isBusy);
         $firewallWafCommandEnabled.prop('disabled', isBusy);
 …
         if (showLoadingNotice) {
             setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+            setFeedback('info', i18n.firewall_refreshing || 'Refreshing firewall data...');
+        }
 …
             latestMuLoaderStatus = payload.mu_loader || null;
             applySettings(payload.settings || {});
+            renderLoginAccess(payload.login_access || {});
             renderOverview(payload.summary || {}, latestMuLoaderStatus || {});
             renderLogs(payload.logs || []);
 …
     function saveSettings() {
         setBusyState(true);
         setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+        setFeedback('info', i18n.firewall_saving || 'Saving firewall settings...');
         $.post(VulnTitan.ajaxUrl, {
 …
             enabled: $firewallEnabled.is(':checked') ? 1 : 0,
             login_protection_enabled: $firewallLoginProtection.is(':checked') ? 1 : 0,
+            custom_login_slug: String($firewallCustomLoginSlug.val() || ''),
             waf_sqli_enabled: $firewallWafSqliEnabled.is(':checked') ? 1 : 0,
             waf_command_injection_enabled: $firewallWafCommandEnabled.is(':checked') ? 1 : 0,
 …
             latestMuLoaderStatus = payload.mu_loader || latestMuLoaderStatus;
             applySettings(payload.settings || {});
+            renderLoginAccess(payload.login_access || {});
             renderOverview(payload.summary || {}, latestMuLoaderStatus || {});
             renderLogs(payload.logs || []);
             const muInstall = payload.mu_loader_install || {};
+            if (payload.notice) {
+                setFeedback('warning', payload.notice);
+                return;
+            }
             if (muInstall.success === false && muInstall.error) {
                 setFeedback('warning', muInstall.error);
 …
         setBusyState(true);
         setFeedback('info', i18n.firewall_loading || 'Loading firewall data...');
+        setFeedback('info', i18n.firewall_clearing || 'Clearing firewall logs...');
         $.post(VulnTitan.ajaxUrl, {
 …
     });
+    loadFirewallData(true);
+    $firewallFeedback.off('click', '[data-firewall-toast-close]').on('click', '[data-firewall-toast-close]', function () {
+        dismissFeedback();
+    });
+    $firewallTabs.off('click').on('click', function () {
+        activateTab($(this).data('firewallTab'));
+    });
+    $firewallTabs.off('keydown').on('keydown', function (event) {
+        const keys = ['ArrowLeft', 'ArrowRight', 'ArrowUp', 'ArrowDown', 'Home', 'End'];
+        if (keys.indexOf(event.key) === -1) {
+            return;
+        }
+        event.preventDefault();
+        const currentIndex = $firewallTabs.index(this);
+        if (currentIndex < 0) {
+            return;
+        }
+        let nextIndex = currentIndex;
+        if (event.key === 'Home') {
+            nextIndex = 0;
+        } else if (event.key === 'End') {
+            nextIndex = $firewallTabs.length - 1;
+        } else if (event.key === 'ArrowLeft' || event.key === 'ArrowUp') {
+            nextIndex = currentIndex === 0 ? $firewallTabs.length - 1 : currentIndex - 1;
+        } else if (event.key === 'ArrowRight' || event.key === 'ArrowDown') {
+            nextIndex = currentIndex === $firewallTabs.length - 1 ? 0 : currentIndex + 1;
+        }
+        const $nextTab = $firewallTabs.eq(nextIndex);
+        activateTab($nextTab.data('firewallTab'));
+        $nextTab.trigger('focus');
+    });
+    activateTab($firewallTabs.filter('.is-active').first().data('firewallTab') || $firewallTabs.first().data('firewallTab'));
+    loadFirewallData(false);
 });

vulntitan/trunk/includes/Admin/Admin.php

r3479599	r3481425
118	118	'firewall_mu_inactive' => esc_html__('MU loader inactive', 'vulntitan'),
119	119	'firewall_no_logs' => esc_html__('No firewall events recorded yet.', 'vulntitan'),
	120	'firewall_custom_login_disabled' => esc_html__('Custom login URL is disabled. Leave the slug blank to keep the default WordPress login endpoints.', 'vulntitan'),
120	121	'firewall_event_unknown' => esc_html__('Unknown event', 'vulntitan'),
121	122	'firewall_event_login_failed' => esc_html__('Login failed', 'vulntitan'),

vulntitan/trunk/includes/Admin/Ajax.php

-                      r3479541
+                      r3481425
             'summary' => FirewallService::getSummary(24),
             'logs' => FirewallService::getRecentLogs(80),
+            'login_access' => FirewallService::getLoginAccessData(),
             'mu_loader' => FirewallService::getMuLoaderStatus(),
         ]);
 …
             wp_send_json_error(['message' => esc_html__('Insufficient permissions.', 'vulntitan')], 403);
+        }
+        $customLoginValidation = FirewallService::validateCustomLoginSlug(
+            isset($_POST['custom_login_slug']) ? (string) wp_unslash($_POST['custom_login_slug']) : ''
+        );
         $input = [
             'enabled' => isset($_POST['enabled']) ? (int) wp_unslash($_POST['enabled']) : 1,
             'login_protection_enabled' => isset($_POST['login_protection_enabled']) ? (int) wp_unslash($_POST['login_protection_enabled']) : 1,
+            'custom_login_slug' => $customLoginValidation['slug'],
             'waf_sqli_enabled' => isset($_POST['waf_sqli_enabled']) ? (int) wp_unslash($_POST['waf_sqli_enabled']) : 1,
             'waf_command_injection_enabled' => isset($_POST['waf_command_injection_enabled']) ? (int) wp_unslash($_POST['waf_command_injection_enabled']) : 1,
 …
         $settings = FirewallService::saveSettings($input);
         $muLoaderResult = FirewallService::installMuLoader();
+        $notice = '';
+        if (($customLoginValidation['error'] ?? '') === 'invalid') {
+            $notice = esc_html__('Custom login slug was not saved because it is invalid or reserved.', 'vulntitan');
+        } elseif (($customLoginValidation['error'] ?? '') === 'conflict') {
+            $notice = esc_html__('Custom login slug was not saved because that path is already used by existing WordPress content.', 'vulntitan');
+        }
         wp_send_json_success([
 …
             'summary' => FirewallService::getSummary(24),
             'logs' => FirewallService::getRecentLogs(80),
+            'login_access' => FirewallService::getLoginAccessData(),
             'mu_loader' => FirewallService::getMuLoaderStatus(),
             'mu_loader_install' => $muLoaderResult,
+            'notice' => $notice,
         ]);
+    }

vulntitan/trunk/includes/Admin/Pages/Firewall.php

-                      r3479599
+                      r3481425
                                 <div class="vulntitan-firewall-form">
+                                    <div class="vulntitan-firewall-section">
+                                        <div class="vulntitan-firewall-section-title"><?php esc_html_e('Core Protection', 'vulntitan'); ?></div>
+                                        <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Master switches for the firewall runtime and login shield.', 'vulntitan'); ?></div>
+                                        <label class="vulntitan-firewall-toggle">
+                                            <input type="checkbox" id="vulntitan-firewall-enabled" class="vulntitan-firewall-checkbox" checked>
+                                            <span><?php esc_html_e('Enable Firewall', 'vulntitan'); ?></span>
+                                        </label>
+                                        <label class="vulntitan-firewall-toggle">
+                                            <input type="checkbox" id="vulntitan-firewall-login-protection" class="vulntitan-firewall-checkbox" checked>
+                                            <span><?php esc_html_e('Enable Login Protection', 'vulntitan'); ?></span>
+                                        </label>
+                                    </div>
+                                    <div class="vulntitan-firewall-section">
+                                        <div class="vulntitan-firewall-section-title"><?php esc_html_e('WAF Payload Protection', 'vulntitan'); ?></div>
+                                        <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Inspect request parameters for common SQL injection and command injection payloads.', 'vulntitan'); ?></div>
+                                        <label class="vulntitan-firewall-toggle">
+                                            <input type="checkbox" id="vulntitan-firewall-waf-sqli-enabled" class="vulntitan-firewall-checkbox" checked>
+                                            <span><?php esc_html_e('Enable SQL Injection Rule Set', 'vulntitan'); ?></span>
+                                        </label>
+                                        <label class="vulntitan-firewall-toggle">
+                                            <input type="checkbox" id="vulntitan-firewall-waf-command-enabled" class="vulntitan-firewall-checkbox" checked>
+                                            <span><?php esc_html_e('Enable Command Injection Rule Set', 'vulntitan'); ?></span>
+                                        </label>
+                                        <label class="vulntitan-firewall-field">
+                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('WAF Whitelist (Path patterns)', 'vulntitan'); ?></span>
+                                            <textarea id="vulntitan-firewall-waf-whitelist-paths" class="vulntitan-firewall-input vulntitan-firewall-textarea" rows="5" placeholder="/wp-json/my-plugin/*&#10;/custom-safe-endpoint"></textarea>
+                                            <small class="vulntitan-firewall-field-help"><?php esc_html_e('One pattern per line. Use * wildcard only when needed. Whitelist applies to SQLi/Command rules, not traversal/sensitive-file blocks.', 'vulntitan'); ?></small>
+                                        </label>
+                                    </div>
+                                    <div class="vulntitan-firewall-section">
+                                        <div class="vulntitan-firewall-section-title"><?php esc_html_e('Login Lockout Policy', 'vulntitan'); ?></div>
+                                        <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Tighten brute force resilience with adaptive limits and retention.', 'vulntitan'); ?></div>
+                                        <label class="vulntitan-firewall-field">
+                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Max failed attempts', 'vulntitan'); ?></span>
+                                            <input type="number" id="vulntitan-firewall-max-attempts" class="vulntitan-firewall-input" min="2" max="20" value="5">
+                                        </label>
+                                        <label class="vulntitan-firewall-field">
+                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Lockout duration (minutes)', 'vulntitan'); ?></span>
+                                            <input type="number" id="vulntitan-firewall-lockout-minutes" class="vulntitan-firewall-input" min="5" max="240" value="15">
+                                        </label>
+                                        <label class="vulntitan-firewall-field">
+                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Log retention (days)', 'vulntitan'); ?></span>
+                                            <input type="number" id="vulntitan-firewall-log-retention" class="vulntitan-firewall-input" min="1" max="365" value="30">
+                                        </label>
+                                    <div class="vulntitan-firewall-workspace">
+                                        <div class="vulntitan-firewall-tabs" role="tablist" aria-label="<?php esc_attr_e('Firewall setting groups', 'vulntitan'); ?>">
+                                            <button
+                                                type="button"
+                                                class="vulntitan-firewall-tab is-active"
+                                                id="vulntitan-firewall-tab-access"
+                                                data-firewall-tab="access"
+                                                role="tab"
+                                                aria-selected="true"
+                                                aria-controls="vulntitan-firewall-panel-access"
+                                            >
+                                                <span class="vulntitan-firewall-tab-title"><?php esc_html_e('Access Shield', 'vulntitan'); ?></span>
+                                                <span class="vulntitan-firewall-tab-desc"><?php esc_html_e('Runtime, login gate, and hidden entry path.', 'vulntitan'); ?></span>
+                                            </button>
+                                            <button
+                                                type="button"
+                                                class="vulntitan-firewall-tab"
+                                                id="vulntitan-firewall-tab-waf"
+                                                data-firewall-tab="waf"
+                                                role="tab"
+                                                aria-selected="false"
+                                                aria-controls="vulntitan-firewall-panel-waf"
+                                                tabindex="-1"
+                                            >
+                                                <span class="vulntitan-firewall-tab-title"><?php esc_html_e('WAF Rules', 'vulntitan'); ?></span>
+                                                <span class="vulntitan-firewall-tab-desc"><?php esc_html_e('Payload inspection and safe route exceptions.', 'vulntitan'); ?></span>
+                                            </button>
+                                            <button
+                                                type="button"
+                                                class="vulntitan-firewall-tab"
+                                                id="vulntitan-firewall-tab-lockouts"
+                                                data-firewall-tab="lockouts"
+                                                role="tab"
+                                                aria-selected="false"
+                                                aria-controls="vulntitan-firewall-panel-lockouts"
+                                                tabindex="-1"
+                                            >
+                                                <span class="vulntitan-firewall-tab-title"><?php esc_html_e('Lockouts & Logs', 'vulntitan'); ?></span>
+                                                <span class="vulntitan-firewall-tab-desc"><?php esc_html_e('Brute-force thresholds, lock windows, and retention.', 'vulntitan'); ?></span>
+                                            </button>
+                                        </div>
+                                        <div class="vulntitan-firewall-tab-panels">
+                                            <section
+                                                class="vulntitan-firewall-tab-panel is-active"
+                                                id="vulntitan-firewall-panel-access"
+                                                data-firewall-tab-panel="access"
+                                                role="tabpanel"
+                                                aria-labelledby="vulntitan-firewall-tab-access"
+                                            >
+                                                <div class="vulntitan-firewall-tab-panel-head">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Access Shield', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Control the live firewall runtime and hide the default WordPress login endpoints behind a custom entry path.', 'vulntitan'); ?></div>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Core Protection', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Master switches for the firewall runtime and login shield.', 'vulntitan'); ?></div>
+                                                    <label class="vulntitan-firewall-toggle">
+                                                        <input type="checkbox" id="vulntitan-firewall-enabled" class="vulntitan-firewall-checkbox" checked>
+                                                        <span><?php esc_html_e('Enable Firewall', 'vulntitan'); ?></span>
+                                                    </label>
+                                                    <label class="vulntitan-firewall-toggle">
+                                                        <input type="checkbox" id="vulntitan-firewall-login-protection" class="vulntitan-firewall-checkbox" checked>
+                                                        <span><?php esc_html_e('Enable Login Protection', 'vulntitan'); ?></span>
+                                                    </label>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Hidden Login Route', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Replace the public login path with a private slug known only to administrators.', 'vulntitan'); ?></div>
+                                                    <label class="vulntitan-firewall-field">
+                                                        <span class="vulntitan-firewall-field-label"><?php esc_html_e('Custom Login Slug', 'vulntitan'); ?></span>
+                                                        <input type="text" id="vulntitan-firewall-custom-login-slug" class="vulntitan-firewall-input" placeholder="secure-portal" autocomplete="off" spellcheck="false">
+                                                        <small class="vulntitan-firewall-field-help"><?php esc_html_e('Leave blank to keep the default WordPress login URLs. When set, logged-out visitors hitting wp-login.php or wp-admin will receive a 404 instead of the login screen.', 'vulntitan'); ?></small>
+                                                        <small class="vulntitan-firewall-field-help"><?php esc_html_e('Use a unique slug that is not already used by an existing page.', 'vulntitan'); ?></small>
+                                                        <small class="vulntitan-firewall-field-help">
+                                                            <?php esc_html_e('Active login URL:', 'vulntitan'); ?>
+                                                            <code id="vulntitan-firewall-custom-login-url" class="vulntitan-firewall-runtime-path"><?php esc_html_e('Disabled', 'vulntitan'); ?></code>
+                                                        </small>
+                                                    </label>
+                                                </div>
+                                            </section>
+                                            <section
+                                                class="vulntitan-firewall-tab-panel"
+                                                id="vulntitan-firewall-panel-waf"
+                                                data-firewall-tab-panel="waf"
+                                                role="tabpanel"
+                                                aria-labelledby="vulntitan-firewall-tab-waf"
+                                                hidden
+                                            >
+                                                <div class="vulntitan-firewall-tab-panel-head">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('WAF Rules', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Tune payload inspection so risky requests are blocked early while known-safe paths stay operational.', 'vulntitan'); ?></div>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Payload Protection', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Inspect request parameters for common SQL injection and command injection payloads.', 'vulntitan'); ?></div>
+                                                    <label class="vulntitan-firewall-toggle">
+                                                        <input type="checkbox" id="vulntitan-firewall-waf-sqli-enabled" class="vulntitan-firewall-checkbox" checked>
+                                                        <span><?php esc_html_e('Enable SQL Injection Rule Set', 'vulntitan'); ?></span>
+                                                    </label>
+                                                    <label class="vulntitan-firewall-toggle">
+                                                        <input type="checkbox" id="vulntitan-firewall-waf-command-enabled" class="vulntitan-firewall-checkbox" checked>
+                                                        <span><?php esc_html_e('Enable Command Injection Rule Set', 'vulntitan'); ?></span>
+                                                    </label>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Trusted Exceptions', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Whitelist routes that should bypass payload rules, without weakening traversal or sensitive-file protection.', 'vulntitan'); ?></div>
+                                                    <label class="vulntitan-firewall-field">
+                                                        <span class="vulntitan-firewall-field-label"><?php esc_html_e('WAF Whitelist (Path patterns)', 'vulntitan'); ?></span>
+                                                        <textarea id="vulntitan-firewall-waf-whitelist-paths" class="vulntitan-firewall-input vulntitan-firewall-textarea" rows="5" placeholder="/wp-json/my-plugin/*&#10;/custom-safe-endpoint"></textarea>
+                                                        <small class="vulntitan-firewall-field-help"><?php esc_html_e('One pattern per line. Use * wildcard only when needed. Whitelist applies to SQLi/Command rules, not traversal/sensitive-file blocks.', 'vulntitan'); ?></small>
+                                                    </label>
+                                                </div>
+                                            </section>
+                                            <section
+                                                class="vulntitan-firewall-tab-panel"
+                                                id="vulntitan-firewall-panel-lockouts"
+                                                data-firewall-tab-panel="lockouts"
+                                                role="tabpanel"
+                                                aria-labelledby="vulntitan-firewall-tab-lockouts"
+                                                hidden
+                                            >
+                                                <div class="vulntitan-firewall-tab-panel-head">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Lockouts & Logs', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Set aggressive but safe thresholds for failed logins and determine how long firewall intelligence stays available in the log store.', 'vulntitan'); ?></div>
+                                                </div>
+                                                <div class="vulntitan-firewall-section">
+                                                    <div class="vulntitan-firewall-section-title"><?php esc_html_e('Login Lockout Policy', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-section-desc"><?php esc_html_e('Tighten brute force resilience with adaptive limits and retention.', 'vulntitan'); ?></div>
+                                                    <div class="vulntitan-firewall-field-grid">
+                                                        <label class="vulntitan-firewall-field">
+                                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Max failed attempts', 'vulntitan'); ?></span>
+                                                            <input type="number" id="vulntitan-firewall-max-attempts" class="vulntitan-firewall-input" min="2" max="20" value="5">
+                                                        </label>
+                                                        <label class="vulntitan-firewall-field">
+                                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Lockout duration (minutes)', 'vulntitan'); ?></span>
+                                                            <input type="number" id="vulntitan-firewall-lockout-minutes" class="vulntitan-firewall-input" min="5" max="240" value="15">
+                                                        </label>
+                                                        <label class="vulntitan-firewall-field">
+                                                            <span class="vulntitan-firewall-field-label"><?php esc_html_e('Log retention (days)', 'vulntitan'); ?></span>
+                                                            <input type="number" id="vulntitan-firewall-log-retention" class="vulntitan-firewall-input" min="1" max="365" value="30">
+                                                        </label>
+                                                    </div>
+                                                </div>
+                                            </section>
+                                        </div>
                                     </div>
                                 </div>

vulntitan/trunk/includes/Plugin.php

-                      r3469591
+                      r3481425
 use VulnTitan\Admin\Admin;
 use VulnTitan\Services\FirewallService;
+use VulnTitan\Services\LoginAccessService;
 class Plugin {
 …
         $this->ensure_firewall_components();
         $this->register_scheduled_events();
+        LoginAccessService::boot();
         $this->admin = new Admin();
         $this->admin->init();

vulntitan/trunk/includes/Services/FirewallService.php

-                      r3469591
+                      r3481425
             'enabled' => 1,
             'login_protection_enabled' => 1,
+            'custom_login_slug' => '',
             'waf_sqli_enabled' => 1,
             'waf_command_injection_enabled' => 1,
 …
         return $normalized;
+    }
+    public static function getCustomLoginSlug(): string
+    {
+        $settings = self::getSettings();
+        return (string) ($settings['custom_login_slug'] ?? '');
+    }
+    public static function isCustomLoginEnabled(): bool
+    {
+        return self::getCustomLoginSlug() !== '';
+    }
+    public static function getCustomLoginUrl(array $queryArgs = [], string $scheme = 'login'): string
+    {
+        $slug = self::getCustomLoginSlug();
+        if ($slug === '') {
+            return '';
+        }
+        $url = home_url('/' . user_trailingslashit($slug), $scheme);
+        if ($queryArgs) {
+            $url = add_query_arg($queryArgs, $url);
+        }
+        return $url;
+    }
+    public static function getLoginAccessData(): array
+    {
+        $slug = self::getCustomLoginSlug();
+        return [
+            'enabled' => $slug !== '',
+            'slug' => $slug,
+            'url' => $slug !== '' ? self::getCustomLoginUrl() : '',
+        ];
+    }
+    public static function validateCustomLoginSlug($input): array
+    {
+        $raw = is_scalar($input) ? trim((string) $input) : '';
+        $slug = self::sanitizeCustomLoginSlug($input);
+        if ($raw !== '' && $slug === '') {
+            return [
+                'slug' => '',
+                'error' => 'invalid',
+            ];
+        }
+        if ($slug !== '' && self::customLoginSlugConflicts($slug)) {
+            return [
+                'slug' => '',
+                'error' => 'conflict',
+            ];
+        }
+        return [
+            'slug' => $slug,
+            'error' => '',
+        ];
+    }
 …
             'enabled' => !empty($settings['enabled']) ? 1 : 0,
             'login_protection_enabled' => !empty($settings['login_protection_enabled']) ? 1 : 0,
+            'custom_login_slug' => self::sanitizeCustomLoginSlug($settings['custom_login_slug'] ?? $defaults['custom_login_slug']),
             'waf_sqli_enabled' => !empty($settings['waf_sqli_enabled']) ? 1 : 0,
             'waf_command_injection_enabled' => !empty($settings['waf_command_injection_enabled']) ? 1 : 0,
 …
+    }
+    public static function sanitizeCustomLoginSlug($input): string
+    {
+        if (!is_scalar($input)) {
+            return '';
+        }
+        $value = trim((string) $input);
+        if ($value === '') {
+            return '';
+        }
+        $value = preg_replace('/[\?#].*$/', '', $value);
+        $value = str_replace('\\', '/', (string) $value);
+        $value = preg_replace('#/+#', '/', (string) $value);
+        $value = trim((string) $value, "/ \t\n\r\0\x0B.");
+        if ($value === '') {
+            return '';
+        }
+        $segments = explode('/', $value);
+        $normalized = [];
+        foreach ($segments as $segment) {
+            $segment = sanitize_title_with_dashes((string) $segment, '', 'save');
+            $segment = trim($segment, '-');
+            if ($segment === '') {
+                continue;
+            }
+            $normalized[] = substr($segment, 0, 40);
+            if (count($normalized) >= 4) {
+                break;
+            }
+        }
+        if (!$normalized) {
+            return '';
+        }
+        $slug = implode('/', $normalized);
+        $slug = substr($slug, 0, 90);
+        $slug = trim($slug, '/');
+        if ($slug === '') {
+            return '';
+        }
+        $reservedPaths = [
+            'admin',
+            'admin-ajax.php',
+            'admin-post.php',
+            'feed',
+            'index.php',
+            'login',
+            'robots.txt',
+            'sitemap.xml',
+            'wp-admin',
+            'wp-json',
+            'wp-login',
+            'wp-login.php',
+            'xmlrpc.php',
+        ];
+        if (in_array($slug, $reservedPaths, true)) {
+            return '';
+        }
+        if (preg_match('#(^|/)(?:wp-admin|wp-login(?:\.php)?|wp-json|xmlrpc(?:\.php)?|admin-ajax(?:\.php)?|admin-post(?:\.php)?)(/|$)#', $slug)) {
+            return '';
+        }
+        return $slug;
+    }
     protected static function sanitizeWhitelistPaths($input): array
+    {
 …
         return array_keys($normalized);
+    }
+    protected static function customLoginSlugConflicts(string $slug): bool
+    {
+        if ($slug === '') {
+            return false;
+        }
+        if (function_exists('url_to_postid')) {
+            $postId = url_to_postid(home_url('/' . user_trailingslashit($slug)));
+            if ($postId > 0) {
+                return true;
+            }
+        }
+        if (function_exists('get_page_by_path')) {
+            $page = get_page_by_path($slug, OBJECT, ['page']);
+            if ($page instanceof \WP_Post) {
+                return true;
+            }
+        }
+        return false;
+    }

vulntitan/trunk/readme.txt

-                      r3480442
+                      r3481425
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 2.0.5
+Stable tag: 2.0.6
 License: GPLv2
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 Instantly scan your WordPress site for malware infections and known vulnerabilities, review detailed results, and clean or remove malware safely using a guided fix workflow with automatic backups.
 Unlike heavy security suites, VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, and essential firewall protection — without unnecessary bloat.
+Unlike heavy security suites, VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, essential firewall protection, and hidden custom login access — without unnecessary bloat.
 = Malware Scanner =
 …
 = Firewall & Login Protection =
 VulnTitan includes lightweight firewall and WAF protection to block common attack patterns.
+VulnTitan includes lightweight firewall and WAF protection to block common attack patterns and protect the WordPress login surface.
 - Early MU-plugin runtime request guards
 …
 - Endpoint whitelisting controls
 - Login lockout protection against brute-force attacks
+- Configurable custom login slug so administrators can use a private login URL instead of the default `wp-login.php`
+- Default `wp-login.php` and guest `wp-admin` access can be hidden behind a `404` response when custom login is enabled
 = Security-First Architecture =
 …
 . Firewall and WAF protection settings panel.
 . Vulnerability scan progress bar.
+. Firewall hidden custom login configuration and activity overview.
+. When custom login url is set and user goes to wp-login.php or wp-admin route.
 == Installation ==
 …
 == Changelog ==
+= v2.0.6 - 12 Mar, 2026 =
+* Added configurable custom login slug support so administrators can use a private login URL instead of the default `wp-login.php` path.
+* Hidden direct guest access to default `wp-login.php` and `wp-admin` entry points when custom login protection is enabled.
+* Reworked the Firewall page with a tabbed settings layout, a wider recent events section, and toast-style action feedback.
 = v2.0.4 - 10 Mar, 2026 =
 * Redesigned the VulnTitan Dashboard into an elite, professional security command center layout.

vulntitan/trunk/vulntitan.php

-                      r3480442
+                      r3481425
  * Plugin URI: https://vulntitan.com/vulntitan/
  * Description: VulnTitan is a lightweight WordPress security plugin with vulnerability scanning, malware detection, file integrity monitoring, and a built-in firewall with WAF payload rules and login protection.
  * Version: 2.0.5
+ * Version: 2.0.6
  * Author: Jaroslav Svetlik
  * Author URI: https://vulntitan.com
 …
 // Define plugin constants
 define('VULNTITAN_PLUGIN_VERSION', VULNTITAN_DEVELOPMENT ? uniqid() : '2.0.5');
+define('VULNTITAN_PLUGIN_VERSION', VULNTITAN_DEVELOPMENT ? uniqid() : '2.0.6');
 define('VULNTITAN_PLUGIN_BASENAME', plugin_basename(__FILE__));
 define('VULNTITAN_PLUGIN_DIR', untrailingslashit(plugin_dir_path(__FILE__)));

Plugin Directory

Context Navigation

Legend:

vulntitan/tags/2.0.6/CHANGELOG.md

vulntitan/tags/2.0.6/assets/css/admin.css

vulntitan/tags/2.0.6/assets/css/admin.min.css

vulntitan/tags/2.0.6/assets/js/firewall.js

vulntitan/tags/2.0.6/assets/js/firewall.min.js

vulntitan/tags/2.0.6/includes/Admin/Admin.php

vulntitan/tags/2.0.6/includes/Admin/Ajax.php

vulntitan/tags/2.0.6/includes/Admin/Pages/Firewall.php

vulntitan/tags/2.0.6/includes/Plugin.php

vulntitan/tags/2.0.6/includes/Services/FirewallService.php

vulntitan/tags/2.0.6/readme.txt

vulntitan/tags/2.0.6/vulntitan.php

vulntitan/trunk/CHANGELOG.md

vulntitan/trunk/assets/css/admin.css

vulntitan/trunk/assets/css/admin.min.css

vulntitan/trunk/assets/js/firewall.js

vulntitan/trunk/assets/js/firewall.min.js

vulntitan/trunk/includes/Admin/Admin.php

vulntitan/trunk/includes/Admin/Ajax.php

vulntitan/trunk/includes/Admin/Pages/Firewall.php

vulntitan/trunk/includes/Plugin.php

vulntitan/trunk/includes/Services/FirewallService.php

vulntitan/trunk/readme.txt

vulntitan/trunk/vulntitan.php

Download in other formats: