First off, great plugin!
A simple enhancement request for the ‘Hide backend’ feature:
Could there be an option or a filter for the 404 rewrite? Yesterday, one of our sites got to taste a botnet brutforce attack. Login limits didn’t really help since the IP changed constantly. I then remembered the hide feature and managed to activate it, which resulted in a bunch of 404’s for a while instead. This is better of course, but it still fires up a new WP instance everytime, hogging resources.
Currently, the rule looks something like RewriteRule ^.*wp-admin/?|^.*wp-login\.php /wp-test/not_found [R,L]. Being able to throw a forbidden instead, RewriteRule ^.*wp-admin/?|^.*wp-login\.php - [F,L], would be great.
