PowerPlus — All-in-One Powerful Toolkit

Description

PowerPlus helps you create branded WordPress login, register, lost-password and reset-password pages — without replacing WordPress authentication. Default WordPress login pages are plain, limited and off-brand; PowerPlus gives you a working, customizable login experience in a few guided steps, then lets you refine the design with built-in styling or Elementor widgets.

Customize forms, fields, buttons, typography, spacing, colors, messages and layouts from one clean dashboard — while WordPress-native login, registration, password reset and security hooks keep working exactly as they should.

Overview

PowerPlus is built around one hero feature — the Custom Auth Builder — with four supporting utility modules:

Main module

• Custom Auth Builder — Branded login, register, lost-password and reset-password pages on native WordPress auth. Custom login URL, redirects, CAPTCHA, WooCommerce compatibility, and Elementor design support.

Utility modules

• Duplicate Content — Duplicate posts, pages, products and custom post types, preserving meta and Elementor data.
• SVG Upload Control — Allow SVG uploads with server-side sanitization, role permissions and scan logs.
• Privacy Hardening (Ghost Mode) — Reduce common WordPress fingerprints with configurable source/API controls and safe defaults.
• Classic Editor Control — Disable the block editor per post type, with user preferences.

Who is this for?

• Agencies building client sites that need branded auth pages
• Business owners who want a professional login experience
• Developers who want full control without writing custom CSS

How it works

1. Install and activate the plugin
2. A guided setup wizard welcomes you — choose which modules to enable, or skip and configure later
3. Enabling Login Customization creates working Login, Register, Lost Password and Reset Password pages on native WordPress auth — no manual setup
4. Customize the design with the built-in styling controls, or open a page in Elementor to drag in the PowerPlus widgets
5. Set a custom (hidden) login URL and review everything from one dashboard

Included Widgets

• Login Form — Username/email, password, remember me, show/hide password toggle
• Register Form — Configurable fields, terms checkbox, WooCommerce compatible
• Lost Password — Triggers WordPress native password reset flow
• Reset Password — Styled confirmation page after email link click
• Auth Logo — Displays site logo with full sizing controls
• Auth Message — Displays WordPress login errors and success notices with custom styling
• Social Login — Google and Facebook login buttons (requires Nextend Social Login)
• Auth Tabs — Switch between login and register on a single page
• CAPTCHA — Google reCAPTCHA v2/v3 and hCaptcha support
• Divider with Text — Styled OR divider between form sections
• Terms and Privacy — Configurable legal links below register form
• Redirect Timer — Countdown before automatic redirect after login

Styling Controls

Every widget includes the same styling controls you find in native Elementor widgets:

• Typography — font family, size, weight, line height, letter spacing
• Colors — text, background, border, placeholder, icon
• Borders — type, width, color, radius per corner
• Box shadows and text shadows
• Spacing — padding and margin with responsive breakpoints
• Responsive controls — desktop, tablet, and mobile breakpoints for every dimension
• Normal, Hover, Focus, and Error state tabs for fields and buttons
• Entrance animations via Elementor’s animation system

Security

• All form submissions use WordPress nonces
• Rate limiting on login and lost password actions
• No data sent externally unless optional CAPTCHA integrations are enabled
• Passwords never logged
• Compatible with two-factor authentication plugins
• CAPTCHA support via Google reCAPTCHA and hCaptcha

Compatibility

• Works with Elementor Free (Elementor Pro not required)
• WooCommerce compatible login and register flows
• Works alongside Wordfence, iThemes Security, and other security plugins
• Compatible with WPML and Polylang for multilingual sites
• Compatible with popular caching plugins including WP Rocket and W3 Total Cache
• Multisite compatible

Privacy

PowerPlus stores only plugin settings on your WordPress installation and runs no analytics or tracking. The only data sent externally is when you enable optional CAPTCHA (Google reCAPTCHA or hCaptcha), which transmits a verification token to that service. See the External Services section for details.

Documentation and Support

• Author website: https://saddamhussain.com.np
• Support: https://inceptastudio.com/

External Services

This plugin optionally connects to third-party external services when you enable CAPTCHA support. These connections are only made when CAPTCHA is explicitly enabled in the plugin settings.

Google reCAPTCHA

When Google reCAPTCHA (v2 or v3) is enabled, this plugin sends the CAPTCHA response token submitted by the user to Google’s verification API to confirm the user is not a bot.

• What data is sent: The CAPTCHA token generated by the user’s browser and your reCAPTCHA secret key.
• When it is sent: Only during login, registration, or lost password form submissions when reCAPTCHA is enabled.
• Service provider: Google LLC
• API endpoint: https://www.google.com/recaptcha/api/siteverify
• Terms of Service: https://policies.google.com/terms
• Privacy Policy: https://policies.google.com/privacy

hCaptcha

When hCaptcha is enabled, this plugin sends the CAPTCHA response token submitted by the user to hCaptcha’s verification API.

• What data is sent: The CAPTCHA token generated by the user’s browser and your hCaptcha secret key.
• When it is sent: Only during login, registration, or lost password form submissions when hCaptcha is enabled.
• Service provider: Intuition Machines, Inc.
• API endpoint: https://hcaptcha.com/siteverify
• Terms of Service: https://www.hcaptcha.com/terms
• Privacy Policy: https://www.hcaptcha.com/privacy

No data is sent to any external service if CAPTCHA is set to “None” (the default).

Privacy Policy

PowerPlus stores plugin data locally on your site and does not run analytics or tracking. The only data transmitted externally is an optional CAPTCHA verification token, sent to Google reCAPTCHA or hCaptcha only when you enable that feature (see External Services).

Data stored locally on your site:

• Plugin settings (stored in the wp_options table under the pkwt_settings key, plus per-module keys pkwt_dpp_settings, pkwt_dpp_svg_settings, pkwt_dpp_ghost_settings and pkwt_dpp_classic_settings). Sites upgraded from the plugin’s earlier “CLE/PowerKit” releases may retain legacy cle_* keys, which are migration leftovers and are cleaned up on uninstall.
• Custom page IDs created by the plugin (stored in wp_options)
• Login attempt counters for rate limiting (stored as temporary WordPress transients, auto-deleted after the lockout period)

Data NOT collected:

• No user data is sent to the plugin author or any third party
• No analytics or tracking of any kind
• No external API calls except for CAPTCHA verification if you enable reCAPTCHA or hCaptcha (in which case Google or Intuition Machines receive the CAPTCHA token — see their respective privacy policies)

On plugin uninstall:

All plugin data including settings, custom pages, and transients are permanently deleted from your database.