Block WP Login <= 1.3.0 - CSRF and Unauthorised Settings Update

Lack of CSRF and authorisation checks in the bwplconfigureslug function registered as an admininit action could allow attacker via CSRF, or unauthenticated using the admin-ajax.php to change the plugin settings located at /wp-admin/options-permalink.php and disable the protection offered. v1.3.1...