Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
With this plugin you can change wp-login.php to anything you want. The default is example.com/login/, and you can change this under Settings › Permalinks › Login. Please bookmark or remember your login url, accessing wp-login.php or wp-admin will return a 404 not found status.
Requires WordPress 3.7 or higher. The registration form, lost password form, login widget and expired sessions will keep working.
Compatible with plugins like:
It does’t work with plugins that hardcoded wp-login.php, obviously. You also must have pretty, or almost pretty, permalinks enabled.
If you’re using a page caching plugin like W3 Total Cache or WP Super Cache, add the word you renamed wp-login.php to (e.g. login) to the list of pages not to cache.
This plugin is not yet tested on installs that force SSL or use the multisite feature. I would appreciate any help with testing this.
Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. wp-login.php, and wp-admin if not logged in, will return a 404 not found status.
While you could use this plugin to prevent a lot of brute force attacks, it does not mean you don’t need a strong password. Read this codex article for more information on how to protect your website.
If you want to keep your login url secret, you should make sure there aren’t any links pointing to it on your website.
This plugin has a mirror on GitHub.
Requires: 3.7 or higher
Compatible up to: 3.7.1
Last Updated: 2013-11-15
12 of 20 support threads in the last two months have been resolved.
Got something to say? Need help?