WordPress.org

Ready to get started?Download WordPress

Forums

WP htaccess Control
Hide/redirect wp login page (7 posts)

  1. dzulfriday
    Member
    Posted 2 years ago #

    How can i do this:

    Whenever visitors open the login page (wp-login.php), they will be redirected to the mainpage. Only the admin (me) can view the page to login.

    I am doing this to protect my wp sites. Is there any better way to protect WP login page?

    http://wordpress.org/extend/plugins/wp-htaccess-control/

  2. Antonio
    Member
    Posted 2 years ago #

    Hi,

    Are you doing this at the moment and how?

    I may add this as a feature, which could be done in a couple of different ways:

    • locking the IPs to which the login page shall be available, if they all are static IPs
    • if they're dynamic IPs, we could maybe manually add a header to the request or a cookie (using browser add-ons).
  3. checkers1811
    Member
    Posted 2 years ago #

    There are two plugins that will work for this.

    Redirect plugin.
    S2Member plugin.

    I have tried them both and like the results.

    Use redirect to push everyone who goes to wp-login.php to your main domain.

    Use S2Member to get a lot more features, such as hidden pages when they are not logged in and up to four levels of user access. They advertise it for paid membership sites, but you do not have to implement S2Member in that way.

    I use them at etweek.com, so you can check both of them out there.

    I only allow login through a page that I created with WordPress.

  4. checkers1811
    Member
    Posted 2 years ago #

    Be careful with redirect. If you get into a place where you cannot login into your WP blog, then you will have to go through PHPmyAdmin to delete the redirect record in order to recover.

    In previous versions of WordPress I changed the wp-login.php file to redirect to the main page where I had an AJAX login widget. I have not been able to do that with recent versions, though I believe it is a good answer.

    There may be other plugins that you can use to get the same results.

  5. bren
    Member
    Posted 2 years ago #

    Hi,

    I'm looking for this kind of functionality in a plugin too.
    (avoiding having to edit htaccess is nice)

    As the original OP asked, I'd like that anybody who tries to access /wp-login.php?...
    will be forced to
    /members-area/
    which has my own front end login.

    All the other plugins just turn wp-login.php into a pretty url such as /login/
    So I guess a simple pretty rename, one entry per line separated by "|" would be nice.
    Something like
    wp-login.php|user-login/

    Other simple but must have things that could be added to this script are
    Allow Ajax use of the admin folder even when logged out (that's where it lives and some plugin writers who use Ajax expect the user to be logged in whereas others allow for those not yet logged in)
    and
    Setup an easy redirect for sight migration as per these examples

    somesite.com/content/lang/en -> somesite.com/content/
    somesite.com/content/lang/de/ -> somesite.net/content/
    or
    somesite.com/content/lang/de/ -> de.somesite.com/content/
    even
    somesite.com/content/lang/de/ -> theothersite.com/products/

    I've coded that this manually in htaccess for now but to add this level of tweakability would make this plugin very SEO helpful.
    I'm splitting a clients multilingual website into two seperate sites and need to retain search engine ranking.

    Oh and fix trailing slash is the other must have

    thanks

  6. Antonio
    Member
    Posted 2 years ago #

    Hi bren,

    Your suggestions make sense.
    I'll look into them.

    Thank you.

  7. antonioandra.de
    Member
    Plugin Author

    Posted 2 years ago #

    A long (busy) time as gone by but I'm finally getting back at this.

    Some progress on the wp-login.php front has been made on 2.7.2 but using only htaccess so I'm not sure how useful this will be for your intents. Some feedback might be good.

    You can now easily restrict access to wp-login.php using a list of IPs.
    You can also use the "half mode", where POST requests can be sent to wp-login.php. Errors will still show up on the wp-login form so I guess this will only be useful for AJAX requests.

    @bren, easily setting htaccess redirection pairs is still planned.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic