Description
Admin Login Guard & Branding allows you to change your WordPress login URL to a custom slug, preventing brute force attacks and providing enhanced security by hiding the default wp-login.php.
It goes beyond just renaming the login URL; it includes robust features to limit login attempts, track failed logins, and fully customize the visual appearance of your login page to match your brand.
It supports WordPress Multisite networks, allowing you to control login settings across your entire network.
Key Features
- Custom Login Slug: Change
wp-login.phpto something unique (e.g.,/my-secret-login). - Access Control: Automatically blocks access to
wp-login.phpandwp-signup.phpfor non-logged-in users. - Limit Login Attempts: Set maximum failed login attempts and lockout duration to prevent brute-force attacks.
- Login History: Keep a detailed log of failed login attempts, including IP address, username, time, and user agent.
- CSV Export: Download your login failure history for analysis.
- Custom Redirection: Choose a custom page or 404 page to redirect unauthorized users to.
- Visual Customization:
- Upload a custom logo.
- Set custom logo width, height, title, and link.
- Set a background image or color.
- Customize button colors, form borders, and label colors.
- Customize “Lost Password” and “Back to Home” link colors.
- Option to hide the “Back to Home” link.
Privacy & Data Collection
This plugin respects your privacy. Both the diagnostic tracking and deactivation feedback features are 100% optional.
Telemetry & Diagnostics (Opt-in Only)
Upon activation, you will be invited to share anonymous site diagnostics. This is strictly opt-in and can be disabled at any time from the ‘Privacy’ tab in settings. If you agree, we collect:
- WordPress, PHP, and Plugin version numbers.
- Theme name/version and locale.
- Multisite status and a hashed site identifier.
- No personal data, user information, or site content is collected.
Deactivation Feedback
If you decide to deactivate the plugin, a feedback modal will appear. Providing feedback is entirely optional—you can click “Skip & Deactivate” to deactivate the plugin immediately without sharing any data. You may optionally share your name and email address if you wish to be contacted for support.
Data Security
All collected data is encrypted using AES-256-CBC before being transmitted to our secure receiver server.
External services
This plugin connects to external APIs operated by Code and Core to support optional telemetry diagnostics and optional deactivation feedback. Both services are entirely opt-in / optional.
1. Telemetry / Diagnostics receiver
This plugin connects to an API to send anonymous site-health data, it’s needed to help prioritize compatibility updates.
It sends the Site URL, plugin name & version, PHP version, WordPress version, active theme name & version, site language, multisite status, and a Unix timestamp every time the plugin is activated, deactivated, or updated, ONLY if the administrator has explicitly opted in.
This service is provided by “Code and Core”: privacy policy.
2. Deactivation feedback receiver
This plugin connects to an API to receive voluntary feedback, it’s needed when a site administrator chooses to share a reason for deactivating the plugin.
It sends Deactivation reason, optional details, Site URL, plugin name & version, PHP version, WordPress version, active theme name & version, site language, multisite status, and a timestamp ONLY when the administrator clicks “Submit Feedback” in the deactivation modal. Name and email are sent only if the contact checkbox is checked.
This service is provided by “Code and Core”: privacy policy.
All data transmitted to endpoints on wordpress-plugins.pro is encrypted with AES-256-CBC before sending.
Credits
- This plugin uses DataTables for displaying login history.
Screenshots
General Settings: Configure your custom slug and redirection options. 
Styles Tab: Customize the look and feel of your login page. 
Login Attempts: Set policies for failed logins and lockouts. 
Login History: View and export logs of failed login attempts. 
Visual Customization: Preview and customize your admin logo with width, height, and background control.
Installation
- Upload the plugin files to the
/wp-content/plugins/admin-login-guard-brandingdirectory (or search for it in the WordPress repository). - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Go to ‘Settings’ > ‘Admin Login Guard & Branding’ to configure the plugin.
- Set your desired “Custom Login URL Slug” and save settings.
- Important: Bookmark your new login URL!
FAQ
-
Does it work on multisite?
-
Yes, it is fully compatible with WordPress Multisite. You can configure settings for individual sites or the network.
-
I forgot my custom login URL, what do I do?
-
If you have FTP access, you can rename the plugin folder (
admin-login-guard-branding) to something else to deactivate it and regain access via the defaultwp-login.php.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Admin Login Guard & Branding” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Admin Login Guard & Branding” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.1 – 2026-03-18
- Fixed telemetry card color selection not updating when clicking “Opt in” or “Opt out” in Privacy settings.
- Added automatic page reload after user selects telemetry preference in the popup modal.
- Improved telemetry popup to display on first admin visit even when transient expires.
- Enhanced form field selector accuracy for telemetry card JavaScript interactions.
1.0.0 – 2026-03-18
- Initial release.
- Added custom login slug functionality.
- Added styling options for login page.
- Added login attempt limiting and history logging.
- Enhanced visual customization for the login page (Logo resizing, custom links, colors).