Title: HSArticle Login Warden
Author: hsarticle
Published: <strong>July 18, 2026</strong>
Last modified: July 18, 2026

---

Search plugins

![](https://ps.w.org/hsarticle-login-warden/assets/banner-772x250.png?rev=3612971)

![](https://ps.w.org/hsarticle-login-warden/assets/icon-256x256.png?rev=3612971)

# HSArticle Login Warden

 By [hsarticle](https://profiles.wordpress.org/hsarticle/)

[Download](https://downloads.wordpress.org/plugin/hsarticle-login-warden.1.0.0.zip)

 * [Details](https://wordpress.org/plugins/hsarticle-login-warden/#description)
 * [Reviews](https://wordpress.org/plugins/hsarticle-login-warden/#reviews)
 *  [Installation](https://wordpress.org/plugins/hsarticle-login-warden/#installation)
 * [Development](https://wordpress.org/plugins/hsarticle-login-warden/#developers)

 [Support](https://wordpress.org/support/plugin/hsarticle-login-warden/)

## Description

Most “hide login” plugins only do one thing: change the URL of wp-login.php. HSArticle
Login Warden does that too, but it’s built around a wider goal — make it harder 
for anyone to find or confirm who has access to your WordPress admin in the first
place. Hiding the login form doesn’t help much if your usernames are still leaking
out through three other doors, so HSArticle Login Warden closes those too, all as
optional one-click toggles.

It doesn’t rename or modify any core files, and it doesn’t add rewrite rules — it
simply intercepts requests for wp-login.php and /wp-admin and shows a 404 (or redirects)
to logged-out visitors, while your chosen custom URL loads the real login form.

**Custom login URL**

 * Set any custom login URL slug
 * Choose what logged-out visitors see when they hit the old login page or /wp-admin:
   a 404 page, a redirect to your homepage, or a redirect to any custom URL
 * Your current login URL is always visible on the settings page with a one-click
   Copy button, so you never lose track of it
 * Built-in conflict check — you can’t accidentally set your login slug to something
   that collides with an existing page or post

**Optional hardening toggles**

 * Disable XML-RPC (xmlrpc.php) — a second, often-forgotten login door and a common
   brute-force target
 * Generic login error messages — stops WordPress confirming whether a failed login
   had a real username or not
 * Block username enumeration via ?author=1, ?author=2, etc. — stops one of the 
   most common ways real usernames get discovered
 * Hide the /wp-json/wp/v2/users REST endpoint from logged-out requests — this lists
   every username on your site by default

None of these toggles track, log, or store anything about your visitors — they simply
stop information from leaking out. All logged-in functionality (dashboard, admin,
post editing) works completely normally; every toggle here only affects logged-out
visitors.

Deactivating the plugin brings your site back to its default state immediately.

## Installation

 1. Go to Plugins > Add New.
 2. Search for “HSArticle Login Warden”.
 3. Install and activate.
 4. You’ll be redirected to Settings > HSArticle Login Warden — set your new login 
    URL there and save.
 5. Bookmark your new login URL before you log out!

## FAQ

### I forgot my login URL!

Check the `hsarlowa_settings` row in your site’s `wp_options` database table, or
deactivate the plugin (via FTP/file manager if needed) to restore the default wp-
login.php URL.

### Does this work with caching plugins?

Yes, but if you use a page-caching plugin, exclude your new login URL from the cache
the same way you would for any dynamic page.

### Will disabling XML-RPC break anything?

It will stop the classic WordPress mobile apps, the old XML-RPC based publishing
tools, and some Jetpack features that rely on it from working. Most modern sites
using the REST API instead are unaffected. Leave it unchecked if you’re unsure.

### Will blocking ?author= links break my author archive pages?

No. Only the numeric query-string form (?author=1) is blocked for logged-out visitors.
Normal pretty-permalink author pages (/author/yourname/) keep working exactly as
before.

### Will hiding the REST users endpoint break the block editor?

No. /wp/v2/users/me (used by the block editor for the currently logged-in user) 
is untouched. Only the endpoints that list every username to logged-out requests
are hidden.

### Will this break my site if I forget to bookmark the new URL?

No. Deactivating the plugin (via FTP/file manager if needed, by renaming the plugin
folder) immediately restores the default wp-login.php URL.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“HSArticle Login Warden” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ hsarticle ](https://profiles.wordpress.org/hsarticle/)

[Translate “HSArticle Login Warden” into your language.](https://translate.wordpress.org/projects/wp-plugins/hsarticle-login-warden)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/hsarticle-login-warden/),
check out the [SVN repository](https://plugins.svn.wordpress.org/hsarticle-login-warden/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/hsarticle-login-warden/)
by [RSS](https://plugins.trac.wordpress.org/log/hsarticle-login-warden/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.0

 * Initial release.

## Meta

 *  Version **1.0.0**
 *  Last updated **1 day ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.6 or higher **
 *  Tested up to **7.0.2**
 *  PHP version ** 7.4 or higher **
 * Tags
 * [custom login url](https://wordpress.org/plugins/tags/custom-login-url/)[hide login](https://wordpress.org/plugins/tags/hide-login/)
   [login security](https://wordpress.org/plugins/tags/login-security/)[wp login](https://wordpress.org/plugins/tags/wp-login/)
   [xmlrpc](https://wordpress.org/plugins/tags/xmlrpc/)
 *  [Advanced View](https://wordpress.org/plugins/hsarticle-login-warden/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/hsarticle-login-warden/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/hsarticle-login-warden/reviews/)

## Contributors

 *   [ hsarticle ](https://profiles.wordpress.org/hsarticle/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/hsarticle-login-warden/)