Change your login URL for something like http://example.com/login and stop login brute-force attempts.
This plugin forbids access to http://example.com/wp-login.php and creates new urls, like http://example.com/login or http://example.com/logout.
This is a great way to limit bots trying to brute-force your login (trying to guess your login and password). Of course, the new URLs are easier to remember too.
Also remember: the use of this plugin does NOT exempt you to use a strong password. Moreover, never use "admin" as login, this is the first attempt for bots.
The plugin must be activated from your network.
Note 1: this plugin deals only with
wp-login.php, not with
wp-signup.php nor with
wp-activate.php (yet). That means http://example.com/register will still redirect to http://example.com/wp-signup.php. I think this will be the next step though, but no ETA.
Note 2: if users/sites registrations are open, you shouldn't use this plugin yet. There are some places where the log in address is hard coded and not filterable. A bug ticket is open.
web.configfile before the plugin activation).
Requires: 3.1 or higher
Compatible up to: 4.5.3
Last Updated: 4 months ago
Active Installs: 9,000+
0 of 4 support threads in the last two months have been marked resolved.
Got something to say? Need help?