WordPress.org

Plugin Directory

Move Login

Change your login URL for something like http://example.com/login and stop login brute force attempts.

This plugin forbids access to http://example.com/wp-login.php and creates new urls, like http://example.com/login or http://example.com/logout.

This is a great way to limit bots trying to brute force your login (trying to guess your login and password). Of course, the new urls are easier to remember too.

Also remember: the use of this plugin does NOT exempt you to use a strong password. Moreover, never use "admin" as login, this is the first attempt for bots.

Translations

  • US English
  • French
  • Serbo-Croatian (partial, thank you Borisa)
  • Hebrew (partial, thank you Ahrale)

Multisite

Yep! The plugin must be activated from your network. Note 1: this plugin deals only with wp-login.php, not with wp-signup.php nor with wp-activate.php (yet). That means http://example.com/register will still redirect to http://example.com/wp-signup.php. I think this will be the next step though, but no ETA. Note 2: if users/sites registrations are open, you shouldn't use this plugin yet. There are some places where the log in address is hard coded and not filterable. A bug ticket is open.

Requirements

  • See some important informations in the "Installation" tab (I mean it).
  • Should work on IIS7+ servers but not tested (I guess you should probably save a copy of your web.config file before the plugin activation).
  • For nginx servers, the rewrite rules are not written automatically of course, but they are provided as information in the plugin settings page.

Requires: 3.1 or higher
Compatible up to: 4.1.1
Last Updated: 2015-3-1
Active Installs: 3,000+

Ratings

4.2 out of 5 stars

Support

1 of 2 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1
100,2,2
100,1,1
100,1,1
100,1,1 100,1,1