Plugin Directory

Move Login

Change your login URL for something like http://example.com/login and stop login brute-force attempts.

This plugin forbids access to http://example.com/wp-login.php and creates new urls, like http://example.com/login or http://example.com/logout.
This is a great way to limit bots trying to brute-force your login (trying to guess your login and password). Of course, the new URLs are easier to remember too.

Also remember: the use of this plugin does NOT exempt you to use a strong password. Moreover, never use "admin" as login, this is the first attempt for bots.


  • US English
  • French
  • Serbo-Croatian (partial, thank you Borisa)
  • Hebrew (partial, thank you Ahrale)


Yep! The plugin must be activated from your network. Note 1: this plugin deals only with wp-login.php, not with wp-signup.php nor with wp-activate.php (yet). That means http://example.com/register will still redirect to http://example.com/wp-signup.php. I think this will be the next step though, but no ETA. Note 2: if users/sites registrations are open, you shouldn't use this plugin yet. There are some places where the log in address is hard coded and not filterable. A bug ticket is open.


  • See some important informations in the "Installation" tab (I mean it).
  • Should work on IIS7+ servers but not tested (I guess you should probably save a copy of your web.config file before the plugin activation).
  • For Nginx servers, the rewrite rules are not written automatically of course, but they are provided as information in the plugin settings page.

Requires: 3.1 or higher
Compatible up to: 4.4
Last Updated: 1 week ago
Active Installs: 6,000+


4.4 out of 5 stars


1 of 4 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1