Change your login URL for something like https://example.com/login and stop login brute-force attempts.
This plugin forbids access to https://example.com/wp-login.php and creates new urls, like https://example.com/login or https://example.com/logout.
This is a great way to limit bots trying to brute-force your login (trying to guess your login and password). Of course, the new URLs are easier to remember too.
Also remember: the use of this plugin does NOT exempt you to use a strong password. Moreover, never use "admin" as login, this is the first attempt for bots.
By the way, if you are looking for a complete security solution, take a look at SecuPress: Move Login is included inside.
Yes! The plugin must be activated from your network.
Note 1: this plugin deals only with
wp-login.php, not with
wp-signup.php nor with
wp-activate.php (yet). That means https://example.com/register will still redirect to https://example.com/wp-signup.php. I think this will be the next step though, but no ETA.
Note 2: if users/sites registrations are open, you shouldn't use this plugin yet. There are some places where the log in address is hard coded and not filterable. A bug ticket is open.
web.configfile is not writable (you will need to add the given rules manually), or if something is wrong and you can't log in anymore (see the FAQ in that case).
web.configfile before the plugin activation).
Requires: 3.1 or higher
Compatible up to: 4.7.1
Last Updated: 2 weeks ago
Active Installs: 10,000+
0 of 6 support threads in the last two months have been marked resolved.
Got something to say? Need help?