Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Stealth Login Page

Protect your dashboard without editing the .htaccess file -- the FIRST one that completely blocks remote bot login requests.

I've been locked out! HELP!

Step 1: breathe Step 2: login to FTP or hosting and rename the stealth-login-page folder in /wp-content/plugins Step 3: login

If those steps don't work, then it's possible you have a server caching or a caching plugin or a CDN that is still delivering the plugin files. Clear all caches (not your browser cache).

I never got an e-mail of the code when I clicked the checkbox.

Ensure that you clicked the Save Settings button after the box was checked. In every case I've seen, clicking it a second time always sends it.

Does this work on MU sites?

Version 3.0.0 and greater is fully network-activated, includes uninstall, and bypasses all the settings pages with wp-config.php variables. See the Intallation tab or above in this file for instructions.

I noticed Limit Login Attempts or Login Lockdown still reporting lockouts. Why?

We've realized that bots (or really bored people) can enter a URL string in the address bar that attempts to log in without ever showing the login form. If the guess is unsuccessful, then they are redirected just the same and their IP address is logged by the other plugins. This reinforces the need for a 3-prong approach: strong credentials, login limiter plugin, and a stealthy login page.

Are both the redirected folder /wp-admin and the page wp-login.php secured?

Yes, as long as you are not actively logged into the site on that computer. You may enter your dashboard normally if you're in an active session. Once the session expires, you're further protected by it automatically redirecting rather than gaining access to the login form since WordPress redirects session timeouts to wp-login.php, unaware of the new URL string.

What do I do if I forget my code and can't find the e-mail the plugin sent me?

You'll need FTP access to your site. Renaming the stealth-login-page folder in /wp-content/plugins/ will remove the stealth security and allow you back into your dashboard. If you have used variables in the wp-config.php file, delete or comment out those lines.

Requires: 3.4.2 or higher
Compatible up to: 4.0.14
Last Updated: 2 years ago
Active Installs: 20,000+


4.6 out of 5 stars


0 of 1 support threads in the last two months have been marked resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 100,2,2 100,4,4 0,1,0 100,2,2 100,1,1 83,6,5 100,2,2
100,1,1 50,2,1