Title: WP Login Door Author: toxnico Published: August 25, 2016 Last modified: June 11, 2025 --- Search plugins ![](https://ps.w.org/wp-login-door/assets/banner-772x250.png?rev=1484011) ![](https://ps.w.org/wp-login-door/assets/icon-128x128.png?rev=1484033) # WP Login Door By [toxnico](https://profiles.wordpress.org/toxnico/) [Download](https://downloads.wordpress.org/plugin/wp-login-door.1.5.zip) * [Details](https://wordpress.org/plugins/wp-login-door/#description) * [Reviews](https://wordpress.org/plugins/wp-login-door/#reviews) * [Installation](https://wordpress.org/plugins/wp-login-door/#installation) * [Development](https://wordpress.org/plugins/wp-login-door/#developers) [Support](https://wordpress.org/support/plugin/wp-login-door/) ## Description Did you ever feel like your website or blog login page is ridiculously fragile and reachable, and could be easily broken in by an intruder? Personally I hate to think of hundreds of people playing with my door lock hundreds of times a day. It’s the same with my blog login page. On WordPress, there are two main potential vectors of bruteforce intrusion: * http:// my-site.com/wp-login.php, which is the login page * http://my-site.com/xmlrpc.php, which is an API gateway for interacting with third party applications. This plugin adds one security layer in front of your login page, and by the way you can also disable XML-RPC with a simple checkbox if you don’t need it (XML-RPC is a _**WIDELY**_ used vector of attacks). The idea is simple: you choose a pair of words, and when you want to access your login page, you just have to provide them in the URL like this: http://my-site.com/ wp-login.php?word1=word2. That’s all! If you try to access your login page without this pair of words, you get a configurable error message, where you can insult the attacker as much as you want 😉 ## Installation 1. Upload the plugin files to the `/wp-content/plugins/wp-login-door` directory, or install the plugin through the WordPress plugins screen directly. 2. Activate the plugin through the ‘Plugins’ screen in WordPress 3. Use the Settings->Wp Login Door screen to configure the plugin 4. Enjoy your new door 🙂 ## FAQ ### What if I lose my pair of words? You can disable the plugin from your FTP server. Then login as usual, reactivate the plugin, and check your word pair. ### Is that free? I don’t know if the beerware license is GPL 2 compatible, but if you like this plugin and if we meet someday, you can buy me a beer. ### Is that all ? Yes! ## Reviews ![](https://secure.gravatar.com/avatar/12189ddbf9a9451ae32cb6b0479a311d24e3797c5c73d1249abfd34b334bab02? s=60&d=retro&r=g) ### 󠀁[great plugin](https://wordpress.org/support/topic/great-plugin-30889/)󠁿 [PSlat](https://profiles.wordpress.org/pslat/) May 15, 2021 So tired of all those dweebs in their mammy’s basements trying to access wp-login om my websites. thanks to this plugin they can plug away all they want and I don’t have to add them to my banned list. This plugin saves me a lot of time and effort, thanks dev, great plugin. ![](https://secure.gravatar.com/avatar/78b93c969e0883c1c5820279f589b8e8e5b4312e7978dfb3ceb7e2368c78a0de? s=60&d=retro&r=g) ### 󠀁[Works Perfectly](https://wordpress.org/support/topic/works-perfectly-1552/)󠁿 [Clayton](https://profiles.wordpress.org/byronboy/) October 30, 2018 This plugin worked without any issues. Would be nice though if the full path and key words did not appear in browser address bar ![](https://secure.gravatar.com/avatar/a2d8944263b0a76696dd13c4b9f079ba381b388f82953f00c9ddb661826b5ab7? s=60&d=retro&r=g) ### 󠀁[This is a great plugin!](https://wordpress.org/support/topic/this-is-a-great-plugin-6/)󠁿 [SBDSTech](https://profiles.wordpress.org/sbdstech/) July 5, 2018 I rarely leave reviews, and I think this might actually be the first time I’ve left a review for a Plugin, but this one is worth the time and effort it took me to reset my password. Works as advertised, perfectly. ![](https://secure.gravatar.com/avatar/356cbaf1400c9865131a4c01fc70357726c68b6895e246335fb50715d38d70e4? s=60&d=retro&r=g) ### 󠀁[Good plugin!](https://wordpress.org/support/topic/good-plugin-2173/)󠁿 [jokern](https://profiles.wordpress.org/jokern/) June 6, 2017 Very easy to use and works well. Does the job to hide the login door very well. Recommended! ![](https://secure.gravatar.com/avatar/f9288c3ecdcac38a83ea52f00d60e786b7423536ca20e700c9079fbdba33cd1f? s=60&d=retro&r=g) ### 󠀁[Great plugin!](https://wordpress.org/support/topic/great-plugin-12790/)󠁿 [](https://profiles.wordpress.org/gonebeta/) February 15, 2017 This plugin has been a savior. I went from 500 login attempts per day on one of my website to zero! ![](https://secure.gravatar.com/avatar/f687f04c058f3fe051fdf9943b32e69384c6a683015e4fbb95d48eb9c979de2c? s=60&d=retro&r=g) ### 󠀁[Simple and useful](https://wordpress.org/support/topic/simple-and-useful-141/)󠁿 [toxnico](https://profiles.wordpress.org/toxnico/) September 3, 2016 This plugin is the easiest way to hide your login page and thus avoid brute force attacks [ Read all 6 reviews ](https://wordpress.org/support/plugin/wp-login-door/reviews/) ## Contributors & Developers “WP Login Door” is open source software. The following people have contributed to this plugin. Contributors * [ toxnico ](https://profiles.wordpress.org/toxnico/) [Translate “WP Login Door” into your language.](https://translate.wordpress.org/projects/wp-plugins/wp-login-door) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/wp-login-door/), check out the [SVN repository](https://plugins.svn.wordpress.org/wp-login-door/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/wp-login-door/) by [RSS](https://plugins.trac.wordpress.org/log/wp-login-door/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.5 * Let go the ‘postpass’ standard action (used when user types a password to open a protected post) #### 1.4 * Removed some php notices in the administration section. #### 1.1.1 * Bug correction. During refactoring, I misspelled the key name sanitization callback, and it could cause problems on some installations, such as key name field not stored. #### 1.1 * Added a new setting to redirect home instead of displaying an error message. #### 1.0 * First release ## Meta * Version **1.5** * Last updated **12 months ago** * Active installations **400+** * WordPress version ** 4.0.0 or higher ** * Tested up to **6.8.5** * Tags * [BruteForce](https://wordpress.org/plugins/tags/bruteforce/)[hide](https://wordpress.org/plugins/tags/hide/) [login](https://wordpress.org/plugins/tags/login/)[security](https://wordpress.org/plugins/tags/security/) [xmlrpc](https://wordpress.org/plugins/tags/xmlrpc/) * [Advanced View](https://wordpress.org/plugins/wp-login-door/advanced/) ## Ratings 5 out of 5 stars. * [ 6 5-star reviews ](https://wordpress.org/support/plugin/wp-login-door/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/wp-login-door/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/wp-login-door/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/wp-login-door/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/wp-login-door/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/wp-login-door/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/wp-login-door/reviews/) ## Contributors * [ toxnico ](https://profiles.wordpress.org/toxnico/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/wp-login-door/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](http://dirtymarmotte.net/en/donations/)