I use the plugin Clean Login to handle all logins and password resets. I then place its login shortcode on my home page, and use the following code in my theme’s functions.php file:
function possibly_redirect(){
global $pagenow;
if ( 'wp-login.php' == $pagenow ) {
if ( isset( $_POST['wp-submit'] ) || // in case of LOGIN
( isset($_GET['action']) && $_GET['action']=='logout') || // in case of LOGOUT
( isset($_GET['checkemail']) && $_GET['checkemail']=='confirm') || // in case of LOST PASSWORD
( isset($_GET['checkemail']) && $_GET['checkemail']=='registered') ) return; // in case of REGISTER
else wp_redirect(home_url());
exit();
}
}
add_action('init','possibly_redirect');
Obviously, you can change the redirect to another URL, like else wp_redirect(home_url('/login')); if that would suit you better.
Thanks KTS915, I’ll test it out.
Does this plugin disable the default wp-login.php? I would really like to restrict access to this page completely to prevent any bot attacks in the future
@balanceinme,
Clean Login allows you to place shortcodes on any post or page to enable login and other related actions, though you only need to use the shortcodes you want. It also uses a honeytrap to avoid bots.
The code in functions.php forces all traffic to to wp-login.php to be redirected wherever you indicate. So wp-login.php becomes inaccessible. (For this reason you should install and activate Clean Login first!)
