Title: wp-admin hide
Last modified: August 22, 2016

---

# wp-admin hide

 *  Resolved [MikeBWD](https://wordpress.org/support/users/mikebwd/)
 * (@mikebwd)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/wp-admin-hide/)
 * Hi I do not see an option to hide the default log in page I am curious why, as
   most attacks will be aimed at this page.
 * Mike
 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/)

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [WFBrian](https://wordpress.org/support/users/wfbrian/)
 * (@wfbrian)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/wp-admin-hide/#post-5791768)
 * Hi Mike,
 * Currently, we do not offer an option to hide the login page. We feel that hiding
   doesn’t really address the main concern of keeping unauthorized people or bots
   out of a site.
 * Thanks,
    Brian
 *  [DJIO | Dionizio Bach](https://wordpress.org/support/users/djio/)
 * (@djio)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-admin-hide/#post-5791888)
 * My clients feel a lot more confident accessing a friendly address, such as /panel
   or simple /admin
 * Please add this feature so we can stop using another plugin just for this 😉
 * Thanks in advance
    =)
 *  Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-admin-hide/#post-5791889)
 * Thanks for the feedback. This may be considered for a future version of Wordfence,
   but it is not planned for a specific version, if it will be implemented.
 * -Matt R
 *  [pingram](https://wordpress.org/support/users/pingram3541/)
 * (@pingram3541)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-admin-hide/#post-5791890)
 * This, along with the rest of the protection WF provides, is a great idea.
 * If the commonly known place to “attempt” exploits cannot also easily be found
   this very well could reduce the amount of email notices in addition to possibly
   dropping your domain from the attackers list…if of course the attacker themselves
   has an efficient mechanism of qualifying targets.
 * Of course, you’d need to kill the built in core method of redirecting the default/
   wp-login.php to the newly defined login path.
 * Edit: Just to add more clarity here. I have tried a few things to minimize my
   websites exposure and the hundreds of emails I receive daily…ultimately if I 
   can find a way to not expose the actual login form maybe that will have some 
   effect on the actual traffic hits too.
 * Here’s where I’m at so far:
 * 1. I have wordfence installed and am actively blocking any invalid usernames 
   as well as X number of failed attempts.
    2. I have the Clef two-pass plugin which
   replaces the wp-login form removing the ability to login with a username/password
   altogether. 3. I have XML-RPC completely disabled and have confirmed by testing
   with the WP mobile app – no access 4. I have written a redirect plugin that unless
   you type in an exact and very obscure url w/ post data and matching key, you 
   are redirected back to the home page i.e. [http://www.mysite.com/wp-login.php?someobscurestring=myobscuredayakey](http://www.mysite.com/wp-login.php?someobscurestring=myobscuredayakey)
 * What else am I missing? How else do I prevent these attempts?
 * It’s unlikely they would figure out my redirect bypass and it appears that clef
   simply hides the traditional form rather than rewrite it, so technically its 
   still there and served up with wp-login.php and I suppose post data is really
   the problem here?
 * Is it maybe that post data is still capable of submitting the core login form
   behind all of these preventative measures before my redirect kicks in?
 *  Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-admin-hide/#post-5791891)
 * Yes, if Clef only hides the login form that appears on the page, it shouldn’t
   affect whether or not logins can be attempted, unless they also hook into the
   login process in WordPress. I can’t help with the custom redirect plugin you 
   mentioned, but I can mention to the dev team that there is more interest in this
   option to change the login URL. Thanks for your input!
 * -Matt R

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘wp-admin hide’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [wp-admin](https://wordpress.org/support/topic-tag/wp-admin/)

 * 5 replies
 * 5 participants
 * Last reply from: [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * Last activity: [10 years, 7 months ago](https://wordpress.org/support/topic/wp-admin-hide/#post-5791891)
 * Status: resolved