WordPress.org

Plugin Reviews

Lockdown WP Admin

Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php)

47 reviews
Average Rating
3.7 out of 5 stars
Nice plugin, but needs to deal with Wordpres redirects
By ,

Love the plugin and it's a great start. I use it along with some other methods to simply make it more difficult to reach the login page. though it's slightly security theatre it does get the potential lazy web hackers out of the picture. And the plugin works pretty well.

I'd suggest adding functionality to stop WordPress from forwarding other URLs to the back end, but blocking the wp_redirect_admin_locations function in canonical.php.

There you will see:

add_action(
  'template_redirect',
  function() {
    $requ = untrailingslashit($_SERVER['REQUEST_URI']);
    if (site_url('login','relative') === untrailingslashit( $_SERVER['REQUEST_URI'] )){
      remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
    }
  }
);

This means that if someone uses /admin it immediately forwards to the page regardless of if there's a custom url. admin does the same. Forwards to wp-admin. At least here, when using the plugin you get the "page not found" error. That should happen when people try "login" as well.

Cheers.

does the job
By , for WP 4.5.1

all good, works fine, does the job.
One star is taken for /login is not hidden.

Muito bom
By , for WP 4.5.1

Cumpre direitinho o que promete e mantei a seguran├ža para personalizar a seguran├ža do site.

Quick & Easy
By , for WP 4.4.2

Easy to use and works perfectly. Has not interfered with any other plug in and I am able to access admin no problem. I've tried to login using the wp-admin and it does send them to an error page. I like being able to define my own admin url so to speak. It has stopped people registering when I've not enabled this feature.

ruined my DB
By , for WP 4.4.2

somehow I could not connect admin page and just fallowed direction on page - disable-.. txt, but no luck.

good thing was it was my first day that I start set my site so it was easy to redo everything.

I should check the review first before I set up this plug in.

Never use it!
By ,

Deleted all my pages! And now even after de-installing this I can't log out!!! It's a malware :-[

Good. But... " /// "
By , for WP 4.4.2

Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php)

Hey. And now try to enter the path: www.site.com///wp-login.php and (!!!)login page is opened. This is a bug!

It was a surprise for basic authentication, but then she let me protect themselves from the above bug!

Get rid of the basic authentication is easy - it is necessary to create a empty file in the plugin directory disable_auth.txt. Then, to create a private admin user with base auth in panel and delete the file.

Waiting for a modified plugin, remove error ///wp-login.php and I put 5 stars :-)

Work until admin is logined in
By , for WP 4.4

If open secret login page in different browser after put login credentials shows 404, can't see wp-admin directory. Solution disable plugin and delete it

last version per WP 3.2.1
By , for WP 4.3.1

Hi.
Good morning.

I would like be the last version of Lockdown WP Admin per WordPress 4.3.1

Best regards,
The Rock

Excellent and Easy
By , for WP 4.3.1

Excellent and Easy

You must log in to submit a review. You can also log in or register using the form near the top of this page.