Rename wp-login.php

Wordpress Plugin
Download latest - 2.5.4

Developers

iseulde
avryl

Download Stats

Today 133
Yesterday 194
Last Week 1,417
All Time 435,378


What it does

This plugin renames wp-login.php to whatever you want. The default is example.com/login/ if no such page already exists. Otherwise it will append a number, e.g. login-1. You can change this under Settings Permalinks Login. Please remember what you changed your login page to, accessing wp-login.php or wp-admin will not work and will return a 404 not found status.

Compatibility

Works with BuddyPress, Limit Login Attempts and most other plugins that customise the login page. This plugin doesnt break the registration form, lost password form, expired sessions or any of wp-login.phps functionality. Plugins that hook into the standard login form will keep working. It doesnt break wp_login_form(), so the login widget will work too.

While it might work with earlier versions of WordPress, you should always update WordPress to the latest version.

If youre using a page caching plugin like W3 Total Cache or WP Super Cache, add the word you renamed wp-login.php to (e.g. login) to the list of pages not to cache.

  • For W3 Total Cache go to Performance Page Cache Advanced Never cache the following pages, add your new login page on a new line and save all settings.
  • For WP Super Cache go to Settings WP Super Cache Advanced Accepted Filenames & Rejected URIs, add your new login page on a new line and save.

This plugin is not yet tested on installs that force SSL or use the multisite feature. I would appreciate any help with testing this.

Benefits

Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. wp-login.php will return a 404 not found status code, and wp-admin as well if youre not logged in, as it would otherwise reveal the location of your new login page.

I made this plugin primarily because a clients host blocked wp-login.php with an annoying Captcha. On some bigger websites Limit Login Atttempts also showed us that a lot of bots were trying to gain access through wp-login.php.

While you could use this plugin to prevent a lot of brute force attacks, it does not mean you dont need a strong password. Read this codex article for more information on how to protect your website.


Releases (29 )

Version Release Date Change Log
2.5.4 2016-01-17
  • Added i18n support.
2.5.5 2016-01-17
  • Add missing load_plugin_textdomain.
2.5.3 2016-01-02
2.5.1 2014-12-20
2.5 2014-12-20
  • Use wp-login.php instead of copying the file.
  • Don't add notices for W3 Total Cache and WP Super Cache.
2.4 2014-08-29
  • WordPress 4.0 compatible.
2.3 2014-03-16
  • WordPress 3.9 compatible.
  • Fix issue where the slug reverts to default when saving the permalink structure.
2.2.7 2014-02-08
2.2.6 2014-02-08
2.2.5 2014-02-08
2.2.4 2014-02-08
  • Fixed SSL issues.
  • Set REQUEST_URI back.
  • Check if wp-login.php functions exist to avoid future fatal errors.
2.2.3 2014-01-31
  • Fixed URL filters.
2.2.2 2014-01-27
2.2.1 2014-01-27
2.2 2014-01-26
  • Fixed issue where requests redirect to the new login page.
  • Trailing slash based on the permalink structure.
2.1.1 2014-01-04
2.1 2014-01-04
  • Works now with non-pretty permalinks!
  • Gives a message when using W3 Total Cache or WP Super Cache to update options.
2.0.1 2014-01-03
  • Prevents pretty redirects such as /login and /admin.
  • Simplifies some code.
  • Forces login page with trailing slash.
  • Replaces a wp_redirect with wp_safe_redirect.
  • Shows error message in the network admin if permalinks are not enabled for the main site.
2.0 2014-01-02
  • This plugin can now be activated for a network and a networkwide default can be set.
  • The plugin now hooks in after init to make sure any customisations to the login form are hooked in before it.
  • Links should now be fixed when SSL is enabled.
1.9 2013-12-21
  • wp-admin will now have a wp_die() message instead of a 404 template because this caused problems.
  • Minimum version is now 3.8.
  • Added updates from wp-login.php in 3.8.
1.8 2013-11-15
  • OOP PHP.
  • Requires WordPress 3.7 or higher.
  • MultiViews compatible.
1.7 2013-10-25
  • Made compatible with WordPress 3.7.
1.6 2013-09-13
  • Fixed the login link when site_url() home_url().
  • Added a mirror on GitHub.
1.5 2013-09-09
  • Made User Switching compatible.
1.4 2013-09-08
  • Faster page load.
  • Fixed 404 error for permalink structures with a prefixed path. Almost pretty permalinks work now too.
  • Code clean-up.
1.2 2013-09-08
  • Fixed status code custom login page.
1.3 2013-08-27
  • Prevents the plugin from working when there is no permalink structure.
1.1 2013-08-15
  • Blocked access to wp-admin/ to prevent a redirect the the new login page.
1.0 2013-08-15
  • Initial version.

=