What it does
This plugin renames wp-login.php to whatever you want. The default is example.com/login/ if no such page already exists. Otherwise it will append a number, e.g. login-1. You can change this under Settings Permalinks Login. Please remember what you changed your login page to, accessing wp-login.php or wp-admin will not work and will return a 404 not found status.
Compatibility
Works with BuddyPress, Limit Login Attempts and most other plugins that customise the login page.
This plugin doesnt break the registration form, lost password form, expired sessions or any of wp-login.phps functionality. Plugins that hook into the standard login form will keep working.
It doesnt break wp_login_form()
, so the login widget will work too.
While it might work with earlier versions of WordPress, you should always update WordPress to the latest version.
If youre using a page caching plugin like W3 Total Cache or WP Super Cache, add the word you renamed wp-login.php to (e.g. login) to the list of pages not to cache.
- For W3 Total Cache go to Performance Page Cache Advanced Never cache the following pages, add your new login page on a new line and save all settings.
- For WP Super Cache go to Settings WP Super Cache Advanced Accepted Filenames & Rejected URIs, add your new login page on a new line and save.
This plugin is not yet tested on installs that force SSL or use the multisite feature. I would appreciate any help with testing this.
Benefits
Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. wp-login.php will return a 404 not found status code, and wp-admin as well if youre not logged in, as it would otherwise reveal the location of your new login page.
I made this plugin primarily because a clients host blocked wp-login.php with an annoying Captcha. On some bigger websites Limit Login Atttempts also showed us that a lot of bots were trying to gain access through wp-login.php.
While you could use this plugin to prevent a lot of brute force attacks, it does not mean you dont need a strong password. Read this codex article for more information on how to protect your website.
Releases (29 )
Version | Release Date | Change Log |
---|---|---|
2.5.4 | 2016-01-17 |
|
2.5.5 | 2016-01-17 |
|
2.5.3 | 2016-01-02 | |
2.5.1 | 2014-12-20 | |
2.5 | 2014-12-20 |
|
2.4 | 2014-08-29 |
|
2.3 | 2014-03-16 |
|
2.2.7 | 2014-02-08 | |
2.2.6 | 2014-02-08 | |
2.2.5 | 2014-02-08 | |
2.2.4 | 2014-02-08 |
|
2.2.3 | 2014-01-31 |
|
2.2.2 | 2014-01-27 | |
2.2.1 | 2014-01-27 | |
2.2 | 2014-01-26 |
|
2.1.1 | 2014-01-04 | |
2.1 | 2014-01-04 |
|
2.0.1 | 2014-01-03 |
|
2.0 | 2014-01-02 |
|
1.9 | 2013-12-21 |
|
1.8 | 2013-11-15 |
|
1.7 | 2013-10-25 |
|
1.6 | 2013-09-13 |
|
1.5 | 2013-09-09 |
|
1.4 | 2013-09-08 |
|
1.2 | 2013-09-08 |
|
1.3 | 2013-08-27 |
|
1.1 | 2013-08-15 |
|
1.0 | 2013-08-15 |
= |