Move Login

Wordpress Plugin
Download latest - 2.5.3



Download Stats

Today 25
Yesterday 64
Last Week 278
All Time 104,256
Banner 772x250

This plugin forbids access to and creates new urls, like or

This is a great way to limit bots trying to brute force your login (trying to guess your login and password). Of course, the new urls are easier to remember too.

Also remember: the use of this plugin does NOT exempt you to use a strong password. Moreover, never use "admin" as login, this is the first attempt for bots.


  • US English
  • French
  • Serbo-Croatian (partial, thank you Borisa)
  • Hebrew (partial, thank you Ahrale)


Yep! The plugin must be activated from your network.


  • See some important informations in the "Installation" tab (I mean it).
  • Should work on IIS7+ servers but not tested (I guess you should probably save a copy of your web.config file before the plugin activation).
  • For nginx servers, the rewrite rules are not written automatically of course, but provided as information.

Releases (11 )

Version Release Date Change Log
2.5.3 2017-06-05
  • 2017/06/05
  • New: preview your URLs while typing.
  • New: you can leave a field empty to set its default value.
  • Improved URL duplicates detection.
  • Fixed the "Lost Password" redirection (and others).
  • Dev stuff: fixed the filters in sfml_is_apache(), sfml_is_iis7(), and sfml_is_nginx().
  • Nerd stuff: improved the whole plugin code quality by updating the Coding Standard rules and applying new ones. Changed a few things in the class SFML_Options.
2.5.2 2017-05-25
  • 2017/05/25
  • New: a new option is available. Instead of redirecting to the a "WordPress" 404 error page, you can choose to directly trigger the 404 error. Pro: the user is not directed, the URL doesn't change. Con: the user sees the browser error page, it probably is ugly (but do we really care?).
  • Fixed the blank page that was displaying instead of redirecting the user to the new login URL.
  • Dev stuff: in case the plugin has trouble determining your server technology, take a look at sfml_is_apache(), sfml_is_iis7(), and sfml_is_nginx(): returned values can be filtered with a MU plugin.
2.5.1 2017-05-14
  • 2017/05/14
  • Added missing functions for compatibility with WordPress < 4.4.
2.4.3 2017-03-26
  • 2017/03/26
  • Fixed an error preventing the plugin uninstallation. My diabolical plan to be on every website has been discovered
  • Updated some translations to exclude non-translatable strings and as many HTML tags as possible.
  • Use WP_Filesystem_Direct to write files.
2.4.2 2017-03-26
  • 2017/02/04
  • Fixed a simple PHP warning.
2.3 2017-01-03
  • 2016/04/04
  • Tested with WP 4.5.
  • Code quality improvements.
  • Fixed a notice with php7.
  • Mark the option "Do nothing, redirect to the new login page" as not recommended.
  • If not logged in, deny access to wp-signup.php and wp-register.php (mono-site installations).
  • When blocking access, use a 501 error code instead of 500.
  • Added compatibility with websites that are not using port 80 and 443.
0.1 2015-11-01
  • 2013/06/03
  • First public beta release
  • Thanks to juliobox, who's joining the project :)


0.1.1 2015-11-01
  • 2013/06/04
  • Bugfix: php notice due to a missing parameter.
  • Bugfix: incorrect network_site_url filter.
1.0.1 2015-11-01
  • 2013/09/30
  • Very minor bug fix: messed author link -_-'
1.1.4 2015-11-01
  • 2014/04/28
  • Plugins can now add their own action to Move Login more easily with the filter sfml_additional_slugs. Even without doing anything, Move Login handle custom actions added by other plugins, but the URL can't be customisable. Now, these plugins can add a new input field to let users change this new URL, and it's very simple.
  • Side note: I've just released a new version for my framework Noop (1.0.7). Now you can import and export your settings via a file, see the new tab in the "Help" area.
2.0.2 2015-11-01
  • 2015/02/24
  • Same as below... Fingers crossed. >_>