Protect Login

Protect Login

Maybe in the future, some advanced Login protection will be recommended. For now I just want basic renaming.

Hide Login URL

Plugins with this option:

  • Total Security
    except it blocks AJAX calls because it not only blocks login but also admin folder. Note the option name: Hide “wp-login.php” and “wp-admin” folder And admin-ajax.php is inside wp-admin folder :()

    admin-ajax.php 404 (Not Found)

Secure Hidden Login Allows you to create custom URLs for user’s login, logout and admin’s login page, without editing any .htaccess files. Those attempting to gain access to your login form will be automatcally redirected to a customizable URL. Hide “wp-admin” folder.

  • iThemes Security (formerly Better WP Security) has also ability to changes the URLs for WordPress dashboard areas including login.

  • Shield WordPress Security also has login protection option.

  • WPS Hide Login
    tabrisrp/wps-hide-login
    Active installs 60000+. Changes the URL without option to add query parameters. The only one of small ones that have valid uninstall procedure; nice source code. It is also multisite compatible.

    For W3 Total Cache and WP Super Cache this plugin will give you a message with a link to the field you should update.

    I prefer this fork over original isuelde’s one (rename-wp-login) mentioned below, because she already stopped developing once.

  • Rename wp-login.php iseulde/rename-wp-login Woow! 100,000+ Active Installs. Works on multisite.

    Everything as expected; exactly the same as WPS Hide Login (as they are the same plugins).

    WPS Hide Login is a fork of this plugin, which was then unmaintained (Jan 2015) but started developing again in Jan 2016.

  • Rename wp-login.php to anything you want Obvously stolen code from couple of plugins. For one, same as WPS Hide Login, but with added login security brute-force blocking based on IP. But when I saw authors site (travis.ga) empty (Website has been destroyed?) I decided this must be forget.

  • Unauthorised Login Redirect Same query parameter way of protection (slug text). Something is not coded properly - input form is buggy, but at the end specifying /wp-login.php, login_key, etk worked as expected. Rating plugins worked also.

  • Easy Hide Login Seems very nice and concise. Uses “slug URL” in format: http://site.com?anyslug So link in format ?login_key=etk works without problems. I think it is not multisite compatible, but maybe just works. But there is an important problem: can’t logout properly :(

  • Hidden WP Admin Is not exactly for this purpose, but can be used for it. Nicely coded.

  • HC Custom WP-Admin URL Looking at the source code, it uses .htaccess for something; avoid it.

  • Hide My WP Is the only Premium plugin. Hide My Wordpress PRO The free version is Hide My WordPress

    Option to protect login works exactly the same as in Total Security (Login Query + Admin Login Key)

  • SF Move Login will nicely, with the help of the rewrite rules, change login, logoff, register and other links. Very nice and simple.

    Similar functionality, without rewrite rules, can be found in lot of other plugins.

Coexistence with caching plugins

If you’re using a page caching plugin you should add the slug of the new login url to the list of pages not to cache. This is why I think better is to use slug than change URL, as that will not require any change in cache plugins or web server config files.

Then again, if I plan to rename wp-content, I would probably have to add exceptions for it anyway in caching plugins.


sjinks/ww-hide-wplogin: A WordPress plugin to hide wp-login.php and use a custom URL for logging in.


date 15. Sep 2016 | modified 17. Jan 2023
filename: Plugins » Security › Login URL