Maybe in the future, some advanced Login protection will be recommended. For now I just want basic renaming.
Hide Login URL
Plugins with this option:
except it blocks AJAX calls because it not only blocks login but also admin folder. Note the option name: Hide “wp-login.php” and “wp-admin” folder And admin-ajax.php is inside wp-admin folder :()
admin-ajax.php 404 (Not Found)
Secure Hidden Login Allows you to create custom URLs for user’s login, logout and admin’s login page, without editing any .htaccess files. Those attempting to gain access to your login form will be automatcally redirected to a customizable URL. Hide “wp-admin” folder.
iThemes Security (formerly Better WP Security) has also ability to changes the URLs for WordPress dashboard areas including login.
Shield WordPress Security also has login protection option.
WPS Hide Login | tabrisrp/wps-hide-login
Active installs 60000+. Changes the URL without option to add query parameters. The only one of small ones that have valid uninstall procedure; nice source code. It is also multisite compatible.
For W3 Total Cache and WP Super Cache this plugin will give you a message with a link to the field you should update.
I prefer this fork over original isuelde’s one (rename-wp-login) mentioned below, because she already stopped developing once.
Everything as expected; exactly the same as WPS Hide Login (as they are the same plugins).
WPS Hide Login is a fork of this plugin, which was then unmaintained (Jan 2015) but started developing again in Jan 2016.
Rename wp-login.php to anything you want Obvously stolen code from couple of plugins. For one, same as WPS Hide Login, but with added login security brute-force blocking based on IP. But when I saw author’s site (travis.ga) empty (Website has been destroyed?) I decided this must be forgotten.
Unauthorised Login Redirect Same query parameter way of protection (slug text). Something is not coded properly - input form is buggy, but at the end specifying
/wp-login.php, login_key, etkworked as expected. Rating plugins worked also.
Easy Hide Login Seems very nice and concise. Uses “slug URL” in format: http://site.com?anyslug So link in format
?login_key=etkworks without problems. I think it is not multisite compatible, but maybe just works. But there is an important problem: can’t logout properly :(
Hidden WP Admin Is not exactly for this purpose, but can be used for it. Nicely coded.
HC Custom WP-Admin URL Looking at the source code, it uses .htaccess for something; avoid it.
Option to protect login works exactly the same as in Total Security (Login Query + Admin Login Key)
SF Move Login will nicely, with the help of the rewrite rules, change login, logoff, register and other links. Very nice and simple.
Similar functionality, without rewrite rules, can be found in lot of other plugins.
Coexistence with caching plugins
If you’re using a page caching plugin you should add the slug of the new login url to the list of pages not to cache. This is why I think better is to use slug than change URL, as that will not require any change in cache plugins or web server config files.
Then again, if I plan to rename wp-content, I would probably have to add exceptions for it anyway in caching plugins.
- Admin and Site Enhancements can also change login URL
Block login attacks
- Protect wp-login.php file against brute-force attacks: JJJ/brutus