Move Login
Add to ListThis plugin forbids access to https://example.com/wp-login.php and creates new urls, like https://example.com/login or https://example.com/logout.
This is a great way to limit bots trying to brute-force your login (trying to guess your login and password). Of course, the new URLs are easier to remember too.
Also remember: the use of this plugin does NOT exempt you to use a strong password. Moreover, never use “admin” as login, this is the first attempt for bots.
By the way, if you are looking for a complete security solution, take a look at SecuPress: Move Login is included inside.
Multisite
Yes! The plugin must be activated from your network.
Note 1: this plugin deals only with wp-login.php
, not with wp-signup.php
nor with wp-activate.php
(yet). That means https://example.com/register will still redirect to https://example.com/wp-signup.php. I think this will be the next step though, but no ETA.
Note 2: if users/sites registrations are open, you shouldn’t use this plugin yet. There are some places where the log in address is hard coded and not filterable. A bug ticket is open.
Requirements
- As of version 2.4, at least PHP 5.3 is required.
- You will need a FTP access: if the
.htaccess
/web.config
file is not writable (you will need to add the given rules manually), or if something is wrong and you can’t log in anymore (see the FAQ in that case). - Should work on IIS7+ servers but not tested (I guess you should probably save a copy of your
web.config
file before the plugin activation). - For Nginx servers, the rewrite rules are not written automatically of course, but they are provided as information in the plugin settings page.
This Plugin was not added to any Plugin Lists yet.