Change WordPress Login Page without a PlugIn

WordPress is the most popular way to create your website or blog. It is an open-source content management system that allows you to manage important aspects of your website without knowing anything about programming. WordPress also supports plugins, which are small applications that work within the software framework to offer additional functionality. 

This blog is running WordPress (I am not giving away any big secret as it is easy enough to find this out). WordPress has the popularity, leaving many “bad actors” who try to compromise WordPress sites with brute force login attacks. There are plugins available, such as Limit Login Attempts Reloaded, that help prevent malicious attacks targeting your login page. With this plugin, you can limit the number of failed login attempts and lock out users who attempt to login incorrectly on several attempts.

Another way to protect your WordPress Site from brute force login attacks is to change your login page. Changing your login page makes it more difficult for malicious login attempts because your login is not one of the known login pages. Several plugins are available for you, but it is easy to do without adding additional plugins to your site. Using a Plugin generally does not require any programming knowledge. Please note that doing this without a plugin  does require some programming knowledge, and before ever making any changes, you should always back up your site.

  1. The default login page is wp-login.php. Download this file from your website and open it with a text editor.
  2. Replace all occurrences of wp-login.php in the file with the name of the file you’d like for your login page (keep the PHP extension)
  3. Save the file with the same name you replaced the wp-login.php page value with in the file.
  4. Delete or rename the old wp-login.php file
  5. Upload your new login file
  6. You can now log in using the link <homepage WordPress baseurl>/<your login page>; replace the values with your values.

WordPress allows for filter hooks to override specific actions within the framework. After you rename the login page, you should set a few hooks to properly redirect a user when they log out of your site.

add_filter( 'logout_url', function(){
	$login_url = wp_nonce_url(site_url('.php')."?action=logout", 'log-out');
	return $login_url;						  
}, 30, 2);
add_filter( 'logout_redirect', function() {return esc_url( home_url() );}, 30, 2 );

The above hooks will set urls to use when a user logs out of your site and the page they will be redirected after the logout.

Add the hooks to the functions.php file of your theme. Make a note and save the code for the hooks added. If the function.php file is updated and replaced the hooks will need to be added to the file again.

Note: There is a hook for the ‘login_url’ if you want the default login to route to your new page. Setting the hook does make the page visible again as a different page name. Do not set the hook if you intend to mask this page to make it more difficult to find.

Leave a Reply

Your email address will not be published.