I don’t offer support through the support forum. Use GitHub instead.
Rename wp-login.php is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.
All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.
It’s also compatible with any plugin that hooks in the login form, including
- Limit Login Attempts,
- and User Switching.
Obviously it doesn’t work with plugins that hardcoded wp-login.php.
Works with multisite, but not tested with subdomains. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.
If you’re using a page caching plugin you should add the slug of the new login url to the list of pages not to cache.
If you wish, you can block wp-login.php with
.htaccess from now on.
- Go to Plugins › Add New.
- Search for Rename wp-login.php.
- Look for this plugin, download and activate it.
- The page will redirect you to the settings. Rename wp-login.php there.
- You can change this option any time you want, just go back to Settings › Permalinks › Rename wp-login.php.
- I forgot my login url!
Either go to your MySQL database and look for the value of
rwl_pagein the options table, or remove the
rename-wp-loginfolder from your
pluginsfolder, log in through wp-login.php and reinstall the plugin.
On a multisite install the
rwl_pageoption will be in the sitemeta table, if there is no such option in the options table.
Thanks and easy to use but not useful for me because you still see the “protected name” in the browser field. Because I use a private site where you automatically get the inlog-page. I was hoping you wouldn’t see the renamed inlog.php.
I use this on every site I build. It works well, adds no complications, and just makes sense. It’s not my only way of securing WP, but it’s one brick in the wall I build around my sites. Using this is just a no-brainer.
I have used this plugin for several years now, and I’ve installed this plugin on all my WordPress installs since I first tried it and I have done a Lot of installs over the years! I have Never had a single problem with this plugin! My malicious login attempts dropped drastically after I started using this plugin. Thank you Ella Iseulde Van Dorpe ! @ Iseulde on Github
I’ve heard people claim many times that there is no security through obscurity. There is no such thing as absolute security – period. Deviating from the obvious wp-login-php helps me filter out well over 99% of false login attempts though.
This makes quite a difference in wasted bandwidth and server activity. I use it on all WP installations I do now.
Thank you, Ella Iseulde Van Dorpe!
This plugin just works – every time. No issues.
This plugin offers a no-nonsense way to change your wp-admin path.
Contributors & Developers
“Rename wp-login.php” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
- Add missing
- Added i18n support.
- Use wp-login.php instead of copying the file.
- Don’t add notices for W3 Total Cache and WP Super Cache.
- WordPress 4.0 compatible.
- WordPress 3.9 compatible.
- Fix issue where the slug reverts to default when saving the permalink structure.
- Fixed SSL issues.
- Set REQUEST_URI back.
- Check if wp-login.php functions exist to avoid future fatal errors.
- Fixed URL filters.
- Fixed issue where requests redirect to the new login page.
- Trailing slash based on the permalink structure.
- Works now with non-pretty permalinks!
- Gives a message when using W3 Total Cache or WP Super Cache to update options.
- Prevents pretty redirects such as /login and /admin.
- Simplifies some code.
- Forces login page with trailing slash.
- Replaces a wp_redirect with wp_safe_redirect.
- Shows error message in the network admin if permalinks are not enabled for the main site.
- This plugin can now be activated for a network and a networkwide default can be set.
- The plugin now hooks in after init to make sure any customisations to the login form are hooked in before it.
- Links should now be fixed when SSL is enabled.
- wp-admin will now have a
wp_die()message instead of a 404 template because this caused problems.
- Minimum version is now 3.8.
- Added updates from wp-login.php in 3.8.
- OOP PHP.
- Requires WordPress 3.7 or higher.
- MultiViews compatible.
- Made compatible with WordPress 3.7.
- Fixed the login link when
- Added a mirror on GitHub.
- Made User Switching compatible.
- Faster page load.
- Fixed 404 error for permalink structures with a prefixed path. “Almost pretty” permalinks work now too.
- Code clean-up.
- Prevents the plugin from working when there is no permalink structure.
- Fixed status code custom login page.
- Blocked access to wp-admin to prevent a redirect the the new login page.
- Initial version.