Custom login page for WordPress
How to rename wp-login.php and protect WordPress from automated brute-force and bot attacks. It's a great tool for reducing attack surface.
WP Cerber Security lets you easily and safely change the default login page wp-login.php to whatever you want. In other words, you can set up your own custom login page (custom login URL means the same) and hide wp-login.php from automated attacks. You don’t need to edit the .htaccess file manually or rename your actual wp-login.php file. With Cerber you can do it in several clicks.
- Go to the plugin Main Settings admin page.
- Enter your new desired login URL into the Custom login URL field and click Save settings.
- The plugin will send a new URL to the admin email.
- If you use a caching plugin, add your new login URL to the list of pages not to cache.
- Make sure that your new login URL works correctly and you can use it to log in. Do that in an incognito browser window. Do not log out of your website.
- Once you’ve made sure that your new login URL works, check Block direct access to wp-login.php and return HTTP 404 Not Found Error and click Save settings.
- It’s recommended to check Disable automatic redirecting to the login page when /wp-admin/ is requested by an unauthorized request
- Bookmark your new Custom login URL. If you forget it, you will not be able to log in.
- If you use a caching plugin like W3 Total Cache or WP Super Cache you have to add the slug of the new Custom login URL to the list of pages not to cache.
- For WP multisite mode login URL will be changed for all sites globally.
- Never rename wp-login.php file directly. After updating your WordPress to a newer version, wp-login.php will be accessible for intruders again.
Troubleshooting Custom login URL feature
If you’ve set up your Custom login URL and after a while forgot it, first of all, check the site admin email box for a notification email about your new login URL. In that email , you can find your Custom login URL. If you are unable to find that email , you need to reinstall the plugin manually following the steps below.
- Delete the plugin folder /wp-cerber/ manually by using FTP or any File Manager (in your hosting control panel) that is provided by your hosting provider.
- Log into your WordPress dashboard as usual by using default /wp-login.php URL or another way that you are used to using.
- Install and activate the WP Cerber Security plugin again.
- Go to the plugin Main Settings page.
- Check Custom login URL field. It displays your Custom login URL that you have to use. Remember it!
See also: How to hide wp-admin and wp-login.php from possible attacks
Last posts from WordPress security blog
- How to clean up activity and live traffic logs February 16, 2018
- How to protect WordPress against CVE-2018-6389 DoS attacks February 11, 2018
- WP Cerber Security 6.2 February 7, 2018
- Traffic Inspector and logging how to February 5, 2018
- Development version 6.1.3 February 1, 2018