What is the Hide WordPress Login Page feature and how to use it?

Hide WordPress Login Page feature is a part of the Login Guard module. It hides your wp-login.php page from brute force attacks and hacking attempts - if your login page cannot be found, no-one can login.

Important: This is not required for complete security and if your site has irregular or inconsistent configuration it might not work for you. Before you use this feature, we highly recommend to learn what behavior you may expect first

How to hide your WordPress login page

Simply supply a string of text (only letters and numbers are permitted) and this will immediately become your new login URL.

Example

Your current login page URL is " www.example.com".

If you rename it to the "secureurltest", then your new login URL will be:

www.example.com/secureurltest

Remember: The only way to access your WordPress login page is through the new URL you have created.

Note: This will not rename the original wp-login.php file. Also, this original file will not and can't be deleted.

You cannot delete the wp-login.php file, as Shield includes this file when a visitor attempts to access the "new" login URL. When a visitor attempts to access the original login URL directly, Shield will intercept the request and block it, presenting a pseudo-404 response as if the file doesn't exist.

To test it, you can login into your site on 1 web browser, and temporarily change the login URL. You won't be logged out.

You can then use a different web browser to try and access the old and new URLs to see how they work for you. If you don't like how it functions, you can use your original browser to turn off the feature.

For more information on how to use Hide WordPress Login Page feature, read the article here.

You may also read our blog article about this here.

Remember if you use this feature and it doesn't work on your site as expected, you can always regain access to site using this method.

The value you put into this option is only the last part of the URL path.

  • You don't not need to put in your WordPress site URL
  • You don't need to put in a forward slash

Example of possible values for this options:

  • mysecretloginurl
  • abc123def456
  • ilikethisplugin
  • securityiscool

Please note that, If you use any other characters, they will be filtered out.

Remember: You do not need to put in your WordPress URL. We automatically use your WordPress URL and display your new login URL beneath the text box. (see the screenshot above)

We also recommend you to read: