Secure Login Shield
by Ben Treder on WordPress.org
Create a private login URL and hide /wp-login.php with stealth 404s. Logged-out /wp-admin/ visits redirect to your homepage.
(0)
Settings page showing the default login slug (/wp-login.php)
Secure Login Shield helps you lock down your WordPress login page.
By default, WordPress exposes /wp-login.php and /wp-admin/. Bots hammer these URLs every day.
This plugin gives you a private login slug (e.g. /dragon-lair) and hides the default login endpoint:
- Defaults to
/wp-login.phpuntil you change it. - Once changed, only your custom slug works.
- Direct access to
/wp-login.phpshows a 404 Not Found (stealth mode). - Logged-out visitors hitting
/wp-admin/are redirected to the homepage. - Deactivate the plugin everything reverts to normal.
Made with ❤️ by Ben Treder
Features
- Private login slug (e.g.
/dragon-lair,/control-center,/secret-gate) - Stealth 404 protection: Bots hitting
/wp-login.phpsee “Not Found” - Homepage redirect:
/wp-admin/(logged out) homepage - Easy settings page under Settings Secure Login Shield
- Safe activation/deactivation: no core hacks, auto-reverts when disabled
Contribute & Support
- Website: BenTreder.com
- Author: Ben Treder
- Issues & Feature Requests: Please open a ticket on BenTreder.com
- Like this plugin? ⭐ Leave a review and help spread the word!
- ☕ Support development: Buy Me a Coffee
Active installations0+
Weekly downloads
1–
Version1.3.0
Last updated9/20/2025
WordPress version6.0
Tested up to6.8.2
PHP version7.4
Tags
custom loginhardeningloginsecuritywp login
