Mô tả
Secure Login Shield helps you lock down your WordPress login page.
By default, WordPress exposes /wp-login.php and /wp-admin/. Bots hammer these URLs every day.
This plugin gives you a private login slug (e.g. /dragon-lair) and hides the default login endpoint:
- Defaults to
/wp-login.phpuntil you change it. - Once changed, only your custom slug works.
- Direct access to
/wp-login.phpshows a 404 Not Found (stealth mode). - Logged-out visitors hitting
/wp-admin/are redirected to the homepage. - Deactivate the plugin everything reverts to normal.
Made with ❤️ by Ben Treder
Features
- Private login slug (e.g.
/dragon-lair,/control-center,/secret-gate) - Stealth 404 protection: Bots hitting
/wp-login.phpsee “Not Found” - Homepage redirect:
/wp-admin/(logged out) homepage - Easy settings page under Settings Secure Login Shield
- Safe activation/deactivation: no core hacks, auto-reverts when disabled
Contribute & Support
- Website: BenTreder.com
- Author: Ben Treder
- Issues & Feature Requests: Please open a ticket on BenTreder.com
- Like this plugin? ⭐ Leave a review and help spread the word!
- ☕ Support development: Buy Me a Coffee
Ảnh màn hình
Settings page showing the default login slug (/wp-login.php) 
Settings page with a custom private slug (/dragon-lair)
Cài đặt
- Upload the
secure-login-shieldfolder to the/wp-content/plugins/directory or install via Plugins Add New Upload. - Activate the plugin through the “Plugins” menu in WordPress.
- Go to Settings Secure Login Shield.
- Set your private slug (example:
dragon-lair). - Go to Settings Permalinks Save Changes (refresh rewrite rules).
- If you use a caching plugin or CDN, clear cache to avoid stale redirects.
- Log in using
https://yoursite.com/dragon-lair.
Important: Bookmark your new login URL! If you forget it, you’ll need to disable the plugin via FTP or database.
Hỏi đáp
-
Will this break my site?
-
No. By default it uses
/wp-login.phpuntil you change it. Deactivating the plugin instantly reverts WordPress to normal behavior. -
Can I completely block /wp-login.php?
-
Yes. Once you set a slug,
/wp-login.php(and actions) return a 404 Not Found. -
What if I forget my private slug?
-
Deactivate the plugin via FTP (delete or rename
secure-login-shield). WordPress will go back to/wp-login.php. -
Does this work with caching plugins or CDNs?
-
Yes, but after changing your slug, you should clear cache/CDN to avoid serving stale redirects.
Đánh giá
Người đóng góp & Lập trình viên
“Secure Login Shield” là mã nguồn mở. Những người sau đã đóng góp vào plugin này.
Những người đóng góp
Dịch “Secure Login Shield” sang ngôn ngữ của bạn.
Muốn tham gia phát triển?
Duyệt code, check out SVN repository, hoặc theo dõi nhật ký phát triển qua RSS.
Nhật ký thay đổi
2.0.5
- Corrected WordPress.org release versioning after the Secure Login Shield audit.
- Confirmed WordPress 7.0 compatibility metadata.
- Kept the free plugin focused on private login URL protection, stealth 404 behavior, and logged-out wp-admin redirect protection.
1.3.0
- Rebrand to Secure Login Shield by Ben Treder
- Default slug remains
/wp-login.php(safe on first install) - Added activation notice: Save permalinks + clear cache after activation
- Stealth 404 mode enforced when custom slug is chosen
- Homepage redirect for logged-out visits to
/wp-admin/
1.2.0
- Added stealth 404 mode
- Improved security enforcement
1.1.0
- Redirected /wp-admin/ homepage for logged-out users
1.0.0
- Initial release with custom login slug + wp-login.php block