Description
Secure Login Shield helps you lock down your WordPress login page.
By default, WordPress exposes /wp-login.php and /wp-admin/. Bots hammer these URLs every day.
This plugin gives you a private login slug (e.g. /dragon-lair) and hides the default login endpoint:
- Defaults to
/wp-login.phpuntil you change it. - Once changed, only your custom slug works.
- Direct access to
/wp-login.phpshows a 404 Not Found (stealth mode). - Logged-out visitors hitting
/wp-admin/are redirected to the homepage. - Deactivate the plugin everything reverts to normal.
Made with ❤️ by Ben Treder
Features
- Private login slug (e.g.
/dragon-lair,/control-center,/secret-gate) - Stealth 404 protection: Bots hitting
/wp-login.phpsee “Not Found” - Homepage redirect:
/wp-admin/(logged out) homepage - Easy settings page under Settings Secure Login Shield
- Safe activation/deactivation: no core hacks, auto-reverts when disabled
Contribute & Support
- Website: BenTreder.com
- Author: Ben Treder
- Issues & Feature Requests: Please open a ticket on BenTreder.com
- Like this plugin? ⭐ Leave a review and help spread the word!
- ☕ Support development: Buy Me a Coffee
Captures d’écrans
Settings page showing the default login slug (/wp-login.php) 
Settings page with a custom private slug (/dragon-lair)
Installation
- Upload the
secure-login-shieldfolder to the/wp-content/plugins/directory or install via Plugins Add New Upload. - Activate the plugin through the « Plugins » menu in WordPress.
- Go to Settings Secure Login Shield.
- Set your private slug (example:
dragon-lair). - Go to Settings Permalinks Save Changes (refresh rewrite rules).
- If you use a caching plugin or CDN, clear cache to avoid stale redirects.
- Log in using
https://yoursite.com/dragon-lair.
Important: Bookmark your new login URL! If you forget it, you’ll need to disable the plugin via FTP or database.
FAQ
-
Will this break my site?
-
No. By default it uses
/wp-login.phpuntil you change it. Deactivating the plugin instantly reverts WordPress to normal behavior. -
Can I completely block /wp-login.php?
-
Yes. Once you set a slug,
/wp-login.php(and actions) return a 404 Not Found. -
What if I forget my private slug?
-
Deactivate the plugin via FTP (delete or rename
secure-login-shield). WordPress will go back to/wp-login.php. -
Does this work with caching plugins or CDNs?
-
Yes, but after changing your slug, you should clear cache/CDN to avoid serving stale redirects.
Avis
Contributeurs/contributrices & développeurs/développeuses
« Secure Login Shield » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.
Contributeurs
Traduisez « Secure Login Shield » dans votre langue.
Le développement vous intéresse ?
Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.
Journal des modifications
1.3.0
- Rebrand to Secure Login Shield by Ben Treder
- Default slug remains
/wp-login.php(safe on first install) - Added activation notice: Save permalinks + clear cache after activation
- Stealth 404 mode enforced when custom slug is chosen
- Homepage redirect for logged-out visits to
/wp-admin/
1.2.0
- Added stealth 404 mode
- Improved security enforcement
1.1.0
- Redirected /wp-admin/ homepage for logged-out users
1.0.0
- Initial release with custom login slug + wp-login.php block