Àpèjúwe
Secure Login Shield helps you lock down your WordPress login page.
By default, WordPress exposes /wp-login.php and /wp-admin/. Bots hammer these URLs every day.
This plugin gives you a private login slug (e.g. /dragon-lair) and hides the default login endpoint:
- Defaults to
/wp-login.phpuntil you change it. - Once changed, only your custom slug works.
- Direct access to
/wp-login.phpshows a 404 Not Found (stealth mode). - Logged-out visitors hitting
/wp-admin/are redirected to the homepage. - Deactivate the plugin everything reverts to normal.
Made with ❤️ by Ben Treder
Features
- Private login slug (e.g.
/dragon-lair,/control-center,/secret-gate) - Stealth 404 protection: Bots hitting
/wp-login.phpsee “Not Found” - Homepage redirect:
/wp-admin/(logged out) homepage - Easy settings page under Settings Secure Login Shield
- Safe activation/deactivation: no core hacks, auto-reverts when disabled
Contribute & Support
- Website: BenTreder.com
- Author: Ben Treder
- Issues & Feature Requests: Please open a ticket on BenTreder.com
- Like this plugin? ⭐ Leave a review and help spread the word!
- ☕ Support development: Buy Me a Coffee
Àwọn àwòrán ìbòjú
Settings page showing the default login slug (/wp-login.php) 
Settings page with a custom private slug (/dragon-lair)
Ìgbéwọlẹ̀
- Upload the
secure-login-shieldfolder to the/wp-content/plugins/directory or install via Plugins Add New Upload. - Activate the plugin through the “Plugins” menu in WordPress.
- Go to Settings Secure Login Shield.
- Set your private slug (example:
dragon-lair). - Go to Settings Permalinks Save Changes (refresh rewrite rules).
- If you use a caching plugin or CDN, clear cache to avoid stale redirects.
- Log in using
https://yoursite.com/dragon-lair.
Important: Bookmark your new login URL! If you forget it, you’ll need to disable the plugin via FTP or database.
FAQ
-
Will this break my site?
-
No. By default it uses
/wp-login.phpuntil you change it. Deactivating the plugin instantly reverts WordPress to normal behavior. -
Can I completely block /wp-login.php?
-
Yes. Once you set a slug,
/wp-login.php(and actions) return a 404 Not Found. -
What if I forget my private slug?
-
Deactivate the plugin via FTP (delete or rename
secure-login-shield). WordPress will go back to/wp-login.php. -
Does this work with caching plugins or CDNs?
-
Yes, but after changing your slug, you should clear cache/CDN to avoid serving stale redirects.
Àwọn àgbéyẹ̀wò
Àwọn Olùkópa & Olùgbéejáde
“Secure Login Shield” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí plugin yìí.
Àwọn Olùkópa
Túmọ̀ “Secure Login Shield” sí èdè rẹ.
Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?
Ṣàwárí koodu, ṣàyẹ̀wò ibi ìpamọ́ SVN, tàbí ṣe àgbékalẹ̀ sí àkọsílẹ̀ ìdàgbàsókè nípasẹ̀ RSS.
Àkọsílẹ̀ àwọn àyípadà
2.0.5
- Corrected WordPress.org release versioning after the Secure Login Shield audit.
- Confirmed WordPress 7.0 compatibility metadata.
- Kept the free plugin focused on private login URL protection, stealth 404 behavior, and logged-out wp-admin redirect protection.
1.3.0
- Rebrand to Secure Login Shield by Ben Treder
- Default slug remains
/wp-login.php(safe on first install) - Added activation notice: Save permalinks + clear cache after activation
- Stealth 404 mode enforced when custom slug is chosen
- Homepage redirect for logged-out visits to
/wp-admin/
1.2.0
- Added stealth 404 mode
- Improved security enforcement
1.1.0
- Redirected /wp-admin/ homepage for logged-out users
1.0.0
- Initial release with custom login slug + wp-login.php block