Fierder nei ynhâld
WordPress.org

Frysk

  • Tema’s
  • Plugins
  • Nijs
  • Oer
  • Oer
  • Kontakt
  • Krij WordPress
Krij WordPress
WordPress.org

Plugin Directory

Treder Secure Login Shield

  • Submit a plugin
  • My favorites
  • Log in
  • Submit a plugin
  • My favorites
  • Log in

Treder Secure Login Shield

Troch Ben Treder
Download
  • Details
  • Resinsjes
  • Ynstallaasje
  • Ûntwikkeling
Stypje

Beskriuwing

Secure Login Shield helps you lock down your WordPress login page.
By default, WordPress exposes /wp-login.php and /wp-admin/. Bots hammer these URLs every day.

This plugin gives you a private login slug (e.g. /dragon-lair) and hides the default login endpoint:

  • Defaults to /wp-login.php until you change it.
  • Once changed, only your custom slug works.
  • Direct access to /wp-login.php shows a 404 Not Found (stealth mode).
  • Logged-out visitors hitting /wp-admin/ are redirected to the homepage.
  • Deactivate the plugin → everything reverts to normal.

Made with ❤️ by Ben Treder

Features

  • Private login slug (e.g. /dragon-lair, /control-center, /secret-gate)
  • Stealth 404 protection: Bots hitting /wp-login.php see “Not Found”
  • Homepage redirect: /wp-admin/ (logged out) → homepage
  • Easy settings page under Settings → Secure Login Shield
  • Safe activation/deactivation: no core hacks, auto-reverts when disabled

Contribute & Support

  • Website: BenTreder.com
  • Author: Ben Treder
  • Issues & Feature Requests: Please open a ticket on BenTreder.com
  • Like this plugin? ⭐ Leave a review and help spread the word!
  • ☕ Support development: Buy Me a Coffee

Skermôfbyldings

Settings page showing the default login slug (/wp-login.php)
Settings page showing the default login slug (/wp-login.php)
Settings page with a custom private slug (/dragon-lair)
Settings page with a custom private slug (/dragon-lair)

Ynstallaasje

  1. Upload the secure-login-shield folder to the /wp-content/plugins/ directory or install via Plugins → Add New → Upload.
  2. Activate the plugin through the “Plugins” menu in WordPress.
  3. Go to Settings → Secure Login Shield.
  4. Set your private slug (example: dragon-lair).
  5. Go to Settings → Permalinks → Save Changes (refresh rewrite rules).
  6. If you use a caching plugin or CDN, clear cache to avoid stale redirects.
  7. Log in using https://yoursite.com/dragon-lair.

Important: Bookmark your new login URL! If you forget it, you’ll need to disable the plugin via FTP or database.

FAQ

Will this break my site?

No. By default it uses /wp-login.php until you change it. Deactivating the plugin instantly reverts WordPress to normal behavior.

Can I completely block /wp-login.php?

Yes. Once you set a slug, /wp-login.php (and actions) return a 404 Not Found.

What if I forget my private slug?

Deactivate the plugin via FTP (delete or rename secure-login-shield). WordPress will go back to /wp-login.php.

Does this work with caching plugins or CDNs?

Yes, but after changing your slug, you should clear cache/CDN to avoid serving stale redirects.

Resinsjes

Great plugin

urosjovanovic 22 septimber, 2025
Secure Login Shield is a great plugin! Easy to use and very effective at protecting your site.
Lês alle 1 resinsje

Meiwurkers & amp; Untwikkelders

“Treder Secure Login Shield” is iepen boarne software. De folgjende minsken hawwe bydroegen oan dizze plugin.

Meiwurkers
  • Ben Treder

Oersette “Treder Secure Login Shield” yn jo taal.

Ynteressearre yn ûntwikkeling?

Blêdzje troch de koade , besjoch de SVN-repository , of abonnearje op it ûntwikkelingslogboek troch RSS .

Feroaringslog

2.0.6

  • Rebranded the visible plugin name to Treder Secure Login Shield.
  • Fixed the WordPress.org contributor username to bdtreder.
  • No slug, ZIP base name, folder name, text domain, settings, or login behavior changes.

2.0.5

  • Corrected WordPress.org release versioning after the Secure Login Shield audit.
  • Confirmed WordPress 7.0 compatibility metadata.
  • Kept the free plugin focused on private login URL protection, stealth 404 behavior, and logged-out wp-admin redirect protection.

1.3.0

  • Rebrand to Secure Login Shield by Ben Treder
  • Default slug remains /wp-login.php (safe on first install)
  • Added activation notice: Save permalinks + clear cache after activation
  • Stealth 404 mode enforced when custom slug is chosen
  • Homepage redirect for logged-out visits to /wp-admin/

1.2.0

  • Added stealth 404 mode
  • Improved security enforcement

1.1.0

  • Redirected /wp-admin/ → homepage for logged-out users

1.0.0

  • Initial release with custom login slug + wp-login.php block

Meta

  • Version 2.0.6
  • Last updated 1 moanne yn ôl
  • Active installations Minder as 10
  • WordPress version 6.0 of heger
  • Tested up to 7.0.1
  • PHP version 7.4 of heger
  • Language
    English (US)
  • Tags
    custom loginhardeningloginsecuritywp login
  • Avansearre werjefte

Wurdearrings

5 out of 5 stars.
  • 1 5-star review 5 stars 1
  • 0 4-star reviews 4 stars 0
  • 0 3-star reviews 3 stars 0
  • 0 2-star reviews 2 stars 0
  • 0 1-star reviews 1 star 0

Your review

See all reviews

Meiwurkers

  • Ben Treder

Stypje

Hast wat te sizzen? Help nedich hawwe?

Besjoch stipefoarum

Doar

Wolle jo de foarútgong fan dizze plugin stypje?

Donearje oan dizze plugin

  • Oer
  • Nijs
  • Hosting
  • Privacy
  • Showcase
  • Tema's
  • Plugins
  • Patterns
  • Leare
  • Stypje
  • Untwikkelders
  • WordPress.tv ↗
  • Belutsen reitsje
  • Events
  • Donate ↗
  • Fiif foar de takomst
  • WordPress.com ↗
  • Matt ↗
  • bbPress ↗
  • BuddyPress ↗
WordPress.org
WordPress.org

Frysk

  • Visit our X (formerly Twitter) account
  • Visit our Bluesky account
  • Visit our Mastodon account
  • Visit our Threads account
  • Besykje ús Facebook side
  • Besykje ús Instagram-akkount
  • Besykje ús LinkedIn akkount
  • Visit our TikTok account
  • Visit our YouTube channel
  • Visit our Tumblr account
Koade is Poëzij.
The WordPress® trademark is the intellectual property of the WordPress Foundation.