Title: Block wp-login Author: Oliver Campion Published: 7. april 2017 Last modified: 18. mai 2026 --- Søk gjennom innstikk ![](https://ps.w.org/block-wp-login/assets/banner-772x250.jpg?rev=1633496) ![](https://ps.w.org/block-wp-login/assets/icon-256x256.jpg?rev=1633496) # Block wp-login Av [Oliver Campion](https://profiles.wordpress.org/domainsupport/) [Last ned](https://downloads.wordpress.org/plugin/block-wp-login.1.5.6.zip) * [Detaljar](https://nn.wordpress.org/plugins/block-wp-login/#description) * [Omtalar](https://nn.wordpress.org/plugins/block-wp-login/#reviews) * [Installasjon](https://nn.wordpress.org/plugins/block-wp-login/#installation) * [Utvikling](https://nn.wordpress.org/plugins/block-wp-login/#developers) [Hjelp](https://wordpress.org/support/plugin/block-wp-login/) ## Skildring #### Block Access to wp-login.php This plugin does the following: * Locates wp-login.php in your WordPress installation and duplicates it * Locates .htaccess and inserts lines to block the default wp-login.php and creates a new secret address to use for legitimate login * Will email the site admin if an administrator signs in with an un-recognised IP address When installed your server will return “403 Forbidden“ when attempts are made to access the default wp-login.php file. This has two benefits; it prevents hackers from using brute force methods to hack your website and it reduces the load on the server when such brute force attacks are launched on your site as WordPress isn’t run at all. Please note, this plugin uses .htaccess so is only compatible with Apache web servers, it is not compatible with Nginx web servers. ## Installasjon Easily prevent access to the default wp-login.php file: 1) Install Block wp-login automatically or by uploading the ZIP file. 2) Activate the plugin through the ‘Plugins’ menu in WordPress. 3) Once activated, visit “Settings– Permalinks” in the admin menu. 4) At the bottom of the page enter a new login address next to “Block wp-login” or click to create a random address. 5) Make sure you make a note of the new address you will need to use to sign in. 6) Save the settings. Although this plugin now detects when WordPress has been upgraded and re-installs itself, when upgrading WordPress core, you should still make sure you deactivate this plugin first just in case there is an issue. ## Vanlege spm. * What is /wp-login.php ? This is the login page for WordPress; hundreds or thousands of hits to this page is not normal and is almost certainly a brute force attempt to hack the admin password. ## Omtalar ![](https://secure.gravatar.com/avatar/37dd5c34230cc76b819207d732670ec2eadb232e90a46a537a98c517dceae414? s=60&d=retro&r=g) ### 󠀁[Best of Breed](https://wordpress.org/support/topic/best-of-breed-13/)󠁿 [STIJL](https://profiles.wordpress.org/stijl/) 8. juli 2023 1 reply After using other “hide login” alternatives with varied crappy results, webd’s Block wp-login actually works well and does what it needs to do without challenging the admin. If you want to hide your login – this is it. ![](https://secure.gravatar.com/avatar/a1682ac235d4bd3eca2c961f6dcc2da9f637bdb758bfa4f3255d9bd7616b5591? s=60&d=retro&r=g) ### 󠀁[Turned against me after 2 months](https://wordpress.org/support/topic/turned-against-me-after-2-months/)󠁿 [ktk77](https://profiles.wordpress.org/ktk77/) 6. september 2022 3 replies The customized login URL stopped working, leading to a «403 Forbidden» page and locking me out of my site. I had to resolve the situation through my host, after which I got back into my dashboard and deactivated this plugin (which, as of this writing, hasn’t even been updated in 4 months). A highly inconvenient experience following several weeks of relatively smooth performance. User beware. ![](https://secure.gravatar.com/avatar/590c1a85322729f2345aa128684db6522b37951ea328215b6f501ed8439c0a91? s=60&d=retro&r=g) ### 󠀁[Found It!](https://wordpress.org/support/topic/found-it-6/)󠁿 [Jimmy Lee](https://profiles.wordpress.org/shirtguy72/) 27. april 2022 1 reply After being abandoned and not updated in 5 years, SF Move Login plugin finally started throwing me errors, started a quest to find another login security plugin written as smart or smarter than that little gem … FOUND IT! Really love your approach here, Scientifically Whitty! 5-Stars ALL DAY LONG! Thank you and Best Wishes! ![](https://secure.gravatar.com/avatar/c1d75c639701a4bdf08f01d660645c71b6dac51a391141473ad400c378baf4e6? s=60&d=retro&r=g) ### 󠀁[Lightweight and superb](https://wordpress.org/support/topic/lightweight-and-superb/)󠁿 [TrishaM](https://profiles.wordpress.org/trisham/) 12. januar 2021 2 replies This plugin does exactly what I need it to do, it hides my login page, and doesn’t carry extra weight or complexity. I added this after I discovered a ton of (unsuccessful) attempts to hack into my site through the login process (in addition to requiring all my users to update their passwords to something much stronger). I realize where there is a will there is a way and I’ll still be at risk if one or more of my *users* gets hacked and their saved login link and credentials get stolen, but I sure sleep better at night now knowing that my site is just a bit safer. ![](https://secure.gravatar.com/avatar/10dcfe93dc1b2f91203c193c10f7b6972083577016e9f733976b8d362cffc9d1? s=60&d=retro&r=g) ### 󠀁[Great protection against hackers](https://wordpress.org/support/topic/great-protection-against-hackers/)󠁿 [andybull](https://profiles.wordpress.org/andybull/) 8. januar 2018 Adds a reassuring additional level of security against hackers ![](https://secure.gravatar.com/avatar/f7879bf74088f0c95a84aaa42296b3b90dbfc5a3f8cf939d6255f3299620f98c? s=60&d=retro&r=g) ### 󠀁[A valuable tool](https://wordpress.org/support/topic/a-valuable-tool-2/)󠁿 [f5nn9s3f8](https://profiles.wordpress.org/f5nn9s3f8/) 21. april 2017 A valuable tool to combat security issues facing WordPress users. [ Les alle 9 omtalar ](https://wordpress.org/support/plugin/block-wp-login/reviews/) ## Bidragsytarar og utviklarar “Block wp-login” is open source software. The following people have contributed to this plugin. Contributors * [ Oliver Campion ](https://profiles.wordpress.org/domainsupport/) “Block wp-login” er omsett til 2 språk. Takk til [omsetjarane](https://translate.wordpress.org/projects/wp-plugins/block-wp-login/contributors) for bidraga deira. [Omset “Block wp-login” til ditt eige språk.](https://translate.wordpress.org/projects/wp-plugins/block-wp-login) ### Interested in development? [Les kjeldekoden](https://plugins.trac.wordpress.org/browser/block-wp-login/), sjekk [SVN-lageret](https://plugins.svn.wordpress.org/block-wp-login/) eller abonner på [utviklingsloggen](https://plugins.trac.wordpress.org/log/block-wp-login/) med [RSS](https://plugins.trac.wordpress.org/log/block-wp-login/?limit=100&mode=stop_on_copy&format=rss). ## Endringslogg #### 1.5.6 * Fix a minor issue highlighted by «Plugin Check» code review and preparing for WordPress v7.0 #### 1.5.5 * Fix a minor bug and general housekeeping preparing for «Plugin Check» code review #### 1.5.4 * Updated race condition prevention when WordPress core version changes #### 1.5.3 * I18N issues resolved thanks to Alex Lion @alexclassroom and added a transient check to prevent a race condition when WordPress core is updated #### 1.5.2 * General housekeeping #### 1.5.1 * Added an option to email the site admin if an administrator signs in with an un-recognised IP address * Added translation strings #### 1.5 * General housekeeping #### 1.4.9 * Fixed bug that causes an error if the login_url hook is fired early #### 1.4.8 * Preparing for WordPress v6.0 #### 1.4.7 * Fixed a cookie related bug with Google Chrome preventing login #### 1.4.6 * Fixed bugs when .htaccess cannot be opened * Removed all PHP short tags #### 1.4.5 * Preparing for WordPress v5.8 #### 1.4.4 * General housekeeping #### 1.4.3 * General housekeeping #### 1.4.2 * Added an option to send login URL reminders when saving Permalink settings #### 1.4.1 * Added random login generator. #### 1.4.0 * Premium functionality is now free! #### 1.3.9 * Bug fix #### 1.3.8 * Removed functionality now dealt with by Deny All Firewall #### 1.3.7 * Yet more fixes for compatibility with WordPress 5.3 #### 1.3.6 * Further fixes for compatibility with WordPress 5.3 #### 1.3.5 * Fixed a bug that blocked Admin Email Verification in WordPress 5.3 #### 1.3.4 * Integrated plugin with new Deny All Firewall plugin #### 1.3.3 * Plugin now allows password protected posts and pages to work #### 1.3.2 * Important security update #### 1.3.1 * Important security update #### 1.3.0 * Automated upgrade activation facility * Bug fixes #### 1.2.4 * Bug fix #### 1.2.3 * Updating new developer / activation domain * Updating tested version #### 1.2.2 * Bug fixes. #### 1.2.1 * WordPress upgrade email re-worded #### 1.2.0 * Plugin now automatically detects when WordPress has been upgraded and re-installs itself. * Bug fixed for when wp_mail() isn’t working #### 1.1.7 * Bug fixes. #### 1.1.6 * Plugin now upgrades automatically when activated if licensed. #### 1.1.5 * Plugin is now internationalised ready for translation. * Help banner admin notice now appears until plugin has been configured. * Added help links on the settings page and added this information to the FAQ. * Minor bug fixes. #### 1.1.4 * Blocking admin-ajax.php now allows commands when inniated from /wp-admin/. * Blank user or site owner emails won’t break saving settings. * Duplicate emails are not sent now when site owner and user email addresses are the same. * Options to block admin-ajax.php, wp-cron.php, xmlrpc.php and robots.txt are disabled until wp-login.php block is activated. #### 1.1.3 * Plugin now emails all Administrators and the email set in General Settings with the new login URL. #### 1.1.2 * Added option to block admin-ajax.php, wp-cron.php, xmlrpc.php and robots.txt for the free plugin. #### 1.1.1 * Bug fixes. * Option to block wp-cron.php, admin-ajax.php and robots.txt for upgraded plugin. #### 1.1.0 * Plugin re-written to make use of «Settings – Permalinks» so upgraded plugin can choose custom login slug. * Plugin now reverses changes when deactivated. * Plugin creates random login slug. #### 1.0.0 * First, beta version of the plugin. ## Om * Version **1.5.6** * Last updated **2 veker sidan** * Active installations **600+** * WordPress version ** 3.5.0 eller nyare ** * Tested up to **7.0** * PHP version ** 5.6 eller nyare ** * Languages * [English (UK)](https://en-gb.wordpress.org/plugins/block-wp-login/), [English (US)](https://wordpress.org/plugins/block-wp-login/) og [Russian](https://ru.wordpress.org/plugins/block-wp-login/). * [Omset til språket ditt](https://translate.wordpress.org/projects/wp-plugins/block-wp-login) * Tags * [block hackers](https://nn.wordpress.org/plugins/tags/block-hackers/)[login security](https://nn.wordpress.org/plugins/tags/login-security/) [secure](https://nn.wordpress.org/plugins/tags/secure/)[security](https://nn.wordpress.org/plugins/tags/security/) [security plugin](https://nn.wordpress.org/plugins/tags/security-plugin/) * [Avansert vising](https://nn.wordpress.org/plugins/block-wp-login/advanced/) ## Vurderingar 4.7 out of 5 stars. * [ 8 5-star reviews ](https://wordpress.org/support/plugin/block-wp-login/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/block-wp-login/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/block-wp-login/reviews/?filter=3) * [ 1 2-star review ](https://wordpress.org/support/plugin/block-wp-login/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/block-wp-login/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/block-wp-login/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/block-wp-login/reviews/) ## Contributors * [ Oliver Campion ](https://profiles.wordpress.org/domainsupport/) ## Hjelp Har du noko å seia? Treng du hjelp? [Sjå hjelpeforumet](https://wordpress.org/support/plugin/block-wp-login/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://webd.uk/product/support-us/)