This plugin is an extension and requires Custom Login (version 4.4.0 or greater) which can be downloaded for free here.

By now you seen all the stories of WordPress sites being vulnerable to brute force attacks. But what does it really mean? Simply put, a hacker or generated computer program is targeting your wp-login.php page and is trying to log in hundreds (if not thousands) of times with the most generic usernames and random “popular” passwords.

One step is to change your admin username. But that still leaves your site open to thousands of login attempts. You can use a login IP limiter, but a hacker can use many IPs or proxy their IP and your website will likely crash before all IPs are blocked. I know, because this happened to me.

Is there a simple solution?

How about hiding the wp-login.php page…

That’s exactingly what Custom Login Stealth Login is intended for. It gives you one solution with two options for unauthorized users.

1. Redirects: If a user doesn’t have the correct “key” and “code”, redirect them away from the page.
2. Die: This is a programming term If a user doesn’t have the correct “key” and “code”, kill the generation of the page with a displayed message.

How to use it

There is really on five options needed for this plugin, and three of those have default values.

1. On/Off
2. Redirect(On)/Kill the page(Off)
3. Redirect URL (when Redirect is “On”)
4. Question (the query variable or “key“)
5. Answer (The query answer or “code“)

Simple! Once setup your login page can only be accessed by visiting yourwebsite.com/wp-login.php?question=answer where question is the question you set and answer is the answer you set in the settings. These settings are defaulted to bypass=true.

Screenshots