Block wp-login
This plugin completely blocks access to wp-login.php and creates a new secret login URL
4.7(9 reviews)
·600 active installs·Updated 4 months agoAs of April 2026, Block wp-login is a WordPress secure plugin with 600 active installations and a 4.7/5 rating from 9 reviews. It has been downloaded 20K+ times in total. Requires WordPress 3.5.0+ and PHP 5.6+. Available on WordPress.org since 2017. Top alternative: BBQ Firewall – Fast & Powerful Firewall….
4.7/59 reviews
600active installs
20K+total downloads
9 yearssince 2017
Overview
Block Access to wp-login.php
This plugin does the following:
- Locates wp-login.php in your WordPress installation and duplicates it
- Locates .htaccess and inserts lines to block the default wp-login.php and creates a new secret address to use for legitimate login
- Will email the site admin if an administrator signs in with an un-recognised IP address
When installed your server will return “403 Forbidden“ when attempts are made to access the default wp-login.php file. This has two benefits; it prevents hackers from using brute force methods to hack your website and it reduces the load on the server when such brute force attacks are launched on your site as WordPress isn’t run at all.
Please note, this plugin uses .htaccess so is only compatible with Apache web servers, it is not compa…
Ratings & Reviews
4.79 reviews
5 ★
8
4 ★
0
3 ★
0
2 ★
1
1 ★
0
Compatibility
| WordPress | 3.5.0+ requiredTested up to 6.9.4 |
| PHP | 5.6+ required |
Top Alternatives to Block wp-login
Frequently Asked Questions
Changelog
1.5.5
- Fix a minor bug and general housekeeping preparing for “Plugin Check” code review
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.