Secure Login Shield
Create a private login URL and hide /wp-login.php with stealth 404s. Logged-out /wp-admin/ visits redirect to your homepage.
Plugin info
Maintenance & Compatibility
Maintenance score
Maintained • Last updated 101 days ago • 1 reviews
Is Secure Login Shield abandoned?
Likely maintained (last update 101 days ago).
Compatibility
Similar & Alternatives
Explore plugins with similar tags, and compare key metrics like downloads, ratings, updates, support, and WP/PHP compatibility.
Description
Secure Login Shield helps you lock down your WordPress login page.
By default, WordPress exposes /wp-login.php and /wp-admin/. Bots hammer these URLs every day.
This plugin gives you a private login slug (e.g. /dragon-lair) and hides the default login endpoint:
- Defaults to
/wp-login.phpuntil you change it. - Once changed, only your custom slug works.
- Direct access to
/wp-login.phpshows a 404 Not Found (stealth mode). - Logged-out visitors hitting
/wp-admin/are redirected to the homepage. - Deactivate the plugin everything reverts to normal.
Made with ❤️ by Ben Treder
Features
- Private login slug (e.g.
/dragon-lair,/control-center,/secret-gate) - Stealth 404 protection: Bots hitting
/wp-login.phpsee “Not Found” - Homepage redirect:
/wp-admin/(logged out) homepage - Easy settings page under Settings Secure Login Shield
- Safe activation/deactivation: no core hacks, auto-reverts when disabled
Contribute & Support
- Website: BenTreder.com
- Author: Ben Treder
- Issues & Feature Requests: Please open a ticket on BenTreder.com
- Like this plugin? ⭐ Leave a review and help spread the word!
- ☕ Support development: Buy Me a Coffee
Installation
- Upload the
secure-login-shieldfolder to the/wp-content/plugins/directory or install via Plugins Add New Upload. - Activate the plugin through the “Plugins” menu in WordPress.
- Go to Settings Secure Login Shield.
- Set your private slug (example:
dragon-lair). - Go to Settings Permalinks Save Changes (refresh rewrite rules).
- If you use a caching plugin or CDN, clear cache to avoid stale redirects.
- Log in using
https://yoursite.com/dragon-lair.
Important: Bookmark your new login URL! If you forget it, you’ll need to disable the plugin via FTP or database.
Frequently Asked Questions
No. By default it uses /wp-login.php until you change it. Deactivating the plugin instantly reverts WordPress to normal behavior.
Yes. Once you set a slug, /wp-login.php (and actions) return a 404 Not Found.
Deactivate the plugin via FTP (delete or rename secure-login-shield). WordPress will go back to /wp-login.php.
Yes, but after changing your slug, you should clear cache/CDN to avoid serving stale redirects.
Review feed
Screenshots
Settings page showing the default login slug (/wp-login.php)
Settings page with a custom private slug (/dragon-lair)
Changelog
1.3.0
- Rebrand to Secure Login Shield by Ben Treder
- Default slug remains
/wp-login.php(safe on first install) - Added activation notice: Save permalinks + clear cache after activation
- Stealth 404 mode enforced when custom slug is chosen
- Homepage redirect for logged-out visits to
/wp-admin/
1.2.0
- Added stealth 404 mode
- Improved security enforcement
1.1.0
- Redirected /wp-admin/ homepage for logged-out users
1.0.0
- Initial release with custom login slug + wp-login.php block