Plugins DatabasePlugins Database logo
Back to plugins
Homepage WordPress

Actions

DownloadAuthor pageSee on WordPress

Plugin info

Total downloads: 4,255
Active installs: 400
Total reviews: 6
Average rating: 5
Support threads opened: 0
Support threads resolved: 0 (0%)
Available in: 1 language(s)
Contributors: 1
Last updated: 6/11/2025 (202 days ago)
Added to WordPress: 8/25/2016 (9 years old)
Minimum WordPress version: 4.0.0
Tested up to WordPress version: 6.8.3
Minimum PHP version: f

Maintenance & Compatibility

Maintenance score

Stale • Last updated 202 days ago • 6 reviews

40/100

Is WP Login Door abandoned?

Likely maintained (last update 202 days ago).

Compatibility

Requires WordPress: 4.0.0
Tested up to: 6.8.3
Requires PHP: f

Ratings

6
0
0
0
0See all reviews

Developers

toxnico (Owner)1

Languages

Similar & Alternatives

Explore plugins with similar tags, and compare key metrics like downloads, ratings, updates, support, and WP/PHP compatibility.

tinyShield – Simple. Focused. Security.
Rating 4.5/5 (8 reviews)Active installs 700
Compare
Security-Protection
Rating 4.3/5 (11 reviews)Active installs 400
Compare
BruteGuard – Brute Force Login Protection
Rating 5.0/5 (2 reviews)Active installs 200
Compare
WP-DenyHosts
Rating 5.0/5 (1 reviews)Active installs 20
Compare
Guard
Rating 0.0/5 (0 reviews)Active installs 10
Compare
BruteBank – WP Security & Firewall
Rating 0.0/5 (0 reviews)Active installs 10
Compare
See more alternatives to WP Login Door

Description

Did you ever feel like your website or blog login page is ridiculously fragile and reachable, and could be easily broken in by an intruder?

Personally I hate to think of hundreds of people playing with my door lock hundreds of times a day. It’s the same with my blog login page.

On WordPress, there are two main potential vectors of bruteforce intrusion:
* http://my-site.com/wp-login.php, which is the login page
* http://my-site.com/xmlrpc.php, which is an API gateway for interacting with third party applications.

This plugin adds one security layer in front of your login page, and by the way you can also disable XML-RPC with a simple checkbox if you don’t need it (XML-RPC is a WIDELY used vector of attacks).

The idea is simple: you choose a pair of words, and when you want to access your login page, you just have to provide them in the URL like this: http://my-site.com/wp-login.php?word1=word2. That’s all!
If you try to access your login page without this pair of words, you get a configurable error message, where you can insult the attacker as much as you want 😉

Installation

  1. Upload the plugin files to the /wp-content/plugins/wp-login-door directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress
  3. Use the Settings->Wp Login Door screen to configure the plugin
  4. Enjoy your new door 🙂

Frequently Asked Questions

What if I lose my pair of words?

You can disable the plugin from your FTP server.
Then login as usual, reactivate the plugin, and check your word pair.

Is that free?

I don’t know if the beerware license is GPL 2 compatible, but if you like this plugin and if we meet someday, you can buy me a beer.

Is that all ?

Yes!

Review feed

toxnico
9/3/2016

Simple and useful

This plugin is the easiest way to hide your login page and thus avoid brute force attacks

Screenshots

No screenshots available

Changelog

1.5

  • Let go the ‘postpass’ standard action (used when user types a password to open a protected post)

1.4

  • Removed some php notices in the administration section.

1.1.1

  • Bug correction. During refactoring, I misspelled the key name sanitization callback, and it could cause problems on some installations, such as key name field not stored.

1.1

  • Added a new setting to redirect home instead of displaying an error message.

1.0

  • First release
Back to plugins