Sep 032014
WordPress Plugin Name: WPS Hide Login
Plugin URL:

Plugin Author: Remy Perona for WPServeur
WordPress profile: Remy Perona for WPServeur
Plugin version: 1.2.1
Last updated: October 15, 2017 (3 months ago)
Tested up to (WP version): WP 4.8.5
Downloaded: 475,419
Rating: 5 (out of 5)


WPS Hide Login is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.


Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.

It’s also compatible with any plugin that hooks in the login form, including:

  • BuddyPress,
  • bbPress,
  • Limit Login Attempts,
  • and User Switching.

Obviously it doesn’t work with plugins or themes that hardcoded wp-login.php.

Works with multisite, but not tested with subdomains. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.

If you’re using a page caching plugin other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.

For W3 Total Cache and WP Super Cache this plugin will give you a message with a link to the field you should update.



Installation Instructions

  1. Go to Plugins › Add New.
  2. Search for WPS Hide Login.
  3. Look for this plugin, download and activate it.
  4. The page will redirect you to the settings. Change your login url there.
  5. You can change this option any time you want, just go back to Settings › General › WPS Hide Login.

I forgot my login url!

Either go to your MySQL database and look for the value of whl_page in the options table, or remove the wps-hide-login folder from your plugins folder, log in through wp-login.php and reinstall the plugin.

On a multisite install the whl_page option will be in the sitemeta table, if there is no such option in the options table.

I’m locked out!

This case can come from plugins modifying your .htaccess files to add or change rules, or from an old WordPress MU configuration not updated since Multisite was added.

First step is to check your .htaccess file and compare it to a regular one, to see if the problem comes from it.


  1. Setting on single site installation

    Setting on single site installation

  2. Setting for network wide

    Setting for network wide

Other notes:

Latest Change log entry:

  • Enhancement: Prevent access to the login page by using the URL encoded version of wp-login.php


custom login url, login, rename, wp login, wp-login.php

+ Jason's Comments

This is plugin is an updated and supported fork of an earlier version, which I had published here.

Consider this plugin together with a few others I recommend for website security and protection.