Descripción
Secure Login Shield helps reduce unwanted direct access to the default WordPress login screen by letting you create a private login URL for your site.
Instead of leaving your login page exposed at the usual wp-login.php path, Secure Login Shield lets you choose a private slug such as /dragon-lair. Once configured, direct visits to wp-login.php are blocked with stealth 404 behavior, and logged-out visits to wp-admin are redirected away from the dashboard.
This plugin is designed to be focused, lightweight, and easy to understand. It does not try to replace a full firewall or enterprise security suite. It focuses on one important job: making your WordPress login harder to find and less exposed to basic automated login traffic.
What Secure Login Shield Does
- Creates a private login URL for your WordPress site.
- Blocks direct access to wp-login.php after setup.
- Returns stealth 404 behavior for unwanted direct login access.
- Redirects logged-out wp-admin visitors to the homepage.
- Adds a cleaner admin dashboard with setup status and security score.
- Keeps settings simple and lightweight.
- Does not require an external service.
- Does not track visitors or send site data to a third-party service.
Why This Helps
Many automated bots look for the default WordPress login screen. Moving normal login access to a private URL can help reduce noise, unwanted login attempts, and casual automated probing.
Secure Login Shield is best used as part of a broader WordPress security setup that may also include strong passwords, two-factor authentication, regular updates, reputable hosting, and secure backups.
Important Setup Note
After changing your private login slug, save the new login URL somewhere safe before logging out.
If your private login URL does not load immediately, go to Settings Permalinks and click Save Changes. If you use a cache plugin or CDN, clear your cache after changing the slug.
Privacy
Secure Login Shield stores its settings in your WordPress database. The free plugin does not send login data, IP addresses, analytics, or settings to an external service.
Capturas
Secure Login Shield settings dashboard. 
Private login URL and protection status screen.
Instalación
- Upload the plugin folder to /wp-content/plugins/ or install it from the WordPress plugin screen.
- Activate Secure Login Shield.
- Go to Settings Secure Login Shield.
- Choose your private login slug.
- Save your settings.
- Save the private login URL somewhere safe.
- If needed, visit Settings Permalinks and click Save Changes.
Preguntas frecuentes
-
What happens if I forget my private login URL?
-
You can temporarily disable the plugin by renaming the plugin folder through FTP, SSH, or your hosting file manager. Once the plugin is disabled, default WordPress login behavior is restored.
-
Does this replace two-factor authentication?
-
No. Secure Login Shield is focused on private login URL protection. For stronger account security, use strong passwords and two-factor authentication.
-
Does this block all brute force attacks?
-
No plugin can honestly promise to block every attack. Secure Login Shield reduces exposure to the default login path and helps cut down on basic automated login probing.
-
Will this work with caching or CDN services?
-
Usually, yes. After changing your login slug, clear your cache or CDN. Avoid caching your private login URL.
-
Does the plugin collect data?
-
No. The free plugin stores settings locally in WordPress and does not send analytics or login data to an external service.
-
How do I remove the plugin safely?
-
Deactivate the plugin to restore default login behavior. If you delete the plugin, its stored option is removed by the uninstall routine.
Reseñas
Colaboradores y desarrolladores
Este software es de código abierto. Las siguientes personas han contribuido a este plugin.
Colaboradores
Traduce “Secure Login Shield” a tu idioma.
¿Interesado en el desarrollo?
Revisa el código, echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.
Registro de cambios
2.0.3
- Corrected the WordPress.org contributor username to bdtreder.
2.0.2
- Final branding cleanup for BenTreder.com plugin links.
- Removed remaining old plugin subdomain wording from the readme.
2.0.1
- Updated plugin branding to use BenTreder.com as the primary website.
- Removed old plugin subdomain references.
- Added direct support contact information.
2.0.0
- Added a cleaner admin dashboard with setup status and security score.
- Improved request input handling for WordPress.org compliance.
- Improved settings save handling with nonce, unslash, and sanitization flow.
- Improved readme content for clearer setup, privacy, and safety expectations.
- Prepared the free plugin for a cleaner premium upgrade path.
1.3.0
- Improved private login behavior and WordPress.org assets.
1.0.0
- Initial release.