Knowledge Base

Prevent attacks by blocking access to your wp-login.php page.

Article ID: 33
Last updated: 08 Feb, 2019

Hackers typically search for the common login page wp-login.php. Likewise, you may want to force your website visitors to login through your portal, and not the default Wordpress login page, but still allow administrators access to the appropriate page.

Modify your themes function.php file.

To limit access to the administrators section for logged in users, locate your functions.php file within your theme directory. Append the following code to the bottom of that file, typically under the the edit below this line section.

// Allow logout actions but redirect to the home page for all other wp-login.php requests
add_action( 'login_head', 'redirect_home_on_login_form' );
function redirect_home_on_login_form() {
    if ( ! isset( $_REQUEST['action'] ) || 'logout' !== $_REQUEST['action'] ) {
        wp_redirect( home_url( '/' ) );
        exit();
    }
}

// wp_logout fires after the user's login cookies have been removed
add_action( 'wp_logout', 'redirect_home_on_logout' );
function redirect_home_on_logout() {
    wp_redirect( home_url( '/' ) );
    exit();
}

This article was:   Helpful | Not helpful
Report an issue
Article ID: 33
Last updated: 08 Feb, 2019
Revision: 1
Views: 748