Prevent attacks by blocking access to your wp-login.php page.

Article ID: 33
Last updated: 08 Feb, 2019

Hackers typically search for the common login page wp-login.php. Likewise, you may want to force your website visitors to login through your portal, and not the default Wordpress login page, but still allow administrators access to the appropriate page.

Modify your themes function.php file.

To limit access to the administrators section for logged in users, locate your functions.php file within your theme directory. Append the following code to the bottom of that file, typically under the the edit below this line section.

// Allow logout actions but redirect to the home page for all other wp-login.php requests
add_action( 'login_head', 'redirect_home_on_login_form' );
function redirect_home_on_login_form() {
    if ( ! isset( $_REQUEST['action'] ) || 'logout' !== $_REQUEST['action'] ) {
        wp_redirect( home_url( '/' ) );
        exit();
    }
}

// wp_logout fires after the user's login cookies have been removed
add_action( 'wp_logout', 'redirect_home_on_logout' );
function redirect_home_on_logout() {
    wp_redirect( home_url( '/' ) );
    exit();
}

This article was:   Helpful | Not helpful Report an issue


Article ID: 33
Last updated: 08 Feb, 2019
Revision: 1
Views: 654
print  Print email  Subscribe email  Email to friend share  Share pool  Add to pool
Prev     Next
Wordpress Security       Getting to know CPanel