Did you know you can secure WordPress admin URL without a plugin?

Methods to enhance WordPress background URL security, no plug -in!

This article introduces a 100%effective WordPress background URL security enhancement method without installing any plug -in. Just copy the following code into your

file, or use the code fragment plug -in to paste. functions.php

The part can be modified arbitrarily according to your needs.

/your-url/

Reset to directly visit wp-login.php

<code class="language-php">function redirect_default_login() {
    // 如果有人尝试直接访问wp-login.php（未登录或登出），则重定向他们。
    if (strpos($_SERVER['REQUEST_URI'], 'wp-login.php') !== false && !isset($_POST['log']) && (!isset($_GET['action']) || $_GET['action'] !== 'logout')) {
        wp_safe_redirect(home_url()); // 将他们重定向到主页（或您指定的其他页面）。
        exit; // 停止进一步执行。
    }
}
add_action('init', 'redirect_default_login');</code>

Function: This function checks whether anyone tries to directly access the default WordPress login page (wp-login.php). If yes, and they are not actually trying to log in or cancel, they redirect them to the homepage (or other security URLs you specified).

• Advantages: help hide the default login page, and it is difficult for robots or attackers to find your login page to improve security.

Use custom login URL

<code class="language-php">function handle_custom_login_url() {
    // 定义您的自定义登录slug（例如，“your-url”）。
    $custom_login_slug = 'your-url'; // 这是您要用于登录的自定义URL。

    // 检查是否有人正在访问自定义登录URL。
    if (strpos($_SERVER['REQUEST_URI'], $custom_login_slug) !== false) {
        // 显示WordPress登录页面。
        require_once ABSPATH . 'wp-login.php';
        exit; // 停止进一步执行。
    }
}
add_action('init', 'handle_custom_login_url');</code>

Function: This function creates a custom login URL (for example, yoursite.com/your-urll). When someone visits this URL, it will load the default WordPress login page (WP-Login.php), but the solid URL will be retained in the address bar.

• Advantages: Allows you to log in with a custom, unpalatable URL, thereby increasing the additional safety layer.

Prevent the default login operation

<code class="language-php">function prevent_default_login_action($action) {
    // 如果有人尝试使用默认登录操作并且他们不在自定义登录页面上，则重定向他们。
    if ($action === 'login' && strpos($_SERVER['REQUEST_URI'], 'your-url') === false) {
        wp_safe_redirect(home_url());
        exit; // 停止进一步执行。
    }
}
add_action('login_init', 'prevent_default_login_action');</code>

Function: This function ensures that the default login operation (for example, submitting the login form) is only valid when the user is on the custom login page (YOUR-URL). If they try to log in from the default WP-Login.php page, they will be redirected to the homepage.

• Advantages: Force use your custom login URL and prevent access to the default login page.

Custom cancellation and redirection to

<code class="language-php">function custom_logout_redirect() {
    // 注销后，将用户重定向到自定义登录页面。
    wp_safe_redirect(home_url('/your-url')); // 将他们发送到自定义登录页面。
    exit; // 停止进一步执行。
}
add_action('wp_logout', 'custom_logout_redirect');</code>

Function: When the user cancels, this function will redirect it to your custom login URL (you-urll) instead of sending it to the default cancellation page.

• Advantages: After the cancellation of the user's custom login page after the cancellation is always to ensure the consistent user experience.
Code function summary:

Hidden the default login page (wp-login.php), if the user tries to access it directly, then redirect it to the homepage.

Create a custom login URL (for example, yoursite.com/your-urll), which is used to display the WordPress login page.

Prevent the default login operation, unless the user is on the custom login page.

After the user is canceled, it redirects it to the custom login page.

In short, this setting makes the attacker more difficult to find and use your login page to improve security, and at the same time provide seamless experience for legal users.

Thank you for reading and look forward to sharing more content with you in the future.

Follow my other platforms:

linkedin

| Medium | Bluesky

The above is the detailed content of Did you know you can secure WordPress admin URL without a plugin?. For more information, please follow other related articles on the PHP Chinese website!