Block Access to wp-login.php

This plugin does the following:

Locates wp-login.php in your WordPress installation and duplicates it
Locates .htaccess and inserts lines to block the default wp-login.php and creates a new secret address to use for legitimate login
Will email the site admin if an administrator signs in with an un-recognised IP address

When installed your server will return “403 Forbidden“ when attempts are made to access the default wp-login.php file. This has two benefits; it prevents hackers from using brute force methods to hack your website and it reduces the load on the server when such brute force attacks are launched on your site as WordPress isn’t run at all.

Please note, this plugin uses .htaccess so is only compatible with Apache web servers, it is not compatible with Nginx web servers.

Block wp-login

Block Access to wp-login.php