Before you go any further, this method works 100%. Just paste all the code into your functions.php file, or paste it if you are using code snippet plugin.
/your-url/
you can change it whatever you like without any restriction.
1. Redirecting Direct Access to wp-login.php
function redirect_default_login() {
// If someone tries to access wp-login.php directly (without logging in or logging out), redirect them.
if (strpos($_SERVER['REQUEST_URI'], 'wp-login.php') !== false && !isset($_POST['log']) && (!isset($_GET['action']) || $_GET['action'] !== 'logout')) {
wp_safe_redirect(home_url()); // Send them to the homepage (or another page you specify).
exit; // Stop further execution.
}
}
add_action('init', 'redirect_default_login');
What it does: This function checks if someone is trying to access the default WordPress login page (wp-login.php) directly. If they are, and they’re not actually trying to log in or log out, it redirects them to the homepage (or another safe URL).
Why it’s useful: It helps hide the default login page, which can improve security by making it harder for bots or attackers to find your login page.
2. Handling a Custom Login URL
function handle_custom_login_url() {
// Define your custom login slug (e.g., 'your-url').
$custom_login_slug = 'your-url'; // This is the custom URL you want to use for logging in.
// Check if someone is accessing the custom login URL.
if (strpos($_SERVER['REQUEST_URI'], $custom_login_slug) !== false) {
// Serve the WordPress login page.
require_once ABSPATH . 'wp-login.php';
exit; // Stop further execution.
}
}
add_action('init', 'handle_custom_login_url');
What it does: This function creates a custom login URL (e.g., yoursite.com/your-url). When someone visits this URL, it loads the default WordPress login page (wp-login.php) but keeps the custom URL in the address bar.
Why it’s useful: It allows you to use a custom, hard-to-guess URL for logging in, which adds an extra layer of security.
3. Preventing Default Login Action
function prevent_default_login_action($action) {
// If someone tries to use the default login action and they're not on the custom login page, redirect them.
if ($action === 'login' && strpos($_SERVER['REQUEST_URI'], 'your-url') === false) {
wp_safe_redirect(home_url());
exit; // Stop further execution.
}
}
add_action('login_init', 'prevent_default_login_action');
What it does: This function ensures that the default login action (e.g., submitting the login form) only works if the user is on the custom login page (your-url). If they try to log in from the default wp-login.php page, they’ll be redirected to the homepage.
Why it’s useful: It enforces the use of your custom login URL and blocks access to the default login page.
4. Custom Logout Redirect
function custom_logout_redirect() {
// After logging out, redirect users to the custom login page.
wp_safe_redirect(home_url('/your-url')); // Send them to the custom login page.
exit; // Stop further execution.
}
add_action('wp_logout', 'custom_logout_redirect');
What it does: When a user logs out, instead of sending them to the default logout page, this function redirects them to your custom login URL (your-url).
Why it’s useful: It ensures a consistent user experience by always directing users to your custom login page after logging out.
This code does the following:
Hides the default login page (wp-login.php) and redirects users to the homepage if they try to access it directly.
Creates a custom login URL (e.g., yoursite.com/your-url) that serves the WordPress login page.
Blocks the default login action unless the user is on the custom login page.
Redirects users to the custom login page after they log out.
Overall, this setup improves security by making it harder for attackers to find and exploit your login page, while also providing a seamless experience for legitimate users.
Thank you for reading, and I look forward to sharing more with you in the future.
Connect with me on other platforms:
LinkedIn | Medium | Bluesky
Top comments (0)