Stealth Login Page is a simple and effective WordPress plugin developed by Jesse Petersen to make things harder, to those bots that try to login to your WordPress site.
In simple words, this plugin moves your login page, your “front door”, to a hidden & configurable secret door.
I would like to transfer the idea also to brick and mortar buildings to improve the security in the offline world, not just the virtual
Recently, there were huge brute-force attacks trying to login guessing passwords, and the popular “admin” username by default.
Having a weak password with “admin” is the perfect combo to the disaster, opening the door easily to hackers.
About 90,000 IP Super-Botnet run attacks to WordPress sites and they hit all types of hosts. You can read more information about those coordinated wp-login brute force attacks here, here, here and here too.
Why do you need Stealth Login Page plugin?
Although, I’ve installed in all my projects the Limit Login Attempt Plugin, I’m sure that adding an extra security layer is a reasonable extra contra-measure for everybody.
From now on, the stealth login page will be available in my plugin-arsenal for every installation.
Bear in mind, that this plugin does NOT replace the common security best practices; you know them: strong password, different “admin” username, a login limiter plugin, a reliable host and so on.
With Limit Login Attempts or Login Lockdown more the Stealth Login Page plugin, you’ll have a better security in your WordPress sites.
Respect to the Login Lockdown plugin, even though is outdated, it seems performing well and it’s maintained by his author (perhaps with an update coming soon), read the comment thread of this post related to WordPress security attacks, the details and solutions.
How to Change the Login URL in WordPress, without Editing any .htaccess files
The Stealth Login Page plugin comes to the rescue
Let’s dig into the plugin!
- Install and activate it.
- Go to Settings and Enable Stealth Mode.
- Redirect it for instance, to google.com
Now, every time someone enters in your default login page, will be redirected to google.com
- Enter your question and answer. Both will be part of the new login page URL.
Bots can try different combinations to find out the combination of letters / words or code you’ve chosen, so select them wisely and complicate the task.
- Save it. You’re done, that is it!
Your customized new login page URL is at the bottom of the page, even you can it send by email to the administrator of the site.
Despite I installed the plugin in several sites, and enabled to send the new URL by email, I never received the secret URL string in an email. Perhaps, you can have more luck
However, I recommend saving your new login URL string in a safe place or bookmarking it in your favorite browser.
One thing, if you’re using Limit Login Attempts each redirection can be counted as a hit as an admin, and will be counted as a lockout. These are the interactions between the plugins, but it doesn’t matter.
Conclusion: the combo Stealth Login Page plugin, more Limit Login Attempts will make a harder day to those pesky robots!
Are you using the Stealth Login Page plugin or a similar one? Which are your standpoints?