Stealth Login Page is a simple and effective WordPress plugin developed by Jesse Petersen to make things harder, to those bots that try to login to your WordPress site.
In simple words, this plugin moves your login page, your “front door”, to a hidden & configurable secret door.
I would like to transfer the idea also to brick and mortar buildings to improve the security in the offline world, not just the virtual 😉
Recently, there were huge brute-force attacks trying to login guessing passwords, and the popular “admin” username by default.
Having a weak password with “admin” is the perfect combo to the disaster, opening the door easily to hackers.
About 90,000 IP Super-Botnet run attacks to WordPress sites and they hit all types of hosts. You can read more information about those coordinated wp-login brute force attacks: here, here, here and here too.
Although, I’ve installed in all my projects the Limit Login Attempt Plugin, I’m sure that adding an extra security layer is a reasonable extra contra-measure for everybody.
From now on, the stealth login page will be available in my plugin-arsenal for every installation.
Bear in mind, that this plugin does NOT replace the common security best practices; you know them: strong password, different “admin” username, a login limiter plugin, a reliable host and so on.
Let’s dig into the plugin!
Download it via your WP dashboard from the WordPress repository.
Now, every time someone enters in your default login page, will be redirected to google.com
Bots can try different combinations to find out the combination of letters / words or code you’ve chosen, so select them wisely and complicate the task.
Your customized new login page URL is at the bottom of the page, even you can it send by email to the administrator of the site.
Despite I installed the plugin in several sites, and enabled to send the new URL by email, I never received the secret URL string in an email. Perhaps, you can have more luck 😉
However, I recommend saving your new login URL string in a safe place or bookmarking it in your favorite browser.
One thing, if you’re using Limit Login Attempts each redirection can be counted as a hit as an admin, and will be counted as a lockout. These are the interactions between the plugins, but it doesn’t matter.
Conclusion: the combo Stealth Login Page plugin, more Limit Login Attempts will make a harder day to those pesky robots!
Are you using the Stealth Login Page plugin or a similar one? Which are your standpoints?
As a WordPress fan, Gera provides detailed reviews, tutorials & guides about plugins, themes & hostings. He enjoys experimenting with them and the results are published on this blog.