Pluggies Hide Login

Hide wp-login.php and wp-admin behind a secret address, against brute-force attacks.

What it is for

Pluggies Hide Login hides the standard WordPress login page (wp-login.php) and the administration area (wp-admin) behind a secret address chosen by you. This way, bots and attackers trying to guess the password can no longer find the login page at its usual address.

It is one of the simplest and most effective protections against brute-force attacks (automated and repeated login attempts): if no one knows where the login page is, they cannot even try to force it.

The plugin does not replace a strong password or regular backups: it is an additional layer of security to be used alongside good practices.

Requirements

For the plugin to work correctly, it requires:

  • WordPress version 6.4 or later;
  • PHP version 8.0 or later;
  • a single WordPress site. The plugin is designed for standard installations and is not active on multisite networks.

If you do not know which versions your site uses, you can find them in the WordPress dashboard under Tools → Site Health → Info, or you can ask your hosting provider.

Installation and activation

Pluggies Hide Login is a free plugin distributed through the Pluggies store (pluggies.cloud). It does not require any license key.

  1. Download and install the plugin like a normal WordPress plugin (Plugins → Add New → Upload Plugin), then click Activate.
  2. As it is a free plugin, you do not need to enter any license: it works immediately after activation.
  3. Updates are automatic: when a new version is released, you receive it directly from the Pluggies store like other plugins, without manual steps.

After activation, you will find a new menu in the dashboard called Pluggies. Inside, the Licenses page shows Hide Login with the label “Free”: this is normal and confirms that no key is needed.

How to use it

Configuration takes a few seconds and one important piece of information: the secret address you want to use to access the login.

Where to find the settings

In the sidebar menu of the dashboard, open Pluggies → Hide Login. You will see the Hide Login page with the settings form.

Setting the “Login Slug”

The Login Slug field is the heart of the plugin: it is the secret word that will make up the new login address. Next to the field, the address of your site is shown, so you can see how the complete URL will be formed.

  • Write a simple word, for example accesso: the login page will become iltuosito.it/accesso/.
  • Choose something that is not easy to guess (avoid login, admin, wp-admin) but that you can remember.
  • If you leave the field empty, the plugin remains inactive and the login returns to the standard WordPress one. It is also a handy “security switch”.

What happens to those who open wp-login or wp-admin

With the option “If someone opens wp-login/wp-admin”, you decide how the site reacts when an unauthenticated visitor tries to reach the old login addresses:

  • Redirect to home (default setting): anyone who opens wp-login.php or wp-admin is redirected to the site’s homepage.
  • Show 404 error: anyone who opens those addresses receives a “not found” page, as if the login page did not exist at all.

In both cases, those already logged in as administrators continue to use the dashboard normally: the protection only concerns those who have not logged in.

Save

Click Save Changes. Once saved, a box appears at the top of the page with your complete secret login address: from that moment on, it is the only address you can use to log in.

Write down that address immediately and save it as a bookmark in your browser: you will need it every time you want to enter the dashboard.

Frequently Asked Questions

What do I do if I get locked out?

If you forget the secret address and can no longer access, you can deactivate the plugin via FTP by renaming its folder, just as the plugin itself reminds you. Connect to the site with an FTP client (or from your hosting file manager), open wp-content/plugins/ and rename the folder pluggies-hide-login to something like pluggies-hide-login-off. WordPress will automatically deactivate the plugin and the standard login wp-login.php will work again. After you have logged back in, restore the original folder name and set a new slug.

Do I have to pay or enter a license?

No. Pluggies Hide Login is free: it does not require any license key and still receives automatic updates from the Pluggies store.

Can I change the secret address later?

Yes, whenever you want. Go back to Pluggies → Hide Login, modify the Login Slug and save. From that moment on, the new address will apply: remember to also update the saved bookmark in your browser.

How do I temporarily disable the protection?

Just clear the Login Slug field and save: the plugin remains installed but inactive and the login returns to the standard one. It is the quickest way to disable the protection without uninstalling anything.

Does it work even if I don’t use “pretty” permalinks?

Yes. If your site uses standard permalinks, the address will be of the type iltuosito.it/accesso/; if you use simple permalinks, it will become iltuosito.it/?accesso. In both cases, the exact address to use is the one shown in the box at the top of the settings page after saving.

Pluggies Hide Login Want to install it or buy a license?
Go to plugin page