[wp-hackers] Could this be done via plugin?

Patrick Laverty patrick_laverty at brown.edu
Mon Oct 31 13:53:42 UTC 2011

If your WP install uses authentication other than the wp-login page,
I'd love to be able to hide the wp-login.php file.  I've tried
renaming it but it seems that the core code requires that name for the
admin login to still work.  I don't want to hack code, so the first
thought is to create a plugin that would let me change wp-login to
"bananas.php" or something.  Especially after seeing a 3 minute demo
of WPScan, I'd love to make it harder for anyone to scan my
installation and possibly get the admin account.  My thought is if
they don't find wp-login.php, they'll get bored quickly and go on to
one of the other millions of installs that have it.

It just seemed that the filename wp-login.php was so interwoven in
core code that there was no easy way to change the filename.

If it can't be done by a plugin, is this something the core team would
consider making into a variable and letting the admin set the name of
the login page?


More information about the wp-hackers mailing list