WordPress websites are having more prone to suffer attacks and hacks. Because everyone knows the path of dashboard and structure of wp site. Many WordPress websites are just operated by 1-2 users and a normal user doesn’t need to have an account to visit website.
Furthermore dashboards are accessed less frequent for static websites. We can secure these sites through restrict WordPress login access by hiding wp-login and it requires only a few line of code. Write the code below in your theme’s functions.php file:
Restrict WordPress login access by hiding wp-login
1 2 3 4 5 6 7 8 9 | function restrict_wp_login_file(){ global $pagenow; $restrict_login = 1; if($restrict_login && $pagenow == 'wp-login.php'){ wp_redirect(home_url()); die(); } } add_action( 'init', 'restrict_wp_login_file'); |
We are using wp $pagenow global variable and a local variable called $restrict_login which is either true (1) or false (0). If it’s set to true, anyone who will try to access wp-login.php will be redirected to home page. To allow login, you must set $restrict_login variable’s value to 1.
In this way you can hide login file from website visitors and everyone else. You can also try WordPress security and limit login access plugins if your requirements are broad.