[Defender] Non-default Login Page

Change the login page via Defender > Advanced Tools > Mask Login Area. Assume the new page is simply ‘login’. Now we need to get other pages and menus to go to that same page. This could be a huge manual effort.

The problem could be solved if we set to ‘!!login!!’ and then used Ultimate Branding (UB) with Text Change to reset that token to the actual page name. To rename the page we just go back to that one setting. But UB doesn’t modify markup, only text rendered in the UI.

Another idea would be to add a filter to Defender, which when hooked would override whatever is set in the Defender config. It would be the task of the site owner and other plugin developers to make use of shortcodes, hooks, and other mechanisms that ultimately return the same value.

I’m hoping we can get some suggestions to resolve this issue which is common to all of these utilities that hide the login page.


  • Ash
    • WordPress Hacker

    Hello Tony G

    I am not sure I quite understood the problem you mentioned here, I am really sorry. I actually didn't understand this part: "Now we need to get other pages and menus to go to that same page.".

    I am confused because, if you have any link in menu pointing to wp-login.php, it will still redirect to /login/ page when defender masking login url is enabled.

    Would you please explain more with an example?


  • Tony G
    • Mr. LetsFixTheWorld

    You got me bud. :thinking: I think I asked a silly question. I've been manually setting pages to go to the new login page, not thinking that this is simply a matter of internal redirection. Ooops. :flushed:

    When I do this I have two goals. I have just started to think about ways to standardize this process so please bear with me.

    1) Links to "wp-login.php" are ugly. We use slugs for everything else but the default WP install requires that page name with the .php extension, especially when we're adding "?action=register", etc. We can redirect nice looking slugs like "/login" and "/register" to the full query. From there I'm not sure how to avoid the ugly URL except maybe with a .htaccess redirect that doesn't show in the address bar.

    2) For security reasons, I really don't like linking to Login or Register pages because it just tells the bad guys where to go. I use Defender features and others to manage what is done on those pages.

    To combine these... I'd like URLs on the site to go to pretty slugs like /login and /register. If we link to wp-login.php, that shows in the browser on mouseover. Of course I want those slugs to go to the same slug name that's being used by Defender. I don't know if I should setup other redirect mechanisms to accomplish this.


  • Ash
    • WordPress Hacker

    Hello Tony G

    The easiest way could be using htaccess and that you already figured out. For example, you have selected /abc slug for register. And in front end, you want to link to /login.

    Now, in htaccess file, set a rewrite rule from /login to /abc. Just a simple redirect code like the following should do this job:

    Redirect 301 /login /abc

    But still, I am a bit confused, sorry. Because, if bad guys have the URL /login, still they can use that as it will always redirect to /abc (the original login url). Please correct me if I am missing something.

    Have a nice day!


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.