Join Agency Program today.

2x Leads & 50% Cost Savings on Hosting. Join Agency Program today.

Apply Now
Log In
Get Started
WordPress Plugins
Lockdown WP Admin

Lockdown WP Admin

Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.
Rating:
3.9
star-rating-1star-rating-2star-rating-3star-rating-4star-rating-5
Active Installations:
10000+
Last Updated:
Nov 28, 2017
WordPress Version:
3.6 or higher
Tested up to:
4.3.34
Try Demo
Download

Securely Hide WordPress Admin

Protect your website by hiding the WordPress Admin login page from unauthorized access. Users without login credentials will be unable to access the admin area and will receive a 404 error.

Rename Login URL

Increase the security of your website by easily renaming the login URL. This plugin allows you to change the default login URL to a custom one, making it harder for hackers to target your site.

Add HTTP Authentication

Enhance the security of your WordPress Admin area by enabling HTTP authentication. You can add a layer of password protection to the PHP files in the admin directory, ensuring only authorized users can access them.

Author’s Site Author Site view

1.0

  • Initial release

1.0.1

  • Fixed a link to a broken file

1.1

  • Fixed a bug on activating the plugin network wide, we disabled network wide activation.
  • Cleaned up the plugin and prevented a double loop of the HTTP check, unnecessary.

1.2

  • Cleaned up more code.
  • Security fixes that will prevent somebody from possibly hijacking your website. (Props Jon Cave)

1.3.1

  • Added the ability to change the login URL entirely. It will disable /wp-login.php and give it whatever you want to make it.

1.4

  • Fixed a bug with user’s with a index.php base
  • Added stats for us to collect about about URL setup and server configuration for our users. This will let us make the plugin even better.
  • Fixed bug for having private user management in WP Admin

1.4.2

  • Bug fixes
  • Added admin-ajax.php to the files that we permit to be access in wp-admin.

1.6

  • Added way to get back into WP-ADMIN if locked out (See the FAQ)

1.7

  • Removed the stats that were collected to that we could understand the issues that users were having with the plugin.

1.8

  • Finally discovered why so many users had HTTP authentication errors. Fixed it to support almost 80% of hosts out there.
  • If you still have problems, shoot me an email.

1.9

A very late update, sorry! Worked to fix many issues with the admin bar and the “get_current_screen()” error. If you still see issues, please contact me!

2.0

  • Provided a system dump to help in debugging issues that may arise.
  • Fixes a issues on the 404 page under 3.5.1 (get_current_screen())
  • Cleanup, cleanup!

2.0.1

2.0.2

  • Query string detection bug fix by James Bonham
  • Issues with WordPress in a sub-directory

2.1

  • Unit Testing! Unit Testing ensure more reliable code going forward
  • Support for WordPress 3.6
  • General Cleaning

2.2

  • Fixing issues with other plugins
  • Support tested for 3.9
  • Large code structure changes. If you are extending the Lockdown_Manager at all, you should basically check the class anew since it was separated into Admin and Application services.

2.3

  • Fixing issues with latests WordPress Version
  • Cleaning of code, enhancements.
  • Localizing all the strings.

works perfectly.

By pdwalker on January 19, 2023

Still working perfectly in the current version of wordpress. It stops all those annoying bot attacks that any wordpress site gets.

Still recommended.

Unbelievable!!!

By yasinvanlioglu on December 26, 2019

This plugin still working! I use on all my sites. Hopefully a new update will be available for longer use.

Update

By Rik0399 on October 7, 2018

I'm posting this because we as 'users', sometimes take for granted the efforts of plugin authors and seem only to comment when we are 'whining' or 'complaining'. Mostly because many do not simply follow the install procedures, so seek to blame the Author. The Problem : All WP users have is security because your site is constantly under threat. Unless your sitting there watching, one morning you'll get up and your site has been damaged by some malicious idiot! The Plugin : As of : 07-10-18 this gem of a plugin is still working strong with the latest WP version! Whilst it has not been updated for a few years, it's still working and does so very effectively against potential threats as wouldbe hackers can't find how to log into your site. It's a near impossibility to do so and soon, they give up and choose an easier target. My Two Cents : So for what it's worth to the Author, very well done for this and can only hope they re-visit this plugin to add any additional elements. I would certainly make a donation toward it if they were to resume and continue maintaining it! It's lightweight, it works...simple as that!

It is used to be great but not any more.

By srjambo on September 3, 2018

This plugin is simple and easy to setup. I have been using it for two years but with the last Wordpress actualisation (4.9.8) it stopped working. I was locked out and was not able to access to panel administration. I had to delete the plugin. What a pity.

awesome plugin ;) OLD but GOLD and works flawlessly in WordPress v4.8.2

By wp2sr on October 9, 2017

awesome plugin ;) OLD but GOLD and works flawlessly in WordPress v4.8.2

Sencillo y rápido

By Javier Moreno (morenojavier) on November 14, 2016

Muy fácil de entender y funciona correctamente.

EXCELLENT !

By bgtbbox on October 8, 2016

Très bon plugin Facile à personnaliser, et très agrable. Beau travail. Je recommande. Fonctionne parfaitement avec un plugin que j'utilise pour personnaliser l'interface de connexion utilisateur. EN : Very good plugin Easy to customize, and very nice. Good work. I recommend. Works perfectly with a plugin I use to customize the user login interface.

Works exactly as expected.

By adamjedgar (computersimulators.com) on October 6, 2016

Great plugin...running on a subdirectory installation on Wamp server (@ localhost) and its working on a network wordpress install with custom theme without issue. Also installed on a production server on a standalone wordpress site...absolutely brilliant. Very happy Only suggestion that i will add for others who decide to use this plugin...some users may rather redirect back to home page instead of 404. I dont know what would happen in the event of a real need for a 404 page when using the following (thats for others to provide insight into). If you like the idea of redirecting unwanted logins back to homepage do the following; Go to www directory in cpanel file manager (or ftp) Then locate...wordpress/wp-content/themes/<your active theme> 404.php use the following code instead of default <?php header("HTTP/1.1 301 Moved Permanently"); header("Location: ".get_bloginfo('url')); exit(); ?> any attempts to login to wp-admin with above code and this plugin will simply now redirect back to home page all the time. It owuld be nice if the plugin had a little more functionality so this could be only the outcome of an attempt to log in rather than any 404 error. Perhaps and idea for a premium version of this plugin.

Nice plugin, but needs to deal with Wordpres redirects

By drew3000 on September 3, 2016

Love the plugin and it's a great start. I use it along with some other methods to simply make it more difficult to reach the login page. though it's slightly security theatre it does get the potential lazy web hackers out of the picture. And the plugin works pretty well.

I'd suggest adding functionality to stop Wordpress from forwarding other URLs to the back end, but blocking the wp_redirect_admin_locations function in canonical.php.

There you will see: 

add_action(
  'template_redirect',
  function() {
    $requ = untrailingslashit($_SERVER['REQUEST_URI']);
    if (site_url('login','relative') === untrailingslashit( $_SERVER['REQUEST_URI'] )){
      remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
    }
  }
);

This means that if someone uses /admin it immediately forwards to the page regardless of if there's a custom url. admin does the same. Forwards to wp-admin. At least here, when using the plugin you get the "page not found" error. That should happen when people try "login" as well.

Cheers.

does the job

By glowgeo on September 3, 2016

all good, works fine, does the job.
One star is taken for /login is not hidden.

More Reviews
Try other plugins too!
Obfuscate Email

Obfuscate Email

Obfuscate email addresses to deter email-harvesting spammers.

Try Demo More Details
Stop User Enumeration

Stop User Enumeration

Helps secure your site against hacking attacks through detecting User Enumeration

Try Demo More Details
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

Perform WordPress maintenance tasks like Updates, Backups, Uptime Monitoring, Security, Staging, Analytics, etc., from a single self-hosted dashboard.

Try Demo More Details
Author Site Author Site

Try Lockdown WP Admin With InstaWP

Try Demo

Contact Sales

Reach out to us to explore how InstaWP can benefit your business.