WordPress Login: All the Secrets of the Reserved Area

WordPress Login: All the Secrets of the Reserved Area

WordPress Login: All the Secrets of the Reserved Area

The thing that most attracts those who approach WordPress is undoubtedly the administrator area . Knowing that doing the WordPress login via www.tuosito.it/wp-admin you can access a control panel to edit pages, news, images and all other aspects of your site is undoubtedly fantastic.

But perhaps not everyone knows the pitfalls and virtues of WP-ADMIN , in this article I want to reveal some secrets that lie behind the WordPress login.


We all remember the short film of the three little pigs, these 3 tender little brothers who despite themselves have to fight against the wolf Ezekiel who would like to organize a nice barbecue having the 3 pigs as “guests of honor”.

The cartoon opens with 2 little brothers who build their houses of straw and wood, because they want to spend the day playing and singing, while the third pig builds them out of bricks and when the bad wolf blows on the first 2 houses it sweeps them away , but at the third one he must give up (in truth he tries to enter through the chimney, but this is another story) .

Well, this is what happens to our WordPress site almost every day, but luckily for us WordPress has lots of solutions to improve security.

Limit Login Attempts

By default WordPress allows unlimited attempts to login. This means that if a hacker wanted, he could make all the attempts he wants to get into our wp-admin, this kind of practice is called brute-force .
However, thanks to this plugin it is possible to set a maximum number of attempts , after which an IP block will be triggered for a certain number of minutes (the stop time can also be set). Through the control panel it will be possible to manage the logs and unlock any IPs. A basic plugin in my opinion.

WPS Hide Login

One of the criticisms that I often feel against our dear WordPress is certainly the risk that an open source CMS will pave the way for hackers. In fact it is known to virtually everyone that the gateway to the reserved area is www.tuosito.it/wp-admin or www.tuosito.it/wp-login.php so anyone could reach this page and implement a strategy brute to try to enter. This is why WPS Hide Login plugins help us avoid certain dangers.

WPS Hide Login is a very light plugin useful for changing the url that shows the login form.

Rename wp-login.php

In the same way as the previous plugin, Rename wp-login.php also allows you to easily and safely change the WordPress login. In fact this plugin does not literally rename the file in the core of WP, but merely intercepts requests making access to the wp-admin directory or wp-login.php page inaccessible, so you should remember the URL for WordPress login or you should register it in bookmarks to avoid forgetting it. By disabling this plugin, your site will return exactly to the state it was in before.

Hide My WP

At first glance, Hide My WP might seem similar to the previous plugins, but it’s not entirely true. Hide My WP is a plugin that protects the WordPress site entirely from any external access not allowed.

I was able to personally try this plugin and then I realized how many anti-intrusion systems it has: it hides the wp-login.php file, entry port for the WordPress login, hides or renames the wp-admin directory and all its files (for untrusted users), rename the WordPress theme directory, remove theme information from the style sheet, replace the default WP classes, change the name of the plugins and rename the plugin directory, rename the URL of upload, wp-include directory, AJAX URL, etc. Edit or disable feeds, hide all other WordPress files (readme.html, license.txt, etc.), disable archives, categories, tags, pages, WordPress posts, etc.

Hide My WP can be set to send a notification when someone is taken into your WordPress site (by sending all the visitor details such as IP, user agent, referrer and even username!), It also removes the WordPress meta information from the header and feed, changes the sender of the default WordPress email, removes unnecessary menu classes and lots of other things.

If you are looking for a really safe way to protect yourself from the many vulnerabilities that can come out over time (I always recommend upgrading the WP core for this, join the Telegram group to stay informed), I really feel like recommending this plugin. Money well spent.

Login No Captcha reCAPTCHA

The web is full of bots, spyware, malware, automated scripts that run the web looking for sites to attack. Obviously landing at your WordPress site you will be immediately directed to the login page to the administrator area to try a brute attack, that is to try a myriad of access keys and hope to hit one to enter.

With this plugin we will add a ReCaptcha checkbox to the WordPress login. The plugin will deny access to automated scripts, making it easier for users to select the box instead. As Google says: “Tough on bots, easy on humans” (Hard on robots, easy for humans)

Personalize The WordPress Login

It is useless to go around it, the WordPress login page that appears when we type www.tuosito.it/wp-admin sucks. Having the possibility of being able to at least change the logo , to give that sense of professionalism may seem too much to ask, but also for this there is a solution.

If, on the other hand, you are interested in customizing the admin panel, perhaps removing items from the menu for a specific user (the customer for example …) or a role, or changing the color scheme, you can read the article I wrote on  WP CUSTOM ADMIN INTERFACE a plugin that will allow you to customize the WordPress admin panel .

Custom Login Page Customizer

Custom Login Page Customizer allows you to easily customize your WordPress login using your personalizer directly (WordPress customizer). You can preview the changes to the access form before saving them! In the WordPress dashboard, go to Appearance> Personalize custom login page to get started. You can customize almost everything and make it as you wish.

Theme My Login

Have you ever wanted your WordPress login to match the rest of your site? Your wish has come true! Theme My Login allows you to ignore the default access page with the WordPress logo that does not resemble the rest of your site, letting your users log in through the login , registration and password recovery pages directly within your theme. It works even without any configuration!


It is known that WordPress, thanks to its user management, can easily become a community, an eCommerce or whatever we want and the core of all this is our dear WordPress login. At this point the needs to manipulate and control the accesses to our site are widened and thanks to some interesting plugins here is how to handle some particular situations.

One of the most common and sought-after functions that can be achieved with WordPress is to create and manage a reserved area with expiring membership , where, practically, users can purchase a ticket that opens access to reserved contents and that after a certain period ( usually a month) expires and therefore must be renewed. If you are interested in creating this type of area I invite you to read this tutorial that I made and that explains the whole procedure step by step .

Peter’s Login Redirect

When creating a WordPress site where users are allowed to register, it may be convenient to also manage the redirection of users after login, or after registration or logout.

With Peter’s Login Redirect you define a set of redirection rules for specific users, users with specific roles, users with specific permissions and a rule for all other users. Also, set a redirect URL for post-registration.




Simple Login Log


It is always very exciting to see so many users entering and leaving your site, but there may be dangers. Having a register of those entering and leaving is always a good deed.

With Simple Login Log you will install a simple log of accesses . You will keep track of the username, access time, IP address and browser user agent.

Remove Dashboard Access

Restrict access to the dashboard only to administrators, administrators + publishers, administrators + publishers + authors or by choosing other roles.

Choose on which url you want to redirect users who are not allowed to access the admin area.

Optionally, users can be allowed access only to the user profile page, to allow editing some information, a very useful plugin.

Access Via Social Network

Nowadays everyone has an account on at least one social network, so let’s take advantage of it! Instead of filling out long registration forms (which may even be filled with deliberately incorrect data), we take advantage of existing accounts, thus having at least 2 advantages: first of all we give the possibility to access our site with a click and secondly we will have to available lots of personal data (including name, surname, address and photo), cool no?

AccessPress Social Login Lite

AccessPress Social Login lite is a perfect free WordPress plugin to allow users of your website to register / access the site using one of their favorite accounts on social networks.

As a site administrator you can easily configure which social accounts to enable / disable for login and which areas of the website should be displayed (login, registration, comments). You can also choose the access icon from 4 well-designed models to adapt them to your design. Your website will automatically retrieve the necessary data from the user’s social profile , avoiding having WordPress log in via email.


Nextend Social Login and Register

Nextend Social Login is a professional WordPress plugin, easy to use and free. It allows your visitors to register and access your site using their social profiles instead of forcing them to spend valuable time filling out the default registration form. Furthermore, it is not necessary to wait for e-mail validation or to keep track of their username and password.


Nextend Social Login integrates seamlessly with your WordPress login and existing WordPress registration form. Existing users can add or remove their social accounts on their WordPress profile page. A single user can attach the number of social accounts he wishes to allow him to log in with Facebook , Google or Twitter .

YITH WooCommerce Social Login

E-commerce is by far the type of site most suited to hosting users. Making it possible for our potential customers to register at the site in an easy and fast way can increase the sales possibilities.

YITH WooCommerce Social Login is a plugin that allows your potential customers to access your e-commerce site created with WooCommerce through their Facebook , Twitter or Google+ account .

A simple action that simplifies the life and management of your online store: your users feel more at ease on your site, the WordPress login is a matter of one click and their propensity to buy becomes much higher.

Posted by: Web Digital Media Group