← All Features
Custom Login URL

Move the target. Bots can’t hit what they can’t find.

Every WordPress site exposes /wp-login.php by default. BruteFort replaces it with a secret path only you know — eliminating the entire class of automated scanners that never get past the door.

Remember your slug. If you forget it, you’ll be locked out of your own admin. Write it down somewhere safe before saving.

Rate Limit Settings
Custom Login URL
Geo Blocking
Custom Login URL
Hide your login page to prevent automated attacks.
Enable Custom Login URL
Turn on to use a custom slug for login.
Login Slug
https://yoursite.com/
my-login
Important: Do not forget this slug!
Save +
URL Comparison
BEFORE
yoursite.com/wp-login.php
AFTER
yoursite.com/my-login

SECURITY BY OBSCURITY, DONE RIGHT

Why hiding your login URL actually works

Most brute force tools assume the default login URL. Change it and you’re invisible to 90% of automated attack tools.

Without Custom Login URL
/wp-login.php is world-accessible and indexed by bot scanners
Automated tools can start attacking immediately with zero discovery
Rate limiting alone must carry the full burden of blocking all attacks
With Custom Login URL
Visiting /wp-login.php returns 404 — the login page doesn’t exist to bots
No discovery phase possible — bots can’t guess a custom slug
Rate limiting focuses only on the rare attempts that find your real login

Your login URL, your secret.

Enable the toggle, set your slug, and bots lose the door entirely.

Install Free See all features