← All Features BRUTEFORT — CUSTOM LOGIN URL

Make /wp-login.php Return a 404

The single most impactful thing you can do to stop automated attacks. Move your login page to a secret slug and watch 95% of bot traffic vanish before BruteFort even gets a chance to rate-limit them.

Download BruteFort Free

The Problem

Bots know every WordPress site uses /wp-login.php. They hammer it constantly with credential lists. They don’t need to be smart to find your login page.

The Solution

Pick a secret slug — something only your team knows. Your login moves there. Requests to /wp-login.php return a 404 as if the page doesn’t exist.

The Result

Bots give up immediately. Your rate limiter barely fires. Your server stops wasting resources on thousands of daily attack attempts.

Set It Up in 30 Seconds

Two settings. Flip the toggle, type your slug, save. Your login page moves instantly.

Enable Custom Login URL

One toggle activates the feature. Flip it off at any time to restore /wp-login.php without losing your slug setting — useful for debugging or plugin conflicts.

Login Slug

Type any URL-safe string. BruteFort shows you the full URL as you type so you can copy it somewhere safe before saving. Choose something memorable but unguessable — not /admin or /login.

Save your slug before enabling

If you forget the slug, you’ll be locked out of wp-admin. BruteFort reminds you in the panel. Copy the URL to a password manager or write it down before you save.

⚙ Settings

📋 Logs

Custom Login URL

Hide your login page from bots.

Enable Custom Login URL

Turn on to use a custom slug.

brutefort.com/

⚠ Do not forget this slug or you’ll be locked out!

Quick Facts

Old URL returns 404 Not Found

Available in Free + Pro

Other BruteFort Features

→ Rate Limiting → Geo Blocking → IP Settings → Security Logs

Your Login Page Is a Target. Hide It.

Takes 30 seconds to set up. Works immediately. Free.

Download BruteFort Free View All Features