Hey guys,

This may be entirely impossible, but I've been wanting to shore up the security of a Wordpress CMS for a family friend. Obviously, anyone who goes to http://site.com/wp-admin will see a login screen, which MAY be susceptible to potential hacking. What I'd like to do is the following.

Outlaw direct access to http://site.com/wp-admin...if someone tries it, they get a "Page not found" or similar message. Then, a secret link http://site.com/loginscreen would automatically re-direct to wp-admin and it would work.

Is something like that possible?

TLDR version

1. site.com/wp-admin (not available)
2. site.com/loginscreen (available) redirect to site.com/wp-admin (available)

Thanks!

Sure thing. Easy as pie, as well. First, go into the code of your index.php file in the wp-admin folder. Change this line of code...

$parent_file = 'index.php';

...to whatever you want the new filename to be, such as xbhghr.php. Then save the file as that name. upload it, and upload an index.php with something like...

<h1>File Not Found!</h1>

...THEN, you create an index.php page in your /loginscreen folder with this...

<?php

header('Location: http://www.yourdomain.com/wp-admin/xbhghr.php');

?>

That should allow you to hide the login screen from normal access attempts and only those who know the sub-folder can get to the login screen area.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.