Custom Login Stealth Login

in \ v. 1.2.2
Custom Login Stealth Login Authored by: Austin Passy


This plugin requires Custom Login > version 2.x which can be downloaded for FREE in the WordPress repo. OR Custom Login Pro.

New: In Custom Login as of version 2.2 you can now auto-install this extension from within your WordPress website! Just visit the Custom Login settings page and click “install” and enter your license key when prompted! No need to download the zip and upload the files.

Brute force attacks

By now you seen all the stories of WordPress sites being vulnerable to brute force attacks. What does that mean? Simple put a hacker or generated computer program is targeting wp-login.php pages and submitting the form hundreds if not thousands of times with the most generic username admin and random “popular” passwords. One step is to change your Admin username, but that still leaves your site to thousands or login attempts. You can use a login IP limiter, but a hacker can use many IP’s and most likely you host will crash before all IP’s are blocked (I know because this happened to me).

A simple solution

How about hiding the wp-login.php! That is what this plugin is intended for. It gives you one solution with two options for unauthorized users.

  1. Redirect: If a user doesn’t have the correct “key” and “code”, send them somewhere.
  2. Kill: If a user doesn’t have the correct “key” and “code”, kill the page with a message.

How to use it

There is really on five options needed for this plugin, and three of those have default values.

  1. On/Off
  2. Redirect(On)/Kill the page(Off)
  3. Redirect URL (when Redirect is “On”)
  4. Question (the query variable)
  5. Answer (The query answer)

That’s it! Once setup your login page can only be accessed by visiting where question is the question you set as well as answer is the answer you set!

Compatible with the new Custom Login Page Template!

Current Version: 1.2.2 Last updated: 2014-01-28


Version 1.2.2 (6/3/14)

Moved admin JS to new `custom_login_admin_enqueue_scripts` hook.

Version 1.2.0 (1/24/14)

Rename class to Custom_Login_Stealth_Login.
Create singleton instance.
Update sidebar.
Speed improvements.

Version 1.1.0 (1/13/14)

Now works with Custom Login Pro.
Created one instance.

Version 1.0.4 (12/3/13)

Update Extendd Settings to 1.0.19

Version 1.0.3 (11/25/13)

Updated static error for PHP 5.3+
Update TGM Plugin Updater.
Default message if you remove all responses.
Update incorrect call to static function.

Version 1.0.2 (4/24/13)

Allow logout page bypass action 'logout' but not 'loggedout=true'.

Version 1.0.1 (4/16/13)

Code updates.

Version 1.0.0 (4/10/13)

Initial release.

Your purchase is good for one year of auto updates with a valid license key (if provided) by this plugin. You may update your license key at any time by visiting the "My Account" page.