How to Control WordPress Login Page

In order to access WordPress dashboard, you will have to provide a valid username and a password. When you want to log in, you will have to navigate to the form which is in charge of that. By default, WordPress uses /wp-admin URL to get you to the login form. The form itself, and many different aspects of it can be changed. You just need to know how to access a specific setting.

To help you with that, we are going to show you several tips&tricks, and some great plugins that will help you control the WordPress login page. In this guide, we’ll show you:

Change WordPress login URL with this free plugin

Because of the same URL, most of the websites powered by WordPress use the same login URL. Since WordPress is such a popular platform, this becomes a huge vulnerability issue and it’s almost like you’re inviting hackers and different bots to attack you. It is easy to see if a website is run on WordPress and if so, anyone could get access to your login form simply by adding /wp-admin in the address bar.

If you run security tests on your site, login URL will most probably scream for your attention. Now that you’ve realized your site might actually be in danger, you might be wondering how to change that URL.

WPS Hide Login

PRICE: Free

WPS Hide Login

Instead of tampering with WordPress core files or editing ones on your server, we’re about to tell you about this simple and free plugin which will do the job for you:

  1. Go to Plugins -> Add New
  2. Search for “WPS Hide Login”
  3. Install and activate the plugin
  4. Navigate to Settings -> General
  5. Scroll to the bottom where you will find “Login URL” field
  6. Change the URL to anything you like and save changes

Be creative and choose a unique WordPress login URL which won’t be easily guessable but still have in mind that you need to remember it. Of course, you can bookmark your new URL without problems.

Since the plugin doesn’t actually change any files nor it creates redirect rules, it means it will work flawlessly with any 3rd party plugins which hook into the original login form. Because of that, there really isn’t a reason you shouldn’t change your login URL and make your site a bit safer.

Limit access to your WordPress login page by using .htpasswd file

No matter how big your website is, you should take extra care of security. There are many different ways of protecting your WordPress website. In this part of the article, we will show you how to limit access to your login page and stop people from even trying to log in.

If you have a standard installation of WordPress, you will have the same link to the login page as millions of other users. Yeah, the access is password protected but still opened for various brute force attacks. It would be a good idea to prevent unauthorized access to this page.

If your site is hosted on a PHP hosting (in most cases this will be true), you can use a simple method by adding a username and password for your login page.

It can be done by editing .htaccess and creating a .htpassword file.

Let’s start by creating a password file and uploading it to your server:

  1. Go to http://aspirine.org/htpasswd_en.html
  2. In the left box, add one user per line
  3. Click “Generate Passwords”
  4. In the right box, click “Generate htpasswd content”
  5. Save the content from the second box into “.htpassswd” file without any extension
  6. Even though you can name this file whatever you want (like password.txt), it is recommended to use default file name. Apache server is configured in a way it won’t let access to this file while other file names/extensions would be available for editing thus making all this extra security worthless.

  7. Upload newly created file on your server

Now you’re ready to edit .htaccess file which can be found on your server in the main directory:

  1. Navigate to .htaccess and open it
  2. add the following lines to your file:
  3. # Stop Apache from serving .ht* files
    <Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
    # Protect wp-login
    <Files wp-login.php>
    AuthUserFile ~/.htpasswd
    AuthName “Private access”
    AuthType Basic
    require user wploopuser
    </Files>
  4. Change ~/.htpasswd to location of the file you have uploaded in the previous step
  5. Change “wploopuser” to username you have entered into password generator and the file
  6. Save changes

Now, before you can even get to the WordPress login page you will have to enter username and password you have created in the previous steps. Yes, now you have to enter two different usernames and passwords before you can log in to your site; don’t be lazy, this might save you from random attacks and save you a site.

Allow only admins to access wp-admin pages

When it comes to security, it is better to do everything you can to make sure there are as few as possible ways of entering admin dashboard. When you allow your visitors to sign up to the site so they can post comments or so you can give them extra content based on that, you probably don’t want those users to be able to login to your dashboard and see what you’re up to.

Yeah, you do have your username and a special admin password, so an average user can do nothing even if he opens the wp-admin login page, but why would you even give a visitor a chance to take a peek at your admin pages?

In today’s article, we will show you how to easily prevent users who aren’t admins to have access to wp-admin pages.

Code:

First, here’s a simple solution in a form of a code. As usual, you only have to copy and paste the code into your functions.php file to make the changes. The code will allow anyone with administrator rights to access wp-admin page while anyone else will be redirected to the homepage. Simple as that:

  1. Open functions.php file from the theme you are using
  2. Copy and paste this snippet:
  3. add_action( 'init', 'blockusers_init' );
    function blockusers_init() {
    if ( is_admin() && ! current_user_can( 'administrator' ) &&
    ! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
    wp_redirect( home_url() );
    exit;
    }
    }
  4. Save changes

WP Admin No Show

PRICE: Free

This free plugin is very simple and will give you a user-friendly way of blocking admin pages for anyone but the admins. Once you install the plugin and activate it, you will have the option to blacklist user roles. For example, you can check Subscribers on the list and restrict their access to admin pages. Also, you can choose a page to which those restricted users will be redirected. It is good to know that the plugin will automatically hide admin bar for blacklisted users.

WP Hide Dashboard

PRICE: Free

A very similar, and also free, this plugin comes with the name WP Hide Dashboard. It will hide the dashboard, block users from getting a Personal Options sections and the Help link which is located on the profile page. This plugin is a great tool if you want your users to be able to log in and update their profile settings but don’t want them to be able to take a peek at your dashboard. WP Hide Dashboard will work on a single website as well on multisite, but there are known conflicts with several plugins so be sure to check the description page before installing.

In WordPress, there are always numerous ways of achieving the same goals. Of course, there are more than just a few methods of blocking admin pages. And there are more than few plugins similar to ones described above so feel free to search for more.

Are you using any other method or know a better plugin for the job? If so, please, leave a comment below and tell us your experience with blocking admin pages in WordPress.

Allow users to register and log in to your WordPress site using e-mail

More and more WordPress users want their members to be able to register and log in to the site by using e-mail address instead of a simple username which WP provides. By doing this, you can help your users remember their login details; if you’re having many members, there are chances many usernames will be already taken and your new members will have to choose ones they don’t usually use.

Like working with almost anything else in WordPress, you can do this by using two different methods – you can manually insert a code into core files, create a site-specific plugin or you can find a plugin which will do the dirty work for you.

Even if you’re new to WordPress, you can easily implement any of the techniques. But, since the first one requires you to manually edit a WP core file, if you’re not completely sure you can handle it, skip to the other technique and install the plugin.

Use the code:

  1. Open functions.php file
  2. Copy and paste the following code
  3. add_action( 'wp_authenticate', 'email_address_login' );
    
    function email_address_login( &$username, &$password )
    {
    $user = get_user_by( 'email', $username );
    
    if( !empty( $user->user_login ) )
    {
    $username = $user->user_login;
    }
    }
  4. Now you have to let users know they can login with e-mail. There are different solution for this, but let’s go with the simplest one. If you remember your login form, you are always asked for “Username” and “Password”, so you can simply change the label on the form. To do that, you will need the following code which you have to paste in the same functions.php file as the code from the previous step:
add_filter( 'gettext', 'addEmailToLogin', 20, 3 );

function addEmailToLogin( $translated_text, $text, $domain ) {
if ( "Username" == $translated_text )
$translated_text .= __( ' or use e-mail');
return $translated_text;
}

That’s it. Now you should log out and log back in with your email to see if everything’s working ok.

Using the plugin:

If you want to do the same thing without having to mess with the code, you can use a simple WP email login plugin. This one can be found for free in the WordPress plugin repository. The process of activating email login is very simple:

  1. Go to Plugins->Add New
  2. Search for “WP Email Login” plugin
  3. Install and activate it
  4. Log out
  5. Log in by using your email address instead your WP username

Best WordPress plugins for frontend login and registration forms

Registrations, logins, and password recoveries are an important part of your WordPress website. Unless you’re a single user who needs to be registered in order to manage a website, you might need to spice up your login forms and allow your users to navigate through login and registration forms more easily.

If you’re looking for a quick and a simple solution, we already showed you how to add a login form with a short function which WordPress recognize as its own. But if this is not the case, and you want to build a more complex website, keep reading and you will find some of the best registration form plugins for WordPress.

Not everyone is a developer/designer and not everyone has time to build their own forms. While previously mentioned function will work, it most certainly won’t look good. Making that forms look good will take much of your time and it requires you to know something about CSS. Instead, you can get yourself a finished product – free or premium plugin which will do the job for you.

In the following lines, we’re about to show you some of the best plugins designed to display registration and login forms on the frontend part of your site. In addition to that, you will probably be interested in securing your login and registration forms and Login Ninja is definitely a plugin that can help you with that!

Modal Login Register Forgotten WordPress Plugin

PRICE: $15
DEMO

Modal login - WordPress login pluginInstead of embedding forms into your site, how about showing a popup/lightbox module which will allow your visitor to easily log in or register to your site? With this plugin, you can do that easily. You can choose from two different form types but you can customize them as you want with unlimited color combinations. The form looks simple and will go along practically any site if you combine your own color schemes.

The plugin allows you to insert the module via shortcodewidget or you can embed a PHP code in your theme’s template files so you can show the login link wherever you want it to be.

  • Popup/lightbox form
  • Choose any color of the form
  • Different ways of adding the form to your site

UserPro – User Profiles with Social Login

PRICE: $21
DEMO

UserPro - Premium plugin for user profiles
With over 12,000 sales, this premium plugin is definitely one of the best when it comes to user profiles. Not only the plugin will allow you to build beautiful login and registration forms, but it will actually give you a chance to build the entire community by connecting all frontend profiles. Drag and Drop administration panel will allow you to quickly create forms and profiles and you can choose from five different skins which will all look wonderful.

UserPro plugin gives you the power to completely customize your forms. You can allow registration with as few as possible details, or you can add extra fields, allow photo and video uploads, automatically assign roles, create redirections, send invitations and much, much more.

Users with active social media accounts can sign in instantaneously if you allow so. Your users can follow each other just like on Twitter and there are numerous other options which will give you the power of creating a small social network of your own.

The list of features is really long and we can’t cover them all in this article. If you’re in a need for more than a simple login/registration form on the frontend, definitely check UserPro plugin features and the demo after which you’ll probably have your own copy installed in WordPress in next few minutes.

  • Allows you to build the entire social community
  • Tons of options and shortcodes which are completely customizable
  • Badges and achievements

Front-end Membership Modules

PRICE: $25
DEMO

FrontEnd Membership - One of the best WordPress registration form plugin
This is another premium plugin which will completely change the way your users deal with logins and registrations. This great plugin allows you to easily show login, register, edit profile, reset password and logout modules on the front-end of your WordPress site. Besides the standard WP modules, you can add social login which supports numerous social media services.

With Front-end Membership Modules, you can create custom forms and choose fields you need. Everything can be done with shortcodes and their numerous parameters which you can see on the demo page. The plugin gives you the opportunity to create restricted content based on categories and tags or you can even show content to logged-in users only.

You can choose from different password recovery methods and there are multiple ways of allowing your visitors to log out. Since there are tons of features this plugin offers, be sure to take a look at them all.

Profile Builder

PRICE: Free

Profile Builder

Profile Builder is a free plugin which offers a vast variety of options for you fronted forms. As the administrator, you get to design registration and login forms which then you can present with the help of predesigned shortcodes. Instead of showing simple forms or forcing users to navigate away from a page in order to login/register, this plugin allows you to create pages dedicated to logins/registrations.

By using different shortcodes and their different parameters, you can assign roles during registration, redirect users or even add lost password links below your login form. Within the form, your users can choose their usernames or emails to log in with, and you can choose minimum password length and strength. If your users need to edit their profiles, Profile Builder got you covered – simply place another shortcode where you want your users to change profile information.

There’s even a widget ready to replace a standard WordPress meta widget. If you don’t like the way forms look, the plugin will allow you to add custom CSS in order to restyle everything. If that’s not enough for you, there’s a PRO version available which offer even more options like adding extra fields, avatars, lists, custom redirects and much, much more.

  • Numerous shortcodes
  • Drag and Drop design options
  • Multiple login/registration options to choose from

Theme My Login

PRICE: Free

Theme My Login - one of the best registration form plugin for WordPressThis free plugin has over 100,000 active installs and that makes it one of the most popular in its category. Theme My Plugin will work “out of the box” and you won’t have to set up a thing if you don’t want to. Right after the installation, the plugin will create pages for user login, logout, and registration and password recovery. Those pages will look just like your other pages so you won’t have to additionally customize them. You can link to those pages which will be accessible to your users or you can add a widget right to your sidebar.

The plugin comes with different modules which you can customize through settings. That means that you can easily customize emails being sent by the plugin, change the way passwords are processed and allow users to choose their own passwords during registration. There is a redirection module, you can change user links, add extra security to your site and much more.

  • Custom look out of the box
  • Separate pages and widget
  • Different modules which allow customization

Block spammers by using No CAPTCHA reCAPTCHA by Google

You have probably come across CAPTCHA. It is a test that tries to differentiate the human user from an application which is usually used for fighting spam. CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) usually puts a simple picture in front of you and makes you type the text from the picture (or one you hear) into a text box.

Although it was a very good technique for stopping spammers, there are applications able to find their way around this kind of security. Also, CAPTCHA can get very annoying for your visitors if they have to use it very often.

New solution for fighting spam and abuse comes from Google. No CAPTCHA reCAPCTHA is free service which easily tells humans apart from robots by using just one checkbox. When you finish your registration, login or when you leave a comment, all you have to do is check the box and confirm you are not a robot. Of course, if you are a robot, please do not do that, everyone hates those kinds of pretender robots!

Google Recaptcha demo

We’re all about WordPress so, of course, there is a simple plugin which will allow you to embed a No CAPTCHA reCAPTCHA to your site. Follow these few steps and you’ll fight robots in a minute.

  1. Download No CAPTCHA reCAPTCHA
  2. Install and activate the plugin and find No CAPTCHA reCAPTCHA in admin menu
  3. Visit reCAPTCHA API website and get yourself a key (you will need a Google account)
  4. Enter the name of your site, domain and check “get alerts for this site”
  5. Click register
  6. On the next page, copy your Site and Secret key and enter those in plugin settings page

Now you’re ready to set up your No CAPTCHA where you need one. You can display the box in a comment form, your login and registration pages. Choose a color for the box, language and error message, save your settings and enjoy a modern way of fighting bots.

Change your WP login screen with Custom Login Customizer

There is an entire ocean of plugins which let you customize every corner of your WordPress system. But there hasn’t been many tries in creating a plugin that will easily change your login screen, right?

So far, if you’ve wanted to change that plain boring screen where you enter username and password, you had to manually fiddle with files and many of us don’t like to do that. But hey, everything’s different now with Custom Login Customizer plugin.

WordPress admin login

Once you install the plugin, navigate to Appearance. Then choose Login Customizer and start the customization. So far, there are options to change the logo, background, styling, and colors.

Not much to explain here. Choose a picture that you want to use as your logo – be it your real website logo or let’s say Pikachu electrifying your WordPress, it’s your choice. Of course, you need a fancy background, different color of text, etc. Take your time and enjoy this simple plugin.

Custom Login Customizer is free so go give it a try and change that boring login page of yours with something fresh.

Custom Login Customizer

custom-login-customizer-screen_2

Control Remember Me checkbox on login page with a plugin

“Remember Me” option is a simple feature which is being used by WordPress login page to help you with logging in to your website. If you leave the option unchecked, your browser will remember your login for only 2 days. If you do make the check on the option, the browser will remember your login information for two weeks so you don’t have to log in each and every time you access your website.

This can be a great a tool if you work from home or in a safe environment where you can be completely sure that your information is protected. If that’s the case, you might want to have the checkbox checked all the time or you may even want your browser to keep your login details for more than two weeks.

As you can see from the linked articles, you can easily play with the settings by copying and pasting simple functions into your theme. But if you prefer not to mess with the code, there is a plugin for the job.

Remember Me Controls

PRICE: Free

Remember Me Controls

In this part of the guide, we will briefly show you a Remember Me Controls plugin which contains everything you will need to control the “Remember Me” checkbox.

The plugin is free and it can be downloaded and installed from the WordPress plugin repository. After you do that and activate the plugin, you can access its settings by navigating to Settings->Remember Me.

There you will have the four options which are going to be enough in order to control the checkbox and the duration of your login information.

Remember Me Controls options:

  • Have the “Remember Me” checkbox automatically checked? – choose whether your checkbox will be checked or unchecked every time you access the login page. By default, WordPress leaves the box unchecked.
  • Remember Forever – if you choose this option, once you log into your website, you will stay logged in for 100 years. That’s almost like forever when we talk about technology.
  • Remember Me duration – If you don’t want to be logged in for 100 years, and two weeks is a too short period for you, enter your desired login duration in hours.
  • Disable the Remember Me feature – the plugin will remove the checkbox from the login page if you choose this option.

Be careful when using this plugin on computers which have public access or computer that aren’t your own; you don’t want to stay logged in for 100 years on somebody’s else computer, right?

How to remove Remember Me function from your login page

Sometimes you can help yourself by making some processes automatic. For example, if you are working from home, you don’t have to enter your username and password every time you need to log in to your blog. You can leave your information stored in a browser by simply clicking on Remember Me checkbox.

And if you do that, we have shown you how to automatically check that option. This way, your login info will be remembered and you won’t have to deal with the login form every time you try to access your site.

On the other hand, if you have to work away from home or if you have many authors who work from public places, you might want to take security into your hands. Among many other things which can help you secure a website, you might want to completely disable the “Remember Me” function so that you don’t leave your login information on a public computer by mistake.

Although there isn’t a standard option in WordPress which will allow you to remove the function, you can do that in the next minute or so. All you need is a simple code snippet which you need to paste into your theme.

Remove the Remember Me function:

  1. Find functions.php file in your theme’s folder and open it
  2. Copy and paste the following snippet:
  3. add_action('login_head', 'do_not_remember_me');
    function do_not_remember_me()
    {
    echo '<style type="text/css">.forgetmenot { display:none; }</style>';
    }
    
  4. Save changes

This function will hide the checkbox and force you and your other users to log into the website each time they use it. Of course, you can still store your information in the browser but you will at least have to click the “Log in” button.

Now that you have c/p the function, you are free to log out and see what the result of the function is. If you have done everything correctly, “Remember Me” checkbox should be hidden and therefore disabled. You can now use your login details on a public computer and be a little bit more relaxed about it. Of course, there is a ton of different things to be careful about so don’t relax too much just because you have removed the “Remember Me” checkbox.

If you want to control login options with a plugin, check out what you can do with Remember Me Controls plugin for WordPress.

How to stay logged in to your WordPress account forever

To keep track of who you are, WordPress uses cookies to store important information needed for it to work. Once you are logged into your WordPress account, information is stored to that little file which lets the system know the exact time when you got there and so it can identify you later on.

For security reasons this cookie won’t let you stay logged in forever. Let’s say you logged in to your account on a public computer and forgot to log out. If WordPress wouldn’t use this security method, anyone on that computer would be able to access your WordPress admin panel. That’s the reason you might like the limited time of your session.

But if you work from home or your office and there is no need for this security option, automatic logouts might grind your gears. To stay logged in “forever”, follow these few steps to tell your cookie how long to stay active.

  1. Open functions.php file in Appearance – > Editor menu
  2. Paste the following code:
  3. add_filter( 'auth_cookie_expiration', 'wploop_never_log_out' );
    	
    	function wploop_never_log_out( $expirein ) {
    	    return 1421150815; // 40+ years shown in seconds
    	}
  4. Update your file

And that’s pretty much it. You may change the number of seconds in the code but it really doesn’t make any change if it’s 20 or 40 years, does it? After you have done previous steps, WordPress won’t automatically log you out; you will stay logged in your WP account forever… or until you delete your browser cookies, of course.

Automatically check the Remember Me checkbox on login page

If you have kept the default settings for your WordPress login pages, then your “Remember Me” checkbox will stay unchecked unless you click on it. If you do check the box, this option will remember your login username and password and store them in a cookie which will be valid for two weeks. After that, you will be asked to enter your username and password again.

If you are working in a safe environment where you can always keep your username and password in your browser, you might want to make everything automatic.

In this part of the guide, we will show you a short function which will do just that – it will check the “Remember Me” checkbox for you every time you open the login page.

Check the Remember Me checkbox automatically:

  1. Open functions.php file
  2. Copy and paste the following code:
  3. function login_checked_remember_me() {
    add_filter( 'login_footer', 'rememberme_checked' );
    }
    add_action( 'init', 'login_checked_remember_me' );
    function rememberme_checked() {
    echo "<script>document.getElementById('rememberme').checked = true;</script>";
    }
  4. Save changes.

And that’s it. Now you can log out. If everything’s working correctly, you should see your checkbox already checked.

Of course, be careful with this code if you are going to use your login information on public computers – you don’t want your username and password stored on a public computer for 2 weeks, right?

Put a simple login form anywhere on your site

If you are an admin or an author on a WordPress website, you will need to login in order to manage your site or to publish a new post. If you are a subscriber who gets exclusive content on a site, you will also need to log in frequently. The same goes for other user roles and chances are that your users need to login on a daily basis.

In order to that, your user will have to navigate away from your site so that they can log in. Also, you can show a login form in a “Meta” widget which comes installed on every WordPress website; but what if you wanted to add a simple login form on a specific part of your site?

Don’t worry; WordPress’ developers took care of that and they prepared a login function. You can pass some parameters into the function or use it in its simplest form. No matter how you use this function, the result will be a very simple form which will allow registered users to log in.

Modify the login form and put it anywhere on your site:

  1. Open a file where you want to show your login form (header.php, footer.php, single.php or any other)
  2. Copy and paste the following:
  3. <?php $args = array(
    'echo'           => true,
    'redirect'       => site_url( $_SERVER['REQUEST_URI'] ),
    'form_id'        => 'loginform',
    'label_username' => __( 'Username' ),
    'label_password' => __( 'Password' ),
    'label_remember' => __( 'Remember Me' ),
    'label_log_in'   => __( 'Log In' ),
    'id_username'    => 'user_login',
    'id_password'    => 'user_pass',
    'id_remember'    => 'rememberme',
    'id_submit'      => 'wp-submit',
    'remember'       => true,
    'value_username' => NULL,
    'value_remember' => false
    ); ?>
    <?php wp_login_form( $args ); ?>
    
  4. Save changes

As you can see from the code, you can easily change labels, IDs, and several other values. To learn more about different parameters you can use, please visit WordPress Codex pages dedicated to the login function.

Style the login form:

Now that you have those extra parameters passed to the login form, you can easily style it through CSS. All you have to do is use the ID and add some styling to it.

  1. Open styles.css
  2. Copy and paste the code:
  3. #user_login {
    color: green;
    }
    
  4. Style the rest of the form
  5. Save changes

If you want to use the function in its most basic form, instead of passing arguments into a variable, simply use this code in step #2:

<?php wp_login_form( $args ); ?>

That’s all there is. You can now have your login form practically anywhere on your WordPress powered website. Since the form is quite basic, you might want to check out some of the plugins which can give you much more options for setting up your login form.

Stop WordPress from shaking after unsuccessful login

If you’re customizing WordPress to your needs or you want to achieve a completely unique experience for your clients, you will want to customize parts of the system you may have not even thought of. A simple color here, a link there and those little changes will lead to a unique WordPress experience.

In order to complete your customization, you may want to remove that shake your WordPress does every time you enter incorrect login information. It’s really not a big deal and we like the effect but we will still show you how to easily remove it.

Remove the shaking feature:

  1. Open functions.php file
  2. Copy and paste the following code:
  3. function login_error() {
    remove_action('login_head', 'wp_shake_js', 12);
    }
    add_action('login_head', 'login_error');
    
  4. Save changes

That’s all there is. You can now log out and try out some incorrect logins. Voila! Your WordPress login page isn’t shaking anymore.

Conclusion

Although the login form is a standard piece of every WordPress site, that doesn’t mean it should be left neglected. By following tips and tricks from this guide, you will be able to customize the form and create a unique user experience.

How do you like the standard login form? Have you made any changes to it? If so, what was the feature that has captures your attention?

Start Blog Book

START YOUR OWN BLOG

This guide is an introduction to mastering the art of blogging. It provides easy to follow steps to start, maintain, and grow your blog.

Read the guide

Leave a Reply

Your email address will not be published. Required fields are marked *