[wp-hackers] Could this be done via plugin?
patrick_laverty at brown.edu
Mon Oct 31 13:53:42 UTC 2011
If your WP install uses authentication other than the wp-login page,
I'd love to be able to hide the wp-login.php file. I've tried
renaming it but it seems that the core code requires that name for the
admin login to still work. I don't want to hack code, so the first
thought is to create a plugin that would let me change wp-login to
"bananas.php" or something. Especially after seeing a 3 minute demo
of WPScan, I'd love to make it harder for anyone to scan my
installation and possibly get the admin account. My thought is if
they don't find wp-login.php, they'll get bored quickly and go on to
one of the other millions of installs that have it.
It just seemed that the filename wp-login.php was so interwoven in
core code that there was no easy way to change the filename.
If it can't be done by a plugin, is this something the core team would
consider making into a variable and letting the admin set the name of
the login page?
More information about the wp-hackers