After I hide WordPress login page what behaviour can I expect?

If you use the Hide WordPress Login Page feature the following behavioral changes will occur on your website:

If you are NOT LOGGED IN and:

  1. ... you try to access the 'wp-login.php' page of your site, you will receive a 404 Not Found error page.
  2. ... you try to access any page within the 'wp-admin' section of your site, you will receive a 404 Not Found error page.

For example, you'll see something like this:

The offense will not be triggered, your Activity Log will just log this activity for you to review if you need to:

This restricted access to the wp-admin also applies to any links you may receive from other plugins that direct you to wp-admin.  If you're not logged in, these links will fail.

Important Points To Note

  • The only way to access your WordPress login page is through the new URL you have created.
  • If you forget the new URL or for some reason it doesn't seem to work for you, please follow the guide outlined in this article here.
  • If you've moved wordpress to a subdirectory while leaving site URL to root and then you go to”yourloginstring” and try to log in, you may get a 404 Not Found error page.

    In this case, URL is”yourloginstring”, skipping subdirectory in the URL.

  • If you have your IP whitelisted in Shield
    • settings will still show the old, standard login URL: wp-login.php
    • you'll be able to login via wp-login.php and if you load your renamed login URL, you'll get 404

      You'll also see a notice: 

To have this feature applied to you, you'll need to remove your IP from the whitelist.


Shield never redirects to the custom login page... it's not designed to do that. It's designed to hide the original login page so if a user goes to the original login page they'll get a 404.

This feature for renaming the normal WordPress login page is  NOT a redirection feature. It's a  hiding feature.
This means that if you use Shield to change the default WordPress login URL (which is /wp-login.php by default), then Shield will output a 404 page for the original login page.
This is because Shield "hides" the login page. If you use Shield to hide the login page, you should expect a 404 error on the default login page.
Because you've hidden the login page, only people who know the correct URL will be able to login.
If your login page is  "/login/", please note that WordPress, by default, handles  "/login/" and automatically redirects it to the login page. You can see this here, for example:
We don't have a WordPress page for this. WordPress does this automatically.
Because WordPress redirects  "/login/" to the login page automatically, Shield will stop this behaviour if you select to rename your login page. You'll get 404.
So, summary: If you want  "/login/" to work normally and redirect to your  wp-login.php page, best is not using Shield's "Hide Login" feature.

WP Login & Admin Redirection URL

You can choose to redirect the visitor to a particular page, or a custom 404 page. To achieve this, you may use the 'redirect' option within Shield.

Advanced Custom Setting

If you are familiar with PHP and know how to add custom code to your website, you may use the following WordPress filter to set a Redirect URL instead of sending a 404 Error Page (mentioned in points 1 and 2 above).

  1. The filter name is: icwp_shield_renamewplogin_redirect_url
  2. Simply return a URL to this filter - note that the URL will be cleaned and validated, and failure to validate the URL will result in default 404 Error Page behaviour.