Nice plugin, but needs to deal with Wordpres redirects

Love the plugin and it’s a great start. I use it along with some other methods to simply make it more difficult to reach the login page. though it’s slightly security theatre it does get the potential lazy web hackers out of the picture. And the plugin works pretty well.

I’d suggest adding functionality to stop WordPress from forwarding other URLs to the back end, but blocking the wp_redirect_admin_locations function in canonical.php.

There you will see:

add_action(
  'template_redirect',
  function() {
    $requ = untrailingslashit($_SERVER['REQUEST_URI']);
    if (site_url('login','relative') === untrailingslashit( $_SERVER['REQUEST_URI'] )){
      remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
    }
  }
);

This means that if someone uses /admin it immediately forwards to the page regardless of if there’s a custom url. admin does the same. Forwards to wp-admin. At least here, when using the plugin you get the “page not found” error. That should happen when people try “login” as well.

Cheers.