How to Rename wp-login.php for Multisite?

I want to hide and rename wp-login.php in my URL for branding purposes on a Multisite set up.

From this forum post I see that I can change mysite.com/wp-login.php to mysite.com/login by inserting a RewriteRule ^login$ wp-login.php in my .htaccess. I like that the URL bar does not show login redirecting to wp-login.

Read More

If I try to login under a subsite mysite.com/subsite1/login it shows as redirecting from mysite.com/subsite1/wp-login to http://mysite.com/subsite1/wp-login.php?privacy=1&redirect_to=%2Fsubsite1%2Flogin

  1. How do I get it to show as mysite.com/subsite1/login without the redirect in the URL bar?

  2. If I enter mysite.com/wp-login.php it shows as page not found. Great!
    Now if I enter mysite.com/subsite1/wp-login.php it shows as the page exists. Oh no!
    How do I hide that this page exists for subsites? I tried the functions.php suggestion in my child theme but it created a redirect loop.

Related posts

Leave a Reply

2 comments

  1. First things First …

    The Rewrite Rule
    Basically all this rewrite says is (say it out loud) … when I type mysite.com/login and hit enter, then take the user (rewrite) to mysite.com/wp-login.php

    This is not a URL mask or URL Forwarding which is what you are hoping for.

    Second Part …

    After Login – Redirect too
    The url your are seeing contains 2 parts

    1. http://mysite.com/subsite1/wp-login.php
      • this is the actual URL for the login page
      • as @Brasifilo says you are better of telling your customers to go to mysite.com/wp-admin
    2. ?privacy=1&redirect_to=%2Fsubsite1%2Flogin
      • ignore the ?privacy=1
      • then &redirect_to=%2Fsubsite1%2Flogin is fairly obvious as where to GO after logging in successfully.

    Hiding that you’re using WordPress
    It’s probably better that your customers know that you have white labelled WordPress … it would give more confidence that their CMS is a trusted open source application used by tens of millions of people around the world. Don’t hide it 🙂

  2. I found this article a good reference and will be rolling out a few of the techniques and updating some old practices, based on the info within.

    http://www.1stwebdesigner.com/wordpress/security-plugins-wordpress-bulletproof/

    For re-writing login URL, Checkout Stealth login – I haven’t used it so not sure if it works in a Multi-site but could be worth checking out.

    And if your clients are worried about seeing WP in the URL, using Roots theme (or at least checking out its functions, could be handy too) http://www.rootstheme.com/