Name has been added to your Follow page.

My Follow Page

Name has been removed from your Follow page.

My Follow Page


Login rebuilder

5 Avg. Rating
20K Installs
Tested with WordPress 5.8.2

by tmatsuur.

This plugin will create a new login page for your site. The new login page can be placed in any directory. You can also create separate login pages fo …

Have not you experienced unjust access to wp-login.php? If this plug-in is used, a unique login page will be arranged to your site, and unlawful access will be reduced.

Some features:

  • This plugin allows you to change wp-login.php to a login page with a unique name (multisite sub-directory type is supported).
  • Create a login page for administrators only, and separate it from the login page for users with other roles.
  • Disables login by email address.
  • When an administrator logs in, the site administrator is notified by email.
  • Selects the response when the wp-login.php page is requested.
  • Restrict the functions that can be used, such as login via XML-RPC.
  • Restrict REST APIs related to users.
  • Disable the author archive page.
  • Controls the author information of oEmbed.


  • Japanese –


You can send your own language pack to me.

Please contact to me.

  • (ja)
  • email to takenori.matsuura[at]
  • @tmatsuur on twitter.



This plug-in is not guaranteed though the user of WordPress can freely use this plug-in free of charge regardless of the purpose.
The author must acknowledge the thing that the operation guarantee and the support in this plug-in use are not done at all beforehand.


email to takenori.matsuura[at]
twitter @tmatsuur

  1. A plug-in installation screen is displayed on the WordPress admin panel.
  2. It installs it in wp-content/plugins.
  3. The plug-in is made effective.
  4. You will find Login rebuilder submenu in Settings menu.
  5. Please enter New login file, and choose working. Next, please click Save Changes button.
  6. Login file for subscriber is optional. It becomes a page to which only subscribers can log in there.

Is a `wp-login.php` file unnecessary?

wp-login.php is used in this plug-in. Please do not delete wp-login.php.

Even if it accessed a `wp-admin` directory, it became impossible to login.

Even if it accesses a wp-admin directory before login, it becomes impossible to log in, when this plug-in is effective. It is for not telling outside about a new login page.

A new login page can be used even if this plug-in is invalid.

Please delete the file, when a new login page becomes unnecessary.

It became impossible to login from a new login page.

Please delete the new login page file, this plug-in returns during preparation.

Can I set the login page of the only administrators?

If it is version 1.4.0 or later, you can choose the role of non-administrator for the Secondary login file.

Does this plugin support Nginx?

Yes, this plugin works well on Nginx.


Bug fix: Fixed a bug where the URL of the login page could not be rewritten correctly under certain conditions when using multisite.


  • Added the ability to notify the site administrator when a login page is requested by an IP address that has never logged in before.
    Bug fix: Fixed a problem with the delivery test of the notification email when an administrator logs in.


  • The access log of the login page is now saved and can be viewed in the dashboard.


  • Extended the ability to send login notification emails, allowing the site administrator’s email address to be specified in CC / BCC.
    Bug fix: Fixed an issue where “Custom” was not translated in some versions.


  • Bug fix: If you restrict browsing to the Author page, send status 404.


  • If you restrict browsing to the Author page, no “users” sitemap is created. (WordPress 5.5. 0 or later)


  • Bug fix: Fixed a bug that caused an error related to type hints in some PHP versions.


  • New: Displays the date and time of the log data in any format.


  • Bug fix: Fixed a bug where the nonce element in the logfile download form had duplicate ids.


  • Bug fix: Fixed an issue that occurred when used in combination with some plugins.


  • Changed: For “subdomain” multi-sites, it is now possible to include directories in login file pathnames.


  • Bug fix: URL of the login page has been corrected so that it does not contain “??”.


  • New: Added the function to restrict REST API / Users.


  • Bug fix: Fixed an issue where valid IP address could not be stored in the log under certain conditions.


  • New: Added authentication lock by specified file.


  • Bug fix: Activation fails in a multisite environment where program files are installed in a subdirectory.


  • The ‘wp-login.php’ has been changed so that ‘confirmaction’ is passed through only in version 4.9.6 or later.


  • Set the original confirmation URL in the body of the user request mail.


  • New: Add oembed setting.
  • Changed: Display the user name after urldecode at login log.


  • New: Add Access to author page: Access to the author page can be restricted.


  • New: Log data can now be downloaded.


  • New: Add other settings: Notify by email when the administrator login.


  • New: Add other settings: The error message when login, is changed to the ambiguous content(WordPress Version 4.5 or later effective). / Authentication using a email address and a password is prohibited.


  • New: XML-RPC settings. (WordPress Version 3.5 or later effective)


  • Bug fix [important]: Changed the process of AJAX request.


  • Added the widget that displays the log on the dashboard for administrators.


  • wp_secondary_login_url method added.


  • Bug fix [important]: Changed the process of AJAX request.


  • Bug fix: A parameter of the function was adjusted.


  • Login file for subscriber has changed the name to Secondary login file. Secondary login file will function as the login file for subscribers in the same way as before. In addition, the administrator can choose the role of login possible user.


  • Bug fix: Password reset available.


  • Login file is able to place in any directory.


  • Changed the specification for the validity period of the property page.


  • When expired, Display the reload button.


  • Property page is now valid for 30 minutes.


  • Bug fix [important]: It was coped with about CSRF.
    • New: Added logging.


  • Bug fix:
    1.It corrected so that a post password could be used.


  • Bug fix:
    1.A source code for debugging was deleted.


  • Bug fix:
    1.Avoid fatal errors with a few plugins that were incorrectly calling functions too early.


  • Login page for subscriber is available.


  • Bug fix:
    1.A few array key name was corrected.
    2.The URL of properties form was corrected.


  • Bug fix:
    1.The fault which has not recognized an alternative login file correctly in a part of server environments was coped with.


  • Bug fix:
    1.Wrong URL was corrected at plugins.php.
    2.The operation at the time of invalid access became normal.


  • The first release.