Description

Khushal Login Path Guard is a WordPress security plugin that allows you to change your default login URL and protect your site from common attack vectors. The plugin blocks brute-force attempts, prevents user enumeration, secures sensitive files, and hides WordPress information from potential attackers. All blocked paths display 404 errors (Stealth Mode) instead of redirects, making your site invisible to attackers.

Features

Login Protection:
* Blocks 17+ common brute-force login paths
* Custom login URL (only you know the path)
* Shows 404 error instead of redirect (no hints to attackers)
* Protects /wp-admin, /login, /wp-login.php and more

Advanced Security:
* Blocks XML-RPC (prevents brute-force via API)
* Prevents user enumeration via REST API
* Blocks author page enumeration (?author=1)
* Protects wp-config.php and sensitive files
* Blocks direct access to wp-includes PHP files
* Removes WordPress version information

Security Headers:
* X-Frame-Options (prevents clickjacking)
* X-Content-Type-Options (prevents MIME sniffing)
* X-XSS-Protection (XSS attack protection)
* Referrer-Policy (privacy protection)
* Permissions-Policy (feature restriction)

User-Friendly:
* Easy settings interface
* One-click URL copy
* Normal functionality for logged-in users
* Does not block AJAX requests
* Clean admin interface

Security Benefits

Brute Force Protection – 15+ login paths blocked
XML-RPC Disabled – Prevents API-based attacks
User Enumeration Blocked – Hides usernames from attackers
Sensitive Files Protected – wp-config.php, .htaccess secured
Security Headers – Industry-standard HTTP headers
WordPress Hidden – Removes version and generator tags

इस्तेमाल करना बेहद आसान है

Plugin activate करें
Settings > Login Path Security में जाएं
अपना custom login path enter करें
Settings save करें
नया login URL use करें

Screenshots

Settings page – Configure custom login path
New login URL display – Your secure login URL
Security features overview

Installation

Upload the plugin folder to /wp-content/plugins/ directory
Activate the plugin through the ‘Plugins’ menu in WordPress admin
Go to Settings > Login Path Security to configure

Go to Plugins > Add New in WordPress admin
Search for “Khushal Login Path Guard”
Install and Activate

FAQ

What if I forget my login URL?: You can rename or delete the /wp-content/plugins/khushal-login-path-guard/ folder via FTP or cPanel. This will deactivate the plugin and you can login using the normal wp-login.php.
Will this plugin slow down my site?: No, this plugin is very lightweight and will not affect your site’s performance.
Will wp-admin work for logged-in users?: Yes, everything will work normally for users who are already logged in.
Does this work with multisite?: Yes, this plugin is multisite compatible.
Will AJAX requests be blocked?: No, WordPress AJAX requests will work normally.

Reviews

umang3640 24 Desambra 2025

one of the best security plugin in wp also free plugin so this is very helpful me this plugin.

Read all 1 review

Contributors & Developers

“Khushal Login Path Guard” is open source software. The following people have contributed to this plugin.

Khushal Tank

Translate “Khushal Login Path Guard” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

2.4.1

Fixed wp-admin redirect issue – now shows 404 when logged out
Added multiple layers of protection for wp-admin access
Improved logout functionality
Enhanced user experience

2.4.0

Changed wp-admin behavior – shows 404 instead of redirect when logged out
Improved security by preventing information leakage
Better stealth mode implementation

2.3.3

Fixed dashboard access after login
Removed wp-admin from directory blocking
Improved logged-in user detection

2.3.2

Fixed wp-admin access timing issue
Changed hook from ‘init’ to ‘wp’ for better authentication detection
Improved compatibility

2.3.1

Fixed logout functionality
Added proper logout URL filtering
Improved redirect handling

2.3.0

Added logout redirect to custom login page
Enhanced logout URL handling
Improved user experience

2.2.5

Fixed wp-admin directory access
Removed wp-admin from blocked directories list
Improved functionality for logged-in users

2.2.4

Fixed login.php blocking
Added admin-login.php and adminlogin.php to blocklist
Updated blocked paths count

2.2.3

Fixed undefined variable warnings
Initialized all required wp-login.php variables
Improved login page compatibility

2.2.2

Added comprehensive login path blocking
Added /login, /signin, /administrator paths to blocklist
Updated admin interface

2.2.1

Changed redirect behavior to show 404 error
Removed redirect URL setting
Enhanced security by hiding WordPress

2.2.0

Added XML-RPC blocking
Added REST API user enumeration protection
Added author page enumeration blocking
Added sensitive file protection
Added wp-includes PHP file protection
Added comprehensive security headers
Expanded blocked login paths

2.0.0

Major security update
Added multiple security features
Enhanced protection mechanisms

1.0.0

Initial release
Custom login path functionality
wp-login.php and wp-admin protection
Admin settings interface
Basic security features