Hướng dẫn bảo mật WordPress với wp-login.php

Để tăng cường bảo mật cho WordPress, chống lại việc rà password trong trang Đăng Nhập, bạn cần đổi tập tin wp-login.php thành login.php bằng cách sau:

Step 1:
In the root folder of your WordPress website, rename the file “wp-login.php” to “login.php”.
Step 2:
Open the same file in a text editor. Replace “wp-login.php” anywhere you find it in the file with “login.php”.
Step 3:
Edit the functions.php file in your theme folder, usually found at /wp-content/themes/active-theme/functions.php. (where “active-theme” is the name of your active theme.) If you don’t have one, you can create one. (make sure the file starts with
//register url fix
add_filter(‘register’,’fix_register_url’);
function fix_register_url($link){
return str_replace(site_url(‘wp-login.php?action=register’, ‘login’),site_url(‘login.php?action=register’, ‘login’),$link);
}
//login url fix
add_filter(‘login_url’,’fix_login_url’);
function fix_login_url($link){
return “/login.php”;
}
//forgot password url fix
add_filter(‘lostpassword_url’,’fix_lostpass_url’);
function fix_lostpass_url($link){
return “/login.php?action=lostpassword”;
}
//Site URL hack to overwrite register url
add_filter(‘site_url’,’fix_urls’,10,3);
function fix_urls($url, $path, $orig_scheme){
if ($orig_scheme !== ‘login’) return $url;
if ($path == ‘wp-login.php?action=register’) return site_url(‘register’, ‘login’);
return $url;
}

add_filter( ‘logout_url’, ‘fix_logout_url’, 10, 2 );
function fix_logout_url($link){
return str_replace(site_url(‘wp-login.php?action=logout’, ‘logout’),site_url(‘login.php?action=logout’, ‘logout’),$link);
}