Skip to content

Login protection

Login protection is accessible for the Community (paid), Developer and Business plan users.

To manage your WordPress site’s login protection, and set up 2FA (two factor authentication) for it, navigate to Sites > > Hardening > Login protection in Patchstack App.

On the Login protection subpage you can:

  • Block access to default /wp-admin page and set up a custom login URL
  • Ban IPs that fail on multiple login attempts
  • Set a specific time, where in between users can log in to WordPress
  • Enable WordPress users to set up the 2FA from WordPress profile page
  • Add IP addresses to WordPress login whitelist
  • Block certain IP addresses from being able to log into WordPress

How our custom login URL feature works

If you define a new URL for login, it works like a security token for your wp-admin. Entering your custom URL once, will whitelist your IP to access regular wp-admin URL again.

Example usage:

Let’s say you enter “myadmin” to the New URL field.
To log in to your WordPress admin panel, you need to:

  1. First visit your secret URL (for example
  2. Your IP gets whitelisted
  3. You can now log in from the regular again
  4. Other visitors are blocked from wp-admin page, unless they know your security token (in this case /myadmin)