I want to move login page physically (not virtually). Please, suggest a plugin way to do this which could alter core codes on fly (even after core code update). It can be another layer of security.
12 Answers
You can disable the wp-login page from your functions by hooking into login_head:
add_action( 'login_head', 'wp_die');
(that’s obviously a very clumsy way of doing it, but it prevents anyone from being able to login through that page. You could make that a redirect function, or a warning message, rather than just a die.)
And copy the existing wp-login file to another location, making sure to update the relative path to wp-load.php near the top (and any other relative paths that may be in there, including the links to itself and the form actions.
(Obviously you’ll have to remove the action that you added to login_head here, otherwise you won’t be able to login from this page either.)
Then, you should just need to add a filter to login_url that returns the address of your new login page, otherwise people requesting wp-admin files will be redirected to the old login page, which is now disabled.