Any way to change the wp-login.php url? It seems insecure that everyone that’s ever used WordPress could easily see if your site is using it, and get right to the login page.
There used to be a plugin called “Stealth login,” but it wasn’t updated. (And hence our reluctance to rely on plugins).
If you are doing this for your own site then using .htaccess might be the easiest way although it could get tricky if you want to make it work for a plugin as there would be lots of different subtle configuration differences to support.
Here are some articles that could help; not all are directly answering your question but they all address your security concern in one way or another:
And of course that’s no blog expert on Apache and WordPress than the guy who writes AskApache. Be sure to check out these:
