| 开发者 | nexibyllc |
|---|---|
| 更新时间 | 2026年7月11日 00:17 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
wp-login.php and protected wp-admin requests.ADMINVORO_DISABLE_CUSTOM_LOGIN constant.X-Pingback response header.wp-embed script.Open your site's wp-config.php file and add the following line above the comment that says WordPress editing should stop:
define( 'ADMINVORO_DISABLE_CUSTOM_LOGIN', true );
You can then sign in through the standard wp-login.php address. After correcting the plugin settings, remove the constant or change its value to false.
For logged-out visitors, direct requests to wp-login.php are handled using the action you selected: a 404 response, a homepage redirect, or a redirect to a same-site page. Logged-in users are not blocked.
No. Changing the public login address can reduce automated requests to the default endpoint, but it is not a substitute for strong passwords, two-factor authentication, login rate limiting, updates, backups, or a complete security solution.
Adminvoro accepts valid absolute HTTP(S) destination URLs, but it uses WordPress safe redirect handling. An off-site redirect will work only when WordPress allows that destination host. Same-site and root-relative destinations are the most reliable options.
Yes. Choose 301 for a permanent redirect or 302 for a temporary redirect. Adminvoro also prevents a rule from redirecting a URL directly back to itself.
No. Redirect rules are intended for normal frontend requests and are skipped for WordPress admin, AJAX, cron, and REST request contexts.
For logged-out visitors, it blocks common numeric author queries, author archive discovery, and public WordPress REST API user endpoints. It does not hide every possible place where a username may appear in site content, feeds, themes, or other plugins.
It can. Applications or services that depend on XML-RPC, remote publishing, pingbacks, or XML-RPC authentication may stop working. Enable this option only when your site does not need those features.
The option removes WordPress frontend oEmbed discovery output and the wp-embed script. Content behavior can vary by block, theme, plugin, and embed provider, so test important embedded content after enabling it.
No. The plugin does not include a telemetry, tracking, or external API service. Its settings are stored in your WordPress database.
When Adminvoro Toolkit is deleted through the WordPress Plugins screen, its saved settings and redirect rules are removed from the database.
The plugin can be used on individual sites in a multisite installation. Settings are stored per site. Test custom login behavior carefully in a staging multisite environment before using it across a network.