What WPS Hide Login gets right
WPS Hide Login is a tiny, lightweight, free plugin with one job: it changes the default wp-login.php and wp-admin URL to something only you know, and returns a 404 on the old address. That single change stops the flood of automated bots that hammer the standard login URL, and it does so without touching core files. Millions of sites run it precisely because it is small, focused, and just works.
If all you want is to move the login URL and nothing else, WPS Hide Login is hard to fault. Credit where it is due.
The difference: one switch versus a security toolkit
WPS Hide Login flips exactly one switch. That minimalism is the whole point of it.
TrueCommander flips the same switch with hide login -slug=manage, then keeps going. From the same ++W bar you can also limit login attempts, block an IP, put the site in maintenance mode, or password-protect the whole front end, alongside backups, image optimization, and the rest of the 91 commands. The login URL is one line of a much longer security and admin story.
In short: WPS Hide Login is a single-purpose switch. TrueCommander treats hiding the login as one command in a security cluster that also throttles brute force and blocks bad actors.
Shown in advanced mode, where commands start with tp. In easy mode you type the same command without the tp prefix.
WPS Hide Login vs TrueCommander, feature by feature
An honest side by side. They do the same one thing; one of them does a great deal more.
| Feature | WPS Hide Login | TrueCommander |
|---|---|---|
| Change the login URL | hide login -slug= | |
| Tiny and single-purpose | Its whole appeal | A full toolkit |
| Limit login attempts (brute-force lockout) | limit login attempts | |
| Block or unblock an IP | block ip | |
| Maintenance mode and password protection | ||
| Backups, image optimization, broken-link scans, more | 91 commands | |
| Apply on startup or via a keyboard shortcut | Settings page | |
| Price | Free on WordPress.org | $59/year, everything included |
WPS Hide Login details are from its WordPress.org listing and change over time. Check the live listing for current features and pricing.
When WPS Hide Login is the right pick
Be honest about the job. WPS Hide Login is the better fit when:
- You only want to move the login URL and value a plugin that does exactly that and nothing more.
- You want the smallest possible footprint and a free tool.
- You already have other plugins handling brute force, backups, and the rest.
When to choose TrueCommander
TrueCommander earns its place when hiding the login is the start, not the end, of locking the site down:
- You want the hidden login plus brute-force limits and IP blocking, without stacking three security plugins.
- You want maintenance mode and password protection on the same bar, ready when you need them.
- You would rather operate security from a command palette, and have it sit beside the rest of your admin work.
Hiding the login is not a complete defense on its own. It cuts bot noise, but pairing it with login-attempt limits and IP blocking is what actually hardens the door. TrueCommander puts all three in one place.
Frequently asked questions
hide login -slug=manage moves your login to a custom path of your choosing and the old wp-login.php stops responding, the same outcome WPS Hide Login gives you, run from the command bar.limit login attempts -max=5), block or unblock specific IPs (block ip / unblock ip), turn on maintenance mode, and password-protect the whole site. WPS Hide Login does none of these; it is deliberately just the URL switch.