I’m using this code to prevent user to access my login page:

global $pagenow;

if ( 'wp-login.php' == $pagenow && ! in_array( ! empty( $_GET['action'] ) ? $_GET['action'] : '', array( 'lostpassword', 'logout', ) ) )
    global $wp_query;
    status_header( 404 );
    get_template_part( 404 );

It works well and I can’t access login page anymore. I also use Simple History plugin to track logs and I still see that someone tries to login my site so many times.

Failed to login with username “*********” (username does not exist) warning

I was wondering why someone can access my login page. Am I missing something in above code?

Read more here: Prevent user to access wordpress login page


If you know the solution of this issue, please leave us a reply in Comment section, to update the question.

Wordpress related questions and answers: