{"id":21606,"date":"2013-01-18T10:45:50","date_gmt":"2013-01-18T10:45:50","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/login-rebuilder\/"},"modified":"2026-01-19T07:36:30","modified_gmt":"2026-01-19T07:36:30","slug":"login-rebuilder","status":"publish","type":"plugin","link":"https:\/\/ms.wordpress.org\/plugins\/login-rebuilder\/","author":5105754,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.8.8","stable_tag":"2.8.8","tested":"6.9.0","requires":"3.2.0","requires_php":"5.6","requires_plugins":null,"header_name":"Login rebuilder","header_author":"tmatsuur","header_description":"","assets_banners_color":"","last_updated":"2026-01-19 07:36:30","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/elearn.jp\/wpman\/column\/login-rebuilder.html","header_plugin_uri":"https:\/\/elearn.jp\/wpman\/column\/login-rebuilder.html","header_author_uri":"https:\/\/12net.jp\/","rating":5,"author_block_rating":0,"active_installs":20000,"downloads":259943,"num_ratings":7,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.8.2":{"tag":"2.8.2","author":"tmatsuur","date":"2024-07-24 00:54:58"},"2.8.3":{"tag":"2.8.3","author":"tmatsuur","date":"2024-09-03 03:10:12"},"2.8.4":{"tag":"2.8.4","author":"tmatsuur","date":"2024-09-04 07:12:36"},"2.8.5":{"tag":"2.8.5","author":"tmatsuur","date":"2024-11-04 15:04:53"},"2.8.8":{"tag":"2.8.8","author":"tmatsuur","date":"2026-01-19 07:36:30"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":7},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.8.2","2.8.3","2.8.4","2.8.5","2.8.8"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3442268,"resolution":"1","location":"plugin"},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3442268,"resolution":"4","location":"plugin"},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3442268,"resolution":"5","location":"plugin"},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3442268,"resolution":"7","location":"plugin"},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3442268,"resolution":"2","location":"plugin"},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3442268,"resolution":"3","location":"plugin"},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3442268,"resolution":"6","location":"plugin"}},"screenshots":{"1":"This plug-in menu.","2":"This plug-in settings.","3":"Widget on the dashboard.","4":"This plug-in XML-RPC settings.","5":"Other settings.","6":"Lock file settings.","7":"Widget to display currently logged in users."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[199412],"plugin_category":[],"plugin_contributors":[80136],"plugin_business_model":[],"class_list":["post-21606","plugin","type-plugin","status-publish","hentry","plugin_tags-login-secure-security","plugin_contributors-tmatsuur","plugin_committers-tmatsuur"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/login-rebuilder.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/login-rebuilder\/trunk\/screenshot-1.png?rev=3442268","caption":"This plug-in menu."},{"src":"https:\/\/ps.w.org\/login-rebuilder\/trunk\/screenshot-2.png?rev=3442268","caption":"This plug-in settings."},{"src":"https:\/\/ps.w.org\/login-rebuilder\/trunk\/screenshot-3.png?rev=3442268","caption":"Widget on the dashboard."},{"src":"https:\/\/ps.w.org\/login-rebuilder\/trunk\/screenshot-4.png?rev=3442268","caption":"This plug-in XML-RPC settings."},{"src":"https:\/\/ps.w.org\/login-rebuilder\/trunk\/screenshot-5.png?rev=3442268","caption":"Other settings."},{"src":"https:\/\/ps.w.org\/login-rebuilder\/trunk\/screenshot-6.png?rev=3442268","caption":"Lock file settings."},{"src":"https:\/\/ps.w.org\/login-rebuilder\/trunk\/screenshot-7.png?rev=3442268","caption":"Widget to display currently logged in users."}],"raw_content":"<!--section=description-->\n<p>Have not you experienced unjust access to wp-login.php? If this plug-in is used, a unique login page will be arranged to your site, and unlawful access will be reduced.<\/p>\n\n<h4>Some features:<\/h4>\n\n<ul>\n<li>This plugin allows you to change wp-login.php to a login page with a unique name (multisite sub-directory type is supported).<\/li>\n<li>Create a login page for administrators only, and separate it from the login page for users with other roles.<\/li>\n<li>Disables login by email address.<\/li>\n<li>When an administrator logs in, the site administrator is notified by email.<\/li>\n<li>Selects the response when the wp-login.php page is requested.<\/li>\n<li>Restrict the functions that can be used, such as login via XML-RPC.<\/li>\n<li>Restrict REST APIs related to users.<\/li>\n<li>Disable the author archive page.<\/li>\n<li>Controls the author information of oEmbed.<\/li>\n<\/ul>\n\n<h4>Support<\/h4>\n\n<ul>\n<li>Japanese - https:\/\/elearn.jp\/wpman\/column\/login-rebuilder.html<\/li>\n<\/ul>\n\n<h4>Translators<\/h4>\n\n<ul>\n<li>Japanese(ja) - <a href=\"https:\/\/12net.jp\/\">Takenori Matsuura<\/a><\/li>\n<\/ul>\n\n<p>You can send your own language pack to me.<\/p>\n\n<p>Please contact to me.<\/p>\n\n<ul>\n<li>https:\/\/12net.jp\/ (ja)<\/li>\n<li>email to takenori.matsuura[at]gmail.com<\/li>\n<li>@tmatsuur on twitter.<\/li>\n<\/ul>\n\n<h4>Contributors<\/h4>\n\n<ul>\n<li><a href=\"https:\/\/12net.jp\/\">Takenori Matsuura<\/a><\/li>\n<\/ul>\n\n<h3>Credits<\/h3>\n\n<p>This plug-in is not guaranteed though the user of WordPress can freely use this plug-in free of charge regardless of the purpose.\nThe author must acknowledge the thing that the operation guarantee and the support in this plug-in use are not done at all beforehand.<\/p>\n\n<h3>Contact<\/h3>\n\n<p>email to takenori.matsuura[at]gmail.com\ntwitter @tmatsuur<\/p>\n\n<!--section=installation-->\n<ol>\n<li>A plug-in installation screen is displayed on the WordPress admin panel.<\/li>\n<li>It installs it in <code>wp-content\/plugins<\/code>.<\/li>\n<li>The plug-in is made effective.<\/li>\n<li>You will find <code>Login rebuilder<\/code> submenu in <code>Settings<\/code> menu.<\/li>\n<li>Please enter <code>New login file<\/code>, and choose <code>working<\/code>. Next, please click <code>Save Changes<\/code> button.<\/li>\n<li><code>Login file for subscriber<\/code> is optional. It becomes a page to which only subscribers can log in there.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"is%20a%20%60wp-login.php%60%20file%20unnecessary%3F\"><h3>Is a `wp-login.php` file unnecessary?<\/h3><\/dt>\n<dd><p>wp-login.php is used in this plug-in. Please do not delete <code>wp-login.php<\/code>.<\/p><\/dd>\n<dt id=\"even%20if%20it%20accessed%20a%20%60wp-admin%60%20directory%2C%20it%20became%20impossible%20to%20login.\"><h3>Even if it accessed a `wp-admin` directory, it became impossible to login.<\/h3><\/dt>\n<dd><p>Even if it accesses a <code>wp-admin<\/code> directory before login, it becomes impossible to log in, when this plug-in is effective. It is for not telling outside about a new login page.<\/p><\/dd>\n<dt id=\"a%20new%20login%20page%20can%20be%20used%20even%20if%20this%20plug-in%20is%20invalid.\"><h3>A new login page can be used even if this plug-in is invalid.<\/h3><\/dt>\n<dd><p>Please delete the file, when a new login page becomes unnecessary.<\/p><\/dd>\n<dt id=\"it%20became%20impossible%20to%20login%20from%20a%20new%20login%20page.\"><h3>It became impossible to login from a new login page.<\/h3><\/dt>\n<dd><p>Please delete the new login page file, this plug-in returns during preparation.<\/p><\/dd>\n<dt id=\"can%20i%20set%20the%20login%20page%20of%20the%20only%20administrators%3F\"><h3>Can I set the login page of the only administrators?<\/h3><\/dt>\n<dd><p>If it is version 1.4.0 or later, you can choose the role of non-administrator for the <code>Secondary login file<\/code>.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20support%20nginx%3F\"><h3>Does this plugin support Nginx?<\/h3><\/dt>\n<dd><p>Yes, this plugin works well on Nginx.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.8.8<\/h4>\n\n<ul>\n<li>Bug fix: Fixed an issue where the reset permission check was incorrectly changed on pages other than the alternative login page.<\/li>\n<\/ul>\n\n<h4>2.8.7<\/h4>\n\n<ul>\n<li>Bug fix: The issue has been fixed, and the password can now be reset.<\/li>\n<\/ul>\n\n<h4>2.8.6<\/h4>\n\n<ul>\n<li>Bug fix: Adjusted what is applied to internally stored hostnames when SERVER['SERVER_ADDR'] does not exist.<\/li>\n<\/ul>\n\n<h4>2.8.5<\/h4>\n\n<ul>\n<li>Bug fix: Adjusted what is applied to internally stored hostnames when SERVER['HTTP_HOST'] does not exist.<\/li>\n<\/ul>\n\n<h4>2.8.4<\/h4>\n\n<ul>\n<li>Bug fix: Fixed a bug that prevented the settings page from displaying.<\/li>\n<\/ul>\n\n<h4>2.8.3<\/h4>\n\n<ul>\n<li>Bug fix: Changed to apply 'Unknown' to internally stored hostname when $_SERVER['HTTP_HOST'] does not exist.<\/li>\n<li>Tweaked widget showing logged in users.<\/li>\n<\/ul>\n\n<h4>2.8.2<\/h4>\n\n<ul>\n<li>Bug fix: Fixed escaping for \"login file keywords\" on the settings page.\nBug fix: Fixed the handling of session tokens for user information displayed in widgets.<\/li>\n<\/ul>\n\n<h4>2.8.1<\/h4>\n\n<ul>\n<li>Bug fix [important]: The \"Login file keyword\" in the settings page has been changed to perform escaping since escaping was omitted.\nIn addition, the \"Login file keyword\" has been sanitized when it is saved.<\/li>\n<li>Changed: Moved \"Status\" to the top of the settings page.<\/li>\n<\/ul>\n\n<h4>2.8.0<\/h4>\n\n<ul>\n<li>A widget has been added to the dashboard that displays a currently logged in users.\nLogin statuses added to the \"log of login\" widget have been moved to a new widget.<\/li>\n<li>The process of saving logs at login has been changed from the \"login_redirect\" action to the \"set_logged_in_cookie\" action.<\/li>\n<li>User agent has been added to the contents of the \"Log of login\" widget.<\/li>\n<li>The \"Logged-in users\" widget and the \"Log of login\" widget are updated periodically.<\/li>\n<\/ul>\n\n<h4>2.7.4<\/h4>\n\n<ul>\n<li>For administrators only, the \"log of login\" widget now displays login status.<\/li>\n<\/ul>\n\n<h4>2.7.3<\/h4>\n\n<ul>\n<li>Adjusted some translated text.\nBug fix: Incorrectly used functions have been corrected.<\/li>\n<\/ul>\n\n<h4>2.7.2<\/h4>\n\n<ul>\n<li>Bug fix: Fixed a bug where the URL of the login page could not be rewritten correctly under certain conditions when using multisite.<\/li>\n<\/ul>\n\n<h4>2.7.1<\/h4>\n\n<ul>\n<li>Added the ability to notify the site administrator when a login page is requested by an IP address that has never logged in before.\nBug fix: Fixed a problem with the delivery test of the notification email when an administrator logs in.<\/li>\n<\/ul>\n\n<h4>2.7.0<\/h4>\n\n<ul>\n<li>The access log of the login page is now saved and can be viewed in the dashboard.<\/li>\n<\/ul>\n\n<h4>2.6.9<\/h4>\n\n<ul>\n<li>Extended the ability to send login notification emails, allowing the site administrator's email address to be specified in CC \/ BCC.\nBug fix: Fixed an issue where \"Custom\" was not translated in some versions.<\/li>\n<\/ul>\n\n<h4>2.6.8<\/h4>\n\n<ul>\n<li>Bug fix: If you restrict browsing to the Author page, send status 404.<\/li>\n<\/ul>\n\n<h4>2.6.7<\/h4>\n\n<ul>\n<li>If you restrict browsing to the Author page, no \"users\" sitemap is created. (WordPress 5.5. 0 or later)<\/li>\n<\/ul>\n\n<h4>2.6.6<\/h4>\n\n<ul>\n<li>Bug fix: Fixed a bug that caused an error related to type hints in some PHP versions.<\/li>\n<\/ul>\n\n<h4>2.6.5<\/h4>\n\n<ul>\n<li>New: Displays the date and time of the log data in any format.<\/li>\n<\/ul>\n\n<h4>2.6.4<\/h4>\n\n<ul>\n<li>Bug fix: Fixed a bug where the nonce element in the logfile download form had duplicate ids.<\/li>\n<\/ul>\n\n<h4>2.6.3<\/h4>\n\n<ul>\n<li>Bug fix: Fixed an issue that occurred when used in combination with some plugins.<\/li>\n<\/ul>\n\n<h4>2.6.2<\/h4>\n\n<ul>\n<li>Changed: For \"subdomain\" multi-sites, it is now possible to include directories in login file pathnames.<\/li>\n<\/ul>\n\n<h4>2.6.1<\/h4>\n\n<ul>\n<li>Bug fix: URL of the login page has been corrected so that it does not contain \"??\".<\/li>\n<\/ul>\n\n<h4>2.6.0<\/h4>\n\n<ul>\n<li>New: Added the function to restrict REST API \/ Users.<\/li>\n<\/ul>\n\n<h4>2.5.1<\/h4>\n\n<ul>\n<li>Bug fix: Fixed an issue where valid IP address could not be stored in the log under certain conditions.<\/li>\n<\/ul>\n\n<h4>2.5.0<\/h4>\n\n<ul>\n<li>New: Added authentication lock by specified file.<\/li>\n<\/ul>\n\n<h4>2.4.4<\/h4>\n\n<ul>\n<li>Bug fix: Activation fails in a multisite environment where program files are installed in a subdirectory.<\/li>\n<\/ul>\n\n<h4>2.4.3<\/h4>\n\n<ul>\n<li>The 'wp-login.php' has been changed so that 'confirmaction' is passed through only in version 4.9.6 or later.<\/li>\n<\/ul>\n\n<h4>2.4.2<\/h4>\n\n<ul>\n<li>Set the original confirmation URL in the body of the user request mail.<\/li>\n<\/ul>\n\n<h4>2.4.1<\/h4>\n\n<ul>\n<li>New: Add oembed setting.<\/li>\n<li>Changed: Display the user name after urldecode at login log.<\/li>\n<\/ul>\n\n<h4>2.4.0<\/h4>\n\n<ul>\n<li>New: Add <code>Access to author page<\/code>: Access to the author page can be restricted.<\/li>\n<\/ul>\n\n<h4>2.3.0<\/h4>\n\n<ul>\n<li>New: Log data can now be downloaded.<\/li>\n<\/ul>\n\n<h4>2.2.0<\/h4>\n\n<ul>\n<li>New: Add other settings: Notify by email when the administrator login.<\/li>\n<\/ul>\n\n<h4>2.1.0<\/h4>\n\n<ul>\n<li>New: Add other settings: The error message when login, is changed to the ambiguous content(WordPress Version 4.5 or later effective). \/ Authentication using a email address and a password is prohibited.<\/li>\n<\/ul>\n\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>New: XML-RPC settings. (WordPress Version 3.5 or later effective)<\/li>\n<\/ul>\n\n<h4>1.4.5<\/h4>\n\n<ul>\n<li>Bug fix [important]: Changed the process of AJAX request.<\/li>\n<\/ul>\n\n<h4>1.4.4<\/h4>\n\n<ul>\n<li>Added the widget that displays the log on the dashboard for administrators.<\/li>\n<\/ul>\n\n<h4>1.4.3<\/h4>\n\n<ul>\n<li><code>wp_secondary_login_url<\/code> method added.<\/li>\n<\/ul>\n\n<h4>1.4.2<\/h4>\n\n<ul>\n<li>Bug fix [important]: Changed the process of AJAX request.<\/li>\n<\/ul>\n\n<h4>1.4.1<\/h4>\n\n<ul>\n<li>Bug fix: A parameter of the function was adjusted.<\/li>\n<\/ul>\n\n<h4>1.4.0<\/h4>\n\n<ul>\n<li><code>Login file for subscriber<\/code> has changed the name to <code>Secondary login file<\/code>. <code>Secondary login file<\/code> will function as the login file for subscribers in the same way as before. In addition, the administrator can choose the role of login possible user.<\/li>\n<\/ul>\n\n<h4>1.3.1<\/h4>\n\n<ul>\n<li>Bug fix: Password reset available.<\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Login file is able to place in any directory.<\/li>\n<\/ul>\n\n<h4>1.2.3<\/h4>\n\n<ul>\n<li>Changed the specification for the validity period of the property page.<\/li>\n<\/ul>\n\n<h4>1.2.2<\/h4>\n\n<ul>\n<li>When expired, Display the reload button.<\/li>\n<\/ul>\n\n<h4>1.2.1<\/h4>\n\n<ul>\n<li>Property page is now valid for 30 minutes.<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Bug fix [important]: It was coped with about CSRF.\n\n<ul>\n<li>New: Added logging.<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<h4>1.1.3<\/h4>\n\n<ul>\n<li>Bug fix:\n1.It corrected so that a post password could be used.<\/li>\n<\/ul>\n\n<h4>1.1.2<\/h4>\n\n<ul>\n<li>Bug fix:\n1.A source code for debugging was deleted.<\/li>\n<\/ul>\n\n<h4>1.1.1<\/h4>\n\n<ul>\n<li>Bug fix:\n1.Avoid fatal errors with a few plugins that were incorrectly calling functions too early.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Login page for subscriber is available.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Bug fix:\n1.A few array key name was corrected.\n2.The URL of properties form was corrected.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Bug fix:\n1.The fault which has not recognized an alternative login file correctly in a part of server environments was coped with.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Bug fix:\n1.Wrong URL was corrected at plugins.php.\n2.The operation at the time of invalid access became normal.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>The first release.<\/li>\n<\/ul>","raw_excerpt":"This plugin will create a new login page for your site. You can also create separate login pages for administrators and for other users.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/21606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=21606"}],"author":[{"embeddable":true,"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/tmatsuur"}],"wp:attachment":[{"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=21606"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=21606"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=21606"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=21606"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=21606"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ms.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=21606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}