Stealthy Login and Register
Hide your login and registration pages behind secret URLs and secure tokens to keep bots and bad actors out β without disrupting real users.
π Safe Login & Registration pages
Hide your login and registration pages from bots, scripts, and curious strangers.
By default, Concrete CMS uses predictable URLs like /login and /register. Guess what? Bots know that too. That makes these pages easy targets for brute-force attacks and automated scanners β even with rate limiting in place.
Stealthy Login & Register adds an extra layer of stealth and protection by making your login and registration pages disappear from prying eyes (well, almost).
π‘οΈ How it works:
-
Custom Secret URLs: Set your own private login and register URLs like
/my-secret-login. Only people who know the URL can reach the page. -
Token-Protected Links: Anywhere your site publicly shows a login or registration link (e.g. in a header or footer), the plugin adds a short-lived, secure token to the URL. Without that token, access is denied. Bots donβt stand a chance.
-
Session-Based Authorization: Once a visitor uses an authorized link β either the custom URL or a token-protected one β Stealthy Login & register saves a temporary access key in their session. While that key is valid, they can access the login or registration page like normal.
-
Transparent for Real Users: For genuine visitors using valid links, everything works exactly as expected. No puzzles to solve. No extra steps. Just a normal login or registration experience.
-
Optional IP Blocking: Deny access to the default
/loginor/register? This plugin can block that IP. (And Concrete CMS can alert you if you want.) -
Flexible Denial Handling: Choose what happens when access is blocked: redirect to a custom page, show a 404, throw an error⦠or return a Chuck Norris joke. (Yes, really.)
βοΈ Features You Control
-
β Enable/disable protection for login and/or registration
-
βοΈ Set custom URLs for both
-
β±οΈ Define how long the session-based access remains valid (in minutes)
-
π Enable IP blocking for denied attempts
-
πͺ Choose your denied access response (custom URL, 404, or a legendary Chuck Norris joke)
-
π Fully compatible with multilingual sites
-
π‘ Works automatically β no template edits required
-
π§βπ» PHP 8 or higher required
Stealthy Login & Register is ideal for developers, agencies, and security-conscious site owners who want peace of mind β and a little more control β without complexity.
Install it, set your secret paths, and rest easier knowing your login page isnβt shouting its location to the internet.
Ninja logo designed by Freepik
