Customize lofin form

Please refer to this Codex page. It tells us about all the different ways we can customize the login form, including making an entirely custom login page.

Thank you for your response. My only doubt at this point is how to display it on my domainName/wp-login.php, which is the page WordPress uses by default. I’m considering two options: the first is to redirect everyone who reaches that page to domainName/my-custom-login-page. The second one is to modify the existing login form on the wp-login.php page (which I think is the best option). The only problem is that I can’t modify the wp-login.php file because it could be overwritten by a WordPress update. I was thinking maybe there’s a hook or custom template, but I found nothing online.
Thank you again for your time

There are a number of filter hooks on the default wp-login.php page that you can use to customize the page. It’s all in the previously linked Codex page. If you go with a completely custom page, it would be similar to any other WP page you have, except it’d use a different template. You’d want any log in links on your site to lead to this page. wp-login.php in essence would never be used. You could even add a .htaccess redirect rule to route any wp-login.php requests over to your custom login page. But be careful with redirects, certain requests perhaps shouldn’t be redirected, such as user registration requests, unless you have a custom page for that as well.

Thank you. I believe the best option is to create a completely custom page. The only concern is if someone enters ‘myDomain/wp-login.php’ or ‘myDomain/wp-admin’ directly into the search bar without being logged in. I’m considering using a plugin to change the URL from ‘myDomain/wp-login’ to ‘myDomain/custom-login-page.’ Do you think it could be a good option? I was thinking on using WPS Hide Login

I’m not familiar with any hide login plugins. I’m assuming WPS Hide Login properly handles other wp-login.php functions like password resets and registrations. If so, I see no problem in its use.

TBH I’m not sure how necessary such measures are. If you have a good UI directing users to your custom login, there’s little reason for anyone to attempt the usual WP login procedure. Even if some were to go directly to wp-login.php and use it to login, what’s the harm? If you’re not collecting any extra data and they have the right credentials, they’ll be able to login. ˉ\_(ツ)_/ˉ

If your custom login does collect extra data, the attempt at using wp-login.php can be thwarted due to missing information and the user redirected back to the custom login. Such logic could be built into whatever code you have that handles the additional data.

Many people like to prevent wp-login.php access as a security measure. For effective security, this is marginal at best. It’s a form of “security by obscurity” which is considered to be ineffective against all but the most pedestrian of attacks. Do as you wish, but try to do it for the right reasons ??

Hello, my custom login form also needs to handle the phone number, so I can’t use the standard one (unless I modify the wp-login.php, but I don’t think it’s a good idea). For the custom login and registration logic, can I handle everything on my custom pages without going through wp-login.php, right? Maybe by taking inspiration from the code in that file for securely managing the data. Or do you think it’s better and easier to leave the login with just email and password, so I can directly use wp-login.php as the endpoint, and let users input the phone number later on the personal page as an optional step? Thank you.

You require a phone number as part of the login process? Instead of user name or email, or in addition to? Or do you mean the new user registration form that’s also part of wp-login.php, but a different form is involved?

Either way, there are action hooks you can use to add custom fields to either form. “login_form” or “register_form”. No need for a custom login page just to collect additional user data.

The above hooks only add your desired HTML to the form, WP on its own does nothing with the additional data, you’ll need to help it out. Similar to the form’s action hooks, there are other action hooks you can use to save the additional data. Depending on specifically what you want to do with the additional data, there are various hooks you could use. For log in, “authenticate” and “wp_login” are often used. For registration, “register_new_user” is often used. Several other hooks exist that may or may not be more suitable.