WP-Admin “Open Sesame” or yet another magic way to protect your wp-admin from attacks

There are obviously a lot of ways to block our WordPress admin area login page from attackers, there are a lot of plugins for that.

But what if we want to build own logic – the secret key which changes itself daily, but we always know it, because we know its built logic.

For example what about if our secret key to wp-admin is today’s date + any custom string? Funny yeah? Or md5 encrypt of today’s date + any custom string – in this case nobody will recognize how this keys are generated.

Let’s write a little 2 functions which fulfill this solution.

In this sample our logic is ” secret key is current date + sesame” , so for example if today is 2016-10-10, our secret key would be 2016-10-10-sesame.
So yoursite.com/wp-admin?call=2016-10-10-sesame will work, yoursite.com/wp-admin will give 404 error.


You can also build your own funny logic which changes keywords by the current date, last post name or any other dynamic data. Or to hide how your key is built you can use md5 encryption for that.

For that purpose just use $secretstring = md5(date(‘Y-m-d’) . ‘-sesame’) in the code above.