Thanks for your reply however that’s not exactly the issue. I’m aware that we can change the wp-login.php name however the issue is that when someone clicks to reset their password, the new wp-login name is exposed!
Upon further research it appears that HMWP can’t achieve this so I’ve found an alternative plugin which enables the admin to create a new password reset page and redirect password reset requests, completely hiding any reference to the wp-login page.
I’m open to any further suggestions here otherwise we can close off the case.
Okay, so you mean not to show the login url at all in the password reset link, right? Currently, this is not possible via HMWP as HMWP doesn’t change any default behaviour of the wordpress. It just renames the default WP paths.
May be you can let us know the plugin that enables the admin to create a new password reset page. We might consider that feature in the upcoming versions. Thanks!
This plugin here: Frontend Reset Password (albeit, not a security plugin) allows for admins to create a seperate password reset page which is then used in password reset links, protecting your wp-login name and location.
From research, I do also believe that there is another plugin similar to HMWP which also has a similar feature but I haven’t tried and can’t validate it.
I hope this helps and thanks again for your excellent support.