Seems to work fine, but… I have a WP site that I almost *never* need to login to (maybe a few times a year) and I was still seeing a lot of bot attempts, so I stopped using this and simply added ‘exit;’ after the opening PHP tag in the wp-login.php page. This basically kills the login page dead and prevents ANY login, even legitimate ones. Yes, it’s crude, but it stops 100% of ALL login attempts c