A Login Form That Belongs on Your Site, Not WordPress’s Default
Replace the generic wp-login.php page with a branded login form embedded anywhere on your site. Set the login method, control redirects, block concurrent sessions, and enable passwordless login — all from one settings panel.
How It Works
WordPress sends every user to wp-login.php by default — a bare, unbranded page you can’t customize. URM lets you build a login form, configure exactly how it behaves, and embed it anywhere on your site.
You decide:
- Whether users log in with username, email, or either
- Where users land after a successful login
- Whether to allow concurrent sessions per user
- What message users see if their account is pending or denied
URM handles:
- Authentication and session management
- CAPTCHA spam and bot protection
- Ajax login without page reload
- Replacing the default wp-login.php screen
Set Up Your Login Form in 4 Steps
From a fresh install to a fully configured login page in under 10 minutes.
-
01
Create a Login Form
Go to User Registration › Login Forms › Add New. The default form includes a username/email field, password field, Remember Me checkbox, and a Login button — ready to use immediately.
-
02
Configure Field Options
In Field Options, set labels and placeholders, customize the invalid username and email error messages, and choose whether to hide field labels for a cleaner look.
-
03
Configure Form Settings
Under Form Settings, choose the login method (username, email, or either), enable Ajax login, add CAPTCHA, set custom redirect after login, and optionally disable the default WordPress login screen.
-
04
Embed with a Shortcode
Copy the
[user_registration_login]shortcode and paste it on any page. The form renders immediately in your theme’s styles.
General Settings: Configure the Basics
Login Methods
Allow users to log in with their username, their email address, or either one — whichever makes most sense for how your site handles accounts.
Enable Passwordless Login
Send a magic link to the user’s email so they can sign in without a password. Cuts down on forgotten password requests and speeds up the login experience.
Prevent Concurrent Login
Block a user from being signed in on more than one device at the same time. Essential for subscription or course sites where account sharing is a problem.
Enable Login Title
Optionally show a heading above the form. Useful when the login form is embedded alongside other content and needs a clear visual label.
Advanced Settings: Security and Control
Disable Default WordPress Login Screen
Redirect all traffic away from wp-login.php to your own login page. Make sure your custom login page is live before toggling this on — otherwise you could lock yourself out.
Enable Custom Redirect
Send users to a specific URL after login — a members area, dashboard, or course page — instead of the default WordPress admin screen that most users should never land on.
Enable Ajax Login
Credentials are validated in the background and the page updates instantly on success — no full page reload. Gives the login a fast, app-like feel.
Enable Captcha
Add Google reCAPTCHA or hCaptcha to stop automated bot login attempts before they reach your user accounts.
More Features Worth Knowing
Embed Anywhere
Use the [user_registration_login] shortcode or Gutenberg block to place the form on any page, sidebar, or popup — wherever your users expect to find it.
Passwordless Login
Enable magic link login so returning members can sign in via an email link instead of a password. Reduces login friction and support requests for forgotten passwords.
Prevent Concurrent Sessions
Stop users from sharing accounts by blocking simultaneous logins from different devices. Essential for paid membership and course sites.
CAPTCHA Protection
Add Google reCAPTCHA or hCaptcha directly to your login form to stop credential-stuffing bots before they reach your user accounts.
Custom Post-Login Redirect
Send members straight to their dashboard, course page, or members area after login — not to the WordPress admin, which most users should never see.
Ajax Login (No Page Reload)
Authentication happens in the background. Users see instant feedback without a page refresh, giving the login experience a modern, app-like feel.
Frequently Asked Questions
Have more questions? These FAQs might help
Yes. Under Form Settings › Advanced, toggle on “Disable Default WordPress Login Screen”. Before doing this, make sure you’ve already published a page with the login form shortcode — otherwise you could lock yourself out of the admin.
You can set the login method to username only, email address only, or username or email. You can also enable passwordless login, which sends a magic link to the user’s email instead of requiring a password.
Copy the shortcode shown in the form builder (e.g. [user_registration_login]) and paste it on any page, post, or widget area. You can also use the User Registration Login block in the Gutenberg block editor to insert it without a shortcode.
Yes. Enable Custom Redirect under Form Settings › Advanced and enter the URL you want users sent to after a successful login. You can send different user roles to different destinations using role-based redirect settings.
Toggle on “Prevent Concurrent Login” under Form Settings › General. When this is active, if a user is already logged in on one device and someone else signs in with the same credentials, the first session is terminated automatically.
Build Your Professional Registration System Now
Create custom registration forms, manage user access, and secure logins all in one place.