How to customize WordPress login page IN 2026 (without plugins)

The default WordPress login screen (wp-login.php) is iconic, but it screams “Generic Blog”. If you are an agency building a site for a client (e.g., Coca-Cola), seeing the WordPress logo is a branding failure.

In 2026, White-Labeling is standard practice. This guide shows you how to completely customize the login experience using functions.php, making it look like a bespoke application.

1. Changing the logo (the basics)

First, let’s get rid of the WordPress “W” and replace it with your client’s logo.

function wppoland_login_logo() { ?>
    <style type="text/css">
        #login h1 a, .login h1 a {
            background-image: url(<?php echo get_stylesheet_directory_uri(); ?>/images/client-logo.svg);
            height: 65px;
            width: 320px;
            background-size: contain;
            background-repeat: no-repeat;
            padding-bottom: 30px;
        }
    </style>
<?php }
add_action( 'login_enqueue_scripts', 'wppoland_login_logo' );

Pro Tip: The default link goes to WordPress.org. Change it to your site’s homepage:

function wppoland_login_logo_url() {
    return home_url();
}
add_filter( 'login_headerurl', 'wppoland_login_logo_url' );

2. Full CSS overhaul (the modern look)

The default grey background (#f1f1f1) is boring. Let’s make it a full-screen branded experience. Create a file login-style.css in your theme and enqueue it only on the login page.

function wppoland_login_stylesheet() {
    wp_enqueue_style( 'custom-login', get_stylesheet_directory_uri() . '/style-login.css' );
}
add_action( 'login_enqueue_scripts', 'wppoland_login_stylesheet' );

Example style-login.css:

body.login {
    background-color: #0d1117; /* Dark Mode */
    display: flex;
    align-items: center;
    justify-content: center;
}
.login form {
    background: #161b22;
    border: 1px solid #30363d;
    box-shadow: none;
    border-radius: 8px;
}
.login label {
    color: #c9d1d9;
}
.wp-core-ui .button-primary {
    background: #238636; /* GitHub Green */
    border-color: rgba(27,31,35,0.15);
}

3. Security hardening (obscurity)

By default, if you type a wrong password, WordPress says: “The password you entered for the username admin is incorrect.” This tells a hacker: “The username admin exists! Now just brute-force the password.”

Let’s force WordPress to be vague.

function wppoland_login_errors() {
    return 'Something is wrong!';
}
add_filter( 'login_errors', 'wppoland_login_errors' );

Now, the error message is generic, revealing nothing.

4. Removing the “shake” effect

When you fail a login, the form shakes. Some clients find this annoying or unprofessional. You can remove the JS that triggers it.

function wppoland_remove_login_shake() {
    remove_action( 'login_head', 'wp_shake_js', 12 );
}
add_action( 'login_head', 'wppoland_remove_login_shake' );

5. Adding 2fa / passkeys (the future)

In 2026, passwords are arguably obsolete. While you can’t easily build 2FA (Two-Factor Authentication) from scratch in functions.php, you should style the 2FA fields if you use a plugin like Two Factor. Target the CSS class .login .backup-methods to make sure the “Use a security key” buttons match your branding.

Summary

A custom login page is the “cherry on top” of a professional WordPress project.

• Brand it: Logo + Link.
• Style it: Full CSS control.
• Secure it: Generic error messages.

Don’t let your client see the default WordPress interface. It breaks the immersion of a custom-built solution.