How to Customise the WordPress Login Page Without Plugins

The default WordPress login screen (wp-login.php) is iconic, but it screams “Generic Blog”. If you are an agency building a site for a client (e.g., Coca-Cola), seeing the WordPress logo is a branding failure.

Learn more about WordPress security services at WPPoland. In 2026, White-Labeling is standard practice. This guide shows you how to completely customize the login experience using functions.php, making it look like a bespoke application.

If you only need the practical version, use the login hooks to replace the logo, load dedicated CSS, and return less revealing error messages, all without installing another plugin just for branding.

#1. Changing the logo (the basics)

First, let’s get rid of the WordPress “W” and replace it with your client’s logo.

function wppoland_login_logo() { ?>
    <style type="text/css">
        #login h1 a, .login h1 a {
            background-image: url(<?php echo get_stylesheet_directory_uri(); ?>/images/client-logo.svg);
            height: 65px;
            width: 320px;
            background-size: contain;
            background-repeat: no-repeat;
            padding-bottom: 30px;
        }
    </style>
<?php }
add_action( 'login_enqueue_scripts', 'wppoland_login_logo' );

Pro Tip: The default link goes to WordPress.org. Change it to your site’s homepage:

function wppoland_login_logo_url() {
    return home_url();
}
add_filter( 'login_headerurl', 'wppoland_login_logo_url' );

#2. Full CSS overhaul (the modern look)

The default grey background (#f1f1f1) is boring. Let’s make it a full-screen branded experience. Create a file login-style.css in your theme and enqueue it only on the login page.

function wppoland_login_stylesheet() {
    wp_enqueue_style( 'custom-login', get_stylesheet_directory_uri() . '/style-login.css' );
}
add_action( 'login_enqueue_scripts', 'wppoland_login_stylesheet' );

Example style-login.css:

body.login {
    background-color: #0d1117; /* Dark Mode */
    display: flex;
    align-items: center;
    justify-content: center;
}
.login form {
    background: #161b22;
    border: 1px solid #30363d;
    box-shadow: none;
    border-radius: 8px;
}
.login label {
    color: #c9d1d9;
}
.wp-core-ui .button-primary {
    background: #238636; /* GitHub Green */
    border-color: rgba(27,31,35,0.15);
}

#3. Security hardening (obscurity)

By default, if you type a wrong password, WordPress says: “The password you entered for the username admin is incorrect.” This tells a hacker: “The username admin exists! Now just brute-force the password.”

Let’s force WordPress to be vague.

function wppoland_login_errors() {
    return 'Something is wrong!';
}
add_filter( 'login_errors', 'wppoland_login_errors' );

Now, the error message is generic, revealing nothing.

#4. Removing the “shake” effect

When you fail a login, the form shakes. Some clients find this annoying or unprofessional. You can remove the JS that triggers it.

function wppoland_remove_login_shake() {
    remove_action( 'login_head', 'wp_shake_js', 12 );
}
add_action( 'login_head', 'wppoland_remove_login_shake' );

#5. Adding 2fa / passkeys (the future)

In 2026, passwords are arguably obsolete. While you can’t easily build 2FA (Two-Factor Authentication) from scratch in functions.php, you should style the 2FA fields if you use a plugin like Two Factor. Target the CSS class .login .backup-methods to make sure the “Use a security key” buttons match your branding.

#Summary

A custom login page is the “cherry on top” of a professional WordPress project.

• Brand it: Logo + Link.
• Style it: Full CSS control.
• Secure it: Generic error messages.

Don’t let your client see the default WordPress interface. It breaks the immersion of a custom-built solution.