Accessible login plugin for WordPress · v1.0.0
A login screen that every user can use.
Ananyoo Accessible Login is a free accessible login plugin for WordPress that replaces the default wp-login.php with a fully WCAG 2.2 Level AA compliant, mobile-friendly login experience. Ten accessible colour palettes. Custom backend URL. Show / hide password. Built by an accessibility consultant.
WCAG 2.2
Level AA conformance
10
Accessible palettes
320px
Reflows cleanly
0
Third-party trackers
The problem
Many “custom login” plugins overlook accessibility.
Some override WordPress’s default focus indicators with invisible ones. Some shrink button targets to please a designer, drop contrast below 3:1, break keyboard navigation, or use placeholder text instead of labels — and never test with a screen reader. The very first screen of your site can become inaccessible without anyone noticing.
This plugin is built to avoid that.
10 hand-tuned palettes
Pick a palette in 60 seconds.
Every palette is built to meet WCAG 2.2 AA contrast for text (4.5:1) and UI components (3:1). Or design your own — the palettes are starting points, not jail cells.
Ananyoo Classic
Anblik Corporate
Calm Teal
Forest Green
Sunset Orange
Royal Purple
High Contrast Light
High Contrast Dark
Midnight
Rose Garden
Everything you need. Nothing you don’t.
Built around three commitments. Every setting in the plugin serves one of them.
♿ Accessibility
WCAG 2.2 AA, out of the box.
Sensible accessible defaults across colour, focus, target size and motion — so accessibility is the starting point, not an afterthought.
Also includes
- 3 px visible focus ring, 2 px offset
- 44 × 44 px target size on every control
- 4.5:1 text contrast on every palette
- Show / hide password toggle
- Caps Lock warning via ARIA live
- Reflows cleanly down to 320 px
- prefers-reduced-motion honored
- Forced-colors mode supported
Conforms to: WCAG 2.2 SC 1.4.3, 1.4.10, 2.4.13, 2.5.8, 3.3.8
🎨 Customisation
10 accessible palettes.
Pick a starting point or build your own — the guardrails keep you safe, not boxed in.
Also includes
- Per-color customisation via WP color picker
- Logo upload with dimensions, alt-text, link target
- 5 layout styles: centered, minimal, split, full-bg
- Background image, overlay, or CSS patterns
- Typography control (16 px minimum enforced)
- Structured layout controls (radius, padding, field height, focus width)
- Settings export / import via JSON
🔒 Security
No external calls. Ever.
No trackers, no third-party CDNs, no phone-home. What runs is what you installed.
Also includes
- Custom backend URL blocks bot scanners
- Reserved-word blocklist (no /admin, /login, etc.)
- Generic error messages — no username leaks
- WordPress nonces on every form
- Capability checks (
manage_options) - All input sanitised, all output escaped
- Clean uninstall removes every option row
Default WordPress vs Ananyoo Accessible Login
Grouped by what matters most to your users.
| Feature | Default WordPress | Ananyoo Accessible Login |
|---|---|---|
| Accessibility | ||
| WCAG 2.2 AA focus ring | thin / dotted | 3 px + 2 px offset |
| Show / hide password | tiny target | 44 × 44 target |
| Caps Lock screen-reader warning | missing | ARIA live |
| Reflows at 320 px | partial | tested |
| Forced-colors / High Contrast mode | inconsistent | explicit support |
| prefers-reduced-motion | partial | honored |
| Design & customisation | ||
| Logo upload | CSS only | admin UI |
| Custom colors | none | 10 palettes + picker |
| Settings export / import | none | JSON |
| Security | ||
| Custom backend URL | none | configurable slug |
Tested with the tools real accessibility audits use
Not “we ran AXE once.” Tested with screen readers, on real devices, by an actual auditor.
Frequently asked questions
Will it break my existing theme?
No. The plugin only customises the WordPress login, register, lost-password and reset screens (the screens at wp-login.php) — not your public theme.
What happens if I disable the plugin?
Deactivating restores the default WordPress login screen exactly as it was. Your settings are preserved so you can reactivate later. Whether deleting the plugin removes your stored settings depends on your preference — set under Advanced → “When the plugin is deleted”. The default is “Keep all data” so accidental deletions don’t wipe your customisations.
Can I really change the login URL?
Yes. On the Login URL & Security tab, set a custom slug (e.g. my-secret-door). With “Block direct access” enabled, the default /wp-login.php URL returns 404 for unauthenticated visitors, blocking the vast majority of automated brute-force scanners.
Is the show/hide password toggle a security risk?
No. It only reveals the password the user themselves typed, in their own browser, after they explicitly click the toggle. WCAG 2.2 SC 3.3.8 recommends this exact pattern for accessible authentication.
Does it work in WordPress Multisite?
Yes. Each site has its own settings, including its own uninstall preference. On a network uninstall, each site’s choice is respected independently.
How is this different from other custom-login plugins?
It is built with accessibility as the primary design goal rather than an afterthought — by an accessibility consultant. Defaults, palettes and options are chosen with WCAG 2.2 AA in mind, and the controls are bounded so common pitfalls (low contrast, hidden focus, tiny targets) are avoided by design.
Built by Shivaji Mitra
Get started in 60 seconds.
Once it’s live on WordPress.org, install it from Plugins → Add New, activate, and walk through the 1-minute setup wizard. Your login is accessible.
In review on WordPress.org — the install link goes live here once approved.
GPLv2 or later · Free forever · No registration required
WCAG 2.2 conformance shouldn’t be optional.