As far as we know real websites don't use login.php as login page. By default you can use a .htaccess file for this.
Why should we do this![White question mark :grey_question: ❔](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2754.png)
Some crawler / humanized bots are analyzing the source code and if they find a login.php inside a <form>-tag or at the current requested page, they may assume it's phishing.
Surely, most of you may now claim: "Well, my AntiBots don't let the bots through at all". That may well be, but in general for a better performance I would make specifically the requests without file extension.
How to do this![White question mark :grey_question: ❔](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2754.png)
For example i did again a nice f4c3r100 Scampage and i have a big blocker list of IPs inside a .htaccess file, but it won't rewrite the extension as i want because i had not added the code.
Create a new file and name it : .htaccess make sure you used the .. In C-Panel it is a hidden file because it has a dot at the beginning.
Open the file and enable RewriteEngine:
Add the rewrite conditions and finally the rewrite rule :
To test this, you paste the `.htaccess`file into one of the directories where you want to test a script. An example would be:
window.location.href = 'main', in this case you need to put the script name instead of main withut .php.
Why should we do this
![White question mark :grey_question: ❔](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2754.png)
Some crawler / humanized bots are analyzing the source code and if they find a login.php inside a <form>-tag or at the current requested page, they may assume it's phishing.
Surely, most of you may now claim: "Well, my AntiBots don't let the bots through at all". That may well be, but in general for a better performance I would make specifically the requests without file extension.
How to do this
![White question mark :grey_question: ❔](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2754.png)
For example i did again a nice f4c3r100 Scampage and i have a big blocker list of IPs inside a .htaccess file, but it won't rewrite the extension as i want because i had not added the code.
![Keycap: 1 :one: 1️⃣](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/0031-20e3.png)
![Keycap: 2 :two: 2️⃣](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/0032-20e3.png)
Code:
RewriteEngine On
![Keycap: 3 :three: 3️⃣](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/0033-20e3.png)
Code:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
![Keycap: 4 :four: 4️⃣](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/0034-20e3.png)
window.location.href = 'main', in this case you need to put the script name instead of main withut .php.
Code:
header('Location: main');