diff --git a/app/finders/passwords/wp_login.rb b/app/finders/passwords/wp_login.rb
index ac6e7409..6f8c274d 100644
--- a/app/finders/passwords/wp_login.rb
+++ b/app/finders/passwords/wp_login.rb
@@ -10,7 +10,8 @@ module WPScan
         end
 
         def valid_credentials?(response)
-          response.code == 302
+          response.code == 302 &&
+            response.headers['Set-Cookie']&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
         end
 
         def errored_response?(response)
diff --git a/lib/wpscan/target/platform/wordpress.rb b/lib/wpscan/target/platform/wordpress.rb
index 92b3aaf6..134fe941 100644
--- a/lib/wpscan/target/platform/wordpress.rb
+++ b/lib/wpscan/target/platform/wordpress.rb
@@ -84,7 +84,7 @@ module WPScan
 
           res = Browser.get_and_follow_location(@login_url)
 
-          @login_url = res.effective_url if in_scope?(res.effective_url)
+          @login_url = res.effective_url if res.effective_url =~ /wp\-login\.php\z/i && in_scope?(res.effective_url)
 
           @login_url
         end
diff --git a/spec/shared_examples/target/platform/wordpress.rb b/spec/shared_examples/target/platform/wordpress.rb
index 1d11d0f8..ad867060 100644
--- a/spec/shared_examples/target/platform/wordpress.rb
+++ b/spec/shared_examples/target/platform/wordpress.rb
@@ -98,9 +98,17 @@ shared_examples WPScan::Target::Platform::WordPress do
       end
 
       context 'to an in scope URL' do
-        let(:effective_url) { target.url('wp-login.php').gsub('http', 'https') }
+        context 'when https version of the wp-login' do
+          let(:effective_url) { target.url('wp-login.php').gsub('http', 'https') }
 
-        its(:login_url) { should eql effective_url }
+          its(:login_url) { should eql effective_url }
+        end
+
+        context 'when something else' do
+          let(:effective_url) { target.url('something').gsub('http', 'https') }
+
+          its(:login_url) { should eql target.url('wp-login.php') }
+        end
       end
 
       context 'to an out of scope URL' do