Customer cant logout – security issue

Viewing 4 replies - 1 through 4 (of 4 total)
  • dougaitken

    (@dougaitken)

    Automattic Happiness Engineer

    8 years, 5 months ago

    Hi there @bydlo,

    This is most likely something to do with your htaccess file.

    If you head to WooCommerce > Settings > Accounts, you can specify the account endpoints. When a customer logs out they should be presented with customer-logout and not your main wp-login page.

    Please see this support document for more details.

    If I can help further, please reply here, but if this has helped, be sure to mark this thread as Resolved.

    Thanks,

    Erina (a11n)

    (@eri32s98)

    8 years, 5 months ago

    We haven’t heard back from you in a while, so I’m going to mark this as resolved. If you have any further questions, you can start a new thread.

    kevwal

    (@kevwal)

    7 years, 11 months ago

    I too have this issue.

    I have access control on my wp-login.php

    <FilesMatch “wp-login.php”>
    AuthType Basic
    AuthName “Protected Area”
    AuthUserFile /xxx/htpasswd
    Require valid-user
    </FilesMatch>

    And when I click logout I get a htaccess authentication request, which when I click cancel (because as a normal user I wouldn’t have the credentials for) I get and Unauthorised error from:

    https://xxx/wp-login.php?action=logout&redirect_to=https%3A%2F%2Fxxx%2Fmy-account%2F&_wpnonce=ed67dae6f5

    Whilst the logout link initially calls:

    https://xxx/my-account/customer-logout/?_wpnonce=4d15a32448

    It obviously has a redirect somewhere to the wp-login page.

    Any help appreciated.

    Thanks very much
    Kevin

    kevwal

    (@kevwal)

    7 years, 11 months ago

    Trying to answer my own question, I think I need the htaccess rule to Allow requests to wp-login.php?action=logout without requiring authentication, Not sure how to do that though.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Customer cant logout – security issue’ is closed to new replies.