Also no longer works with multisite and domain mapping. The previous way of hiding the backend using the unique ID in the URL should be restored, even if its not the default way.
I’m also seeing the issue with multisite/domain mapping in version 4.0.21. Hide backend works fine for my main network login url, but the admin urls for all of the sites in that network 404 on me.
I finally had to disable the hide backend and temporarily set up a redirect from my custom admin url to the WP default so I don’t get inundated with angry emails from users on my network saying they can’t access their admin panel.
I hope this gets fixed soon.
Yep i am on 3.6.6 happily until this is fixed I cannot update. Anyone know if the latest 4.0.23 sorts it?
Still no joy with 4.0.23.
I tested 4.0.23 and was successful. BUT here is what I had to do.
As always…backup before changes and proceed at your own risk.
– ftp to site
– deleted wp-better-security folder (completely instead of renaming)
– deleted ithemes security folder from /uploads
– edited .htacess file to default settings. I removed everything between and including #BEGIN ithemes and #END ithemes
– Logged into PHPMyAdmin and deleted tables with itsec
– While in PHPMyAdmin I loaded options table, sorted A-Z and deleted entries with itsec
Full instructions are here.
http://wordpress.org/support/topic/how-to-reset-ithemes-security-plugin-to-fix-issues?replies=76
Now here is what threw me for the longest time. The HIDE LOGIN option of Ithemes was causing errors from ver 4.0.2 onwards. Everything else worked. I got around this by using a custom admin login plugin. Problem was that deleting it didn’t actually remove the custom login URL from the database. I had to hunt for that and delete that entry from the database through PHPMyAdmin.
So if you are using a custom admin login plugin then make sure it’s completely removed …just not deleted from the plugins.
Once I had done that I tested on my localhost enabling 1 option at a time. Logging out. clearing browser cache and history and logging back in. Checking and re-checking. Yes it took a long time.
Happy to report that on localhost and on my webhost ver 4.0.23 appears to be functioning. The Hide Backend option is working for me. I pretty well enabled everything but SSL group and the RPC setting.
Thread Starter
BigYin
(@bigyin)
Well, followed all North2DOug’s instructions. Installed 4.0.23 tried Hide backend (basically other than one step secure and allow to write nothing else set except whatever defaults there are) – and it is STILL BROKEN!! WTF!!! This is utter BS. I guess the NEW answer to securing wordpress is to NOT allow a plugin to secure it properly. This plugin has turned into a piece of crap – it has wasted SO much of my time it’s not funny – I manage about 3 dozen wordpress sites! Time to trash it and use something else. What a shame!!! Time to rename it to Worst-wp-security!
Yeah those instructions are no use for this problem.
Domain mapping is very widely used and the change in the hide back end method has completely broke it.
I empathize. The words I hate to hear most “It worked for me”
I just reset a site on a subdomain using my steps above. One further step was that I made sure the .htaccess file was 100% default using the code in following link.
https://codex.wordpress.org/htaccess
I did search PHPMyAdmin for the custom login URL that I used via another plugin but in this site it appeared that the rewrite rule was still left in the .htaccess file. Sometimes deactivating a plugin and deleting doesn’t really delete it all.
Results on a site on a subdomain
The hide backend on the site on a subdomain appears to be functioning normally.
Couple of things of note:
– if you change the HIDE BACKEND slug I did not use a trailing slash. I thought I did and when I typed the login URL with the trailing slash….dumb mistake…I thought things were still broken but just mistyped. The ID-Ten-T error.
– if a site still gave me problems I did the above steps again. Perhaps I missed something….perhaps it had to be “convinced”. The second time around worked.
Ever since 4.0.2 the hide backend feature did not work. Errors, blank login page, 403 and 404 errors on logging out if the plugin, but not hide backend, was active.
4.0.23 with the steps mentioned in both my posts appears to have worked…for me. YMMV.
I hope this helps.
WP 3.8.3
iThemes 4.0.23
Shared webhost – successful on two different shared webhosts.
Sub domains are not the issue, its mapped domains (primary domains for sub sites)
ie
mysite.com
myothersite.com not other.mysite.com
Hey All,
Would anyone be interested in testing a BETA version for the domain mapping issue and sharing your findings? If so, please test on a dev site.
BETA iThemes Security
Please let me know your findings!
Thanks,
Gerroald
Hey All,
We’ve made an update to address this. Could you please update to v4.0.25 and see if that helps?
Please let me know!
Thanks,
Gerroald
I’m running WordPress 3.9 and iThemes Security 4.0.25.
I’ve uninstalled the plugin completely then reinstalled. I’ve also checked there’s no lingering settings in the SQL database and .htaccess files. I am a previous user of Better Security, and the “Hide Login Area” worked great.
Unfortunately the “Hide Login Area” function is still not working for me, even with “Enable Theme Compatibility” activated.
With the plugin activated, entering the correct username and password doesn’t actually log in, it just reloads the login page.
If I’m already logged in then activate Hide Login Area, I’m not able to log out of WordPress Admin’s Area.
Any ideas?
Chris,
This isn’t a behavior we’ve seen elsewhere. Can you please submit a bug report so that we can get some further info from you. From the symptoms described this sounds unrelated to the issues above.
I also facing the problem not at admin area but site homepage when the hide backend is enable.
