Title: Automatic session ends when hiding backend on localhost Last modified: August 30, 2016 --- # Automatic session ends when hiding backend on localhost * [pyramusnl](https://wordpress.org/support/users/pyramusnl/) * (@pyramusnl) * [10 years, 10 months ago](https://wordpress.org/support/topic/automatic-session-ends-when-hiding-backend-on-localhost/) * Hi there, since version 4.7 (or 4.8) I’m having issues with the “Hide Backend” option in my local development environment: I keep getting logged out from the WordPress Admin interface. * This happens whenever I open 2 or more windows with the site (at least 1 for the admin backend, and at least 1 for the front end). Furthermore, the issue only occurs on the localhost and not in any of my online environments (staging or live) – although I’m using the exact same global htaccess for all of them. * The weirdest thing is: once I disable the setting in iThemes, this issue is gone– even when I put the rule back in htaccess myself manually. However, as soon as I turn this back on the problem is back. Any ideas what this could be? Could this be a bug? To confirm: this problem didn’t happen ever before I updated to version 4.7 * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/) Viewing 5 replies - 1 through 5 (of 5 total) * [dwinden](https://wordpress.org/support/users/dwinden/) * (@dwinden) * [10 years, 10 months ago](https://wordpress.org/support/topic/automatic-session-ends-when-hiding-backend-on-localhost/#post-6451311) * There are a couple of known Windows\localhost specific bugs. * Is there any error on screen or in the web server error_log ? (Make sure to set WP_DEBUG to true in the wp-config.php file). * Are you perhaps using the Away Mode feature on localhost ? (Doesn’t make any sense but who knows …) * Have you tested this in the latest release 4.9.0 ? * The Hide Backend feature adds a rewrite rule to the .htaccess file but it also activates iTSec plugin Hide Backend specific php code. The functions executed are in the class-itsec-hide-backend.php file. * Please note that there have been no code changes whatsoever in the Hide Backend code for the 4.8 or 4.9.0 release … 4.6.13 Hide Backend code is identical to 4.8 and 4.9.0 Hide Backend code. * dwinden * Thread Starter [pyramusnl](https://wordpress.org/support/users/pyramusnl/) * (@pyramusnl) * [10 years, 10 months ago](https://wordpress.org/support/topic/automatic-session-ends-when-hiding-backend-on-localhost/#post-6451546) * Hi there dwinden, * Thanks for your extensive reply. Let me answer your points specifically: - I’m not on Windows – running MAMP on OSX. Are there any known errors on Mac? - I do get the following error in apache_error_log, but this only happens just after the actual issue of being logged out: `[Mon Aug 24 10:36:09 2015] [ error] [client ::1] script '/Applications/MAMP/htdocs/index.php' not found or unable to stat, referer: http://localhost:8888/wp_sy/MY_SECRET_ADMIN_URL? interim-login=1` - there are no other errors in either apache/php_error_logs - Yes, I got WP-DEBUG on - I’m not using Away Mode at all - I’m actually already testing/running 4.9.0, but I remember not having the issue until previous version 4.7 or 4.8 - I will look at the file class-itsec-hide-backend.php later, hopefully I can check some stuff, thanks for that - Hide Backend code 4.6.13: thanks for checking this, superweird. I will try to roll back to this version and 4.7 and double-check if the issue is indeed gone. * One more thing: I also unchecked literally EVERY other option in iThemes Security, but this issue only occurs when I have Hide Backend on. And it’s suboptions don’t make any difference either. * best, * Thread Starter [pyramusnl](https://wordpress.org/support/users/pyramusnl/) * (@pyramusnl) * [10 years, 10 months ago](https://wordpress.org/support/topic/automatic-session-ends-when-hiding-backend-on-localhost/#post-6451552) * Hey again, * After extensively testing both 4.6.13 and 4.7, I can confirm the issue is indeed also occuring in these version – so my initial thought that this was related to a plugin update is not correct. Apologies. * Looking back in my own logs I do notice there have been 2 minor wordpress updates in that same timeframe as well. I’m still on 4.2.4, do you think this could be the culprit? * Please let me know if you have any ideas: it’s so weird this only happens locally! I even pulled back the version from my live server, w/o any result. * best, * [dwinden](https://wordpress.org/support/users/dwinden/) * (@dwinden) * [10 years, 10 months ago](https://wordpress.org/support/topic/automatic-session-ends-when-hiding-backend-on-localhost/#post-6451554) * The problem with any WordPress env is that often multiple components change. So that makes it difficult to identify\pinpoint the cause of an issue. * I’ve been looking around just out of curiosity … * It seems there is a regular check being performed which determins whether your session has expired and if so an inline login form which is javascript based will be displayed. * It is possible to switch the check off in your active theme functions.php file: * remove_action( ‘admin_enqueue_scripts’, ‘wp_auth_check_load’ ); * Not sure whether this affects both frontend and backend. Anyway from this point on follow the breadcrumbs and you may be able to pinpoint the exact cause. * Definately interested in anything you come up with … * dwinden * Thread Starter [pyramusnl](https://wordpress.org/support/users/pyramusnl/) * (@pyramusnl) * [10 years, 10 months ago](https://wordpress.org/support/topic/automatic-session-ends-when-hiding-backend-on-localhost/#post-6451560) * Hey dwinden, thanks again for your response. You’re totally right, it’s very hard to pinpoint the cause of this issue. * I tried your code but unfortunately this does not change anything on the issue: I get the login screen every time I try to do something new, so this always involve a click in the WordPress admin interface. (I guess you understood my initial message as if it was also happening WHILE doing something – it does not). However, this doesn’t make much of a difference, because the moment I click a button or menu option, it’s already too late: in the background the session expired or something alike, so an action like pressing “Preview” or “Publish” never makes it through. * For now I give up and will just disable this whole setting for my site and protect the area with htaccess. It’s becoming more effort to try and find the cause than the trouble it actually solves. Obviously, I will keep testing it whenever I install a new release of WordPress or the plugin and report back here when anything changes. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Automatic session ends when hiding backend on localhost’ is closed to new replies. * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351) * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/) * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/) ## Tags * [admin](https://wordpress.org/support/topic-tag/admin/) * [Backend](https://wordpress.org/support/topic-tag/backend/) * [session](https://wordpress.org/support/topic-tag/session/) * 5 replies * 2 participants * Last reply from: [pyramusnl](https://wordpress.org/support/users/pyramusnl/) * Last activity: [10 years, 10 months ago](https://wordpress.org/support/topic/automatic-session-ends-when-hiding-backend-on-localhost/#post-6451560) * Status: not resolved