Critical Error with Hide Backend Slug
-
Hello,
There is an error accessing as a webmaster with your iThemes Security plugin. We have the option to hide desktop but can access the web indicating the following link type: ‘(…) / wp-login.php? Itsec-hb-token = xxx’, where xxx is any word other than the one indicated As slug.
Thank you.
-
Ok, so this is probably what you are doing (Guessing because your problem description is not very clear):
Let’s assume the Hide Backend slug is set to: letmein
1. Access http://www.example.com/letmein
Result: Redirect to http://www.example.com/wp-login.php?itsec-hb-token=letmein
Dashboard login screen displays ok.2. Access http://www.example.com/wp-login.php?itsec-hb-token=trumpisanidiot
Result: No redirect.
Dashboard login screen displays ok.Step 2 works because at step 1 a itsec-hb-login-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx cookie was created in your browser which allows the regular (wp-login.php but also wp-admin url) to function for an hour. Only AFTER the cookie expires (> 1 hour), ANY wp-login.php url will no longer work (from the same browser).
So after cookie expiration you have to use http://www.example.com/letmein (or http://www.example.com/wp-login.php?itsec-hb-token=letmein) again.
Hello,
First of all thanks for the quick response.
You’ve relieved me a lot with the answer, and so it is. I tested the address on another internet browser and it worked perfectly.
All the fear came when I saw in the log table several incorrect logon attempts.
I’ll follow up.
Again, thank you very much.
Good weekend, my friend.
So… I have the same problem… and my native languaje is Spanish… let see if I got it…
iThemes Security still hides backend…!!!???
I am just having headaches because a cookie…!!!???If I migrate from iTS 6.2.1 to iTS 6.4.0, then I will have a an error to access to my dashboard for 1 hour because there is a cookie with 1 hour expiration affecting the new redirection path..???
Regards Leon..!!
I’m getting the following error:
Forbidden
You don’t have permission to access /wp-login.php on this server.
What do I do now?
Temporarily deactivate the iTSec plugin.
If the issue persists it’s not an iTSec plugin issue.
It’s deffinately a problem with the plugin. I’m designing the login page at the moment using Ultimate Branding by WPMUDEV and after a while I get the forbidden error and I’m locked out. I removed everything to do with iTsec in the htaccess file and I could get access again.
Not sure what to do….
- This reply was modified 6 years, 8 months ago by Mark.
I’m guessing the constant reloading of the login page was casuing this error to happen. I’ll see if it appears when using the site normally….
- This reply was modified 6 years, 8 months ago by Mark.
(Missed your last post so this is just a reminder that my message below is a response to your earlier post).
Ok, I see.
Temporarily deactivating the iTSec plugin automatically clears any plugin rules added to the .htaccess file … No need to remove those lines manually 😉Hmm, looks like your IP is getting banned in the .htaccess file.
(Which means you cannot access any file … not just the wp-login.php file.)Which is weird, because your IP is automatically whitelisted (temporarily for 24 hours) by the plugin when logging in as a user with the Administrator role. Or have you not at least logged in once as a user with the Administrator role assigned ?
Please provide the following info which will give me some context:
WordPress 4.8.1 ?
iTSec plugin 6.4.0 ?
Apache version ?
PHP version ?
Local dev env ?
Linux/Windows ?
Multi Site env ?If it is indeed the plugin banning your IP you could permanently whitelist your IP in the plugin Global Settings module while you are still developing the login page.
- This reply was modified 6 years, 8 months ago by pronl. Reason: Added a short clarification of my post
- The topic ‘Critical Error with Hide Backend Slug’ is closed to new replies.