@soportee
Ok, so this is probably what you are doing (Guessing because your problem description is not very clear):
Let’s assume the Hide Backend slug is set to: letmein
1. Access http://www.example.com/letmein
Result: Redirect to http://www.example.com/wp-login.php?itsec-hb-token=letmein
Dashboard login screen displays ok.
2. Access http://www.example.com/wp-login.php?itsec-hb-token=trumpisanidiot
Result: No redirect.
Dashboard login screen displays ok.
Step 2 works because at step 1 a itsec-hb-login-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx cookie was created in your browser which allows the regular (wp-login.php but also wp-admin url) to function for an hour. Only AFTER the cookie expires (> 1 hour), ANY wp-login.php url will no longer work (from the same browser).
So after cookie expiration you have to use http://www.example.com/letmein (or http://www.example.com/wp-login.php?itsec-hb-token=letmein) again.
Hello,
First of all thanks for the quick response.
You’ve relieved me a lot with the answer, and so it is. I tested the address on another internet browser and it worked perfectly.
All the fear came when I saw in the log table several incorrect logon attempts.
I’ll follow up.
Again, thank you very much.
Good weekend, my friend.
So… I have the same problem… and my native languaje is Spanish… let see if I got it…
iThemes Security still hides backend…!!!???
I am just having headaches because a cookie…!!!???
If I migrate from iTS 6.2.1 to iTS 6.4.0, then I will have a an error to access to my dashboard for 1 hour because there is a cookie with 1 hour expiration affecting the new redirection path..???
Regards Leon..!!
Mark
(@markclifford)
I’m getting the following error:
Forbidden
You don’t have permission to access /wp-login.php on this server.
What do I do now?
@markclifford
Temporarily deactivate the iTSec plugin.
If the issue persists it’s not an iTSec plugin issue.
Mark
(@markclifford)
It’s deffinately a problem with the plugin. I’m designing the login page at the moment using Ultimate Branding by WPMUDEV and after a while I get the forbidden error and I’m locked out. I removed everything to do with iTsec in the htaccess file and I could get access again.
Not sure what to do….
-
This reply was modified 6 years, 8 months ago by
Mark.
Mark
(@markclifford)
I’m guessing the constant reloading of the login page was casuing this error to happen. I’ll see if it appears when using the site normally….
-
This reply was modified 6 years, 8 months ago by Mark.
@markclifford
(Missed your last post so this is just a reminder that my message below is a response to your earlier post).
Ok, I see.
Temporarily deactivating the iTSec plugin automatically clears any plugin rules added to the .htaccess file … No need to remove those lines manually 😉
Hmm, looks like your IP is getting banned in the .htaccess file.
(Which means you cannot access any file … not just the wp-login.php file.)
Which is weird, because your IP is automatically whitelisted (temporarily for 24 hours) by the plugin when logging in as a user with the Administrator role. Or have you not at least logged in once as a user with the Administrator role assigned ?
Please provide the following info which will give me some context:
WordPress 4.8.1 ?
iTSec plugin 6.4.0 ?
Apache version ?
PHP version ?
Local dev env ?
Linux/Windows ?
Multi Site env ?
If it is indeed the plugin banning your IP you could permanently whitelist your IP in the plugin Global Settings module while you are still developing the login page.
-
This reply was modified 6 years, 8 months ago by
pronl. Reason: Added a short clarification of my post
