Customer cant logout | WordPress.org

kevwal
(@kevwal)

5 years, 10 months ago

WordPress 4.9.6 with Woocomerce 3.40 on Apache 2.4.6 with PHP 7.2.5 and Storefront Theme 2.3.1

Hi

I have secured my install with a htaccess style config as recommended in many places (although the lines below sit in my main Apache config files as I don’t allow .htaccess files):

<FilesMatch “wp-login.php”>
AuthType Basic
AuthName “Protected Area”
AuthUserFile /xxx/xxx/htpasswd
Require valid-user
</FilesMatch>

However, this breaks the (customer) user logout mechanism as this uses the wp-login.php file which non admin users now cannot access.

There should be a way around this using something like QUERY_STRING “.*action=logout.*” or LocationMatch directives, but I cannot get them to work.

All help and advise appreciated.

Thanks very much
Kevin

Viewing 1 replies (of 1 total)

Thread Starter kevwal
(@kevwal)

5 years, 10 months ago

So this method is actually recommended by WordPress in the Codex manual:

https://codex.wordpress.org/BruteForceAttacks#Password_Protect_wp-login.php

Thanks
Kevin

Viewing 1 replies (of 1 total)

The topic ‘Customer cant logout’ is closed to new replies.

Tags

In: Fixing WordPress
1 reply
1 participant
Last reply from: kevwal
Last activity: 5 years, 10 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics