Customers cannot logout when /wp-admin/ is protected

  • Resolved gordonlangley

    (@gordonlangley)


    3 years, 7 months ago

    Website URL: https://www.blackbough.co.uk

    Hello!! We want restricted access to the backend ‘Admin’ of wordpress and we are doing this by adding IP exceptions to a ‘deny all’ rule in the .htaccess file. This is working as expected for our site admins and we have white listed their IP’s to allow access to the backend Admin of WordPress.

    The problem we have is for our Woocommerce customers that have customer accounts, they can login but they cannot logout as their IP address is being denied and they get a 403 message and cannot logout

    – The question was – is there a way can we make an exception so that our customers can logout in the .htaccess file?

    —- I asked this question to our host ROCHEN and they found a fix but suggested we should reach out to you – please see below. Also this fix doesn’t appear to work on a mobile device.

    Many thanks Gordon on behalf of Alex

    Hi Gordon,

    Thanks for your patience here. If you amend the logout link to use “/wp-login.php?action=logout” this should work and avoid the restrictions in your /wp-admin folder.

    There’s a guide here which you may find useful:

    https://www.collectiveray.com/login-logout-links-woocommerce-menu

    Alternatively as this would be a beneficial feature for other WooCommerce users too, so you might reach out to the WooCommerce developers and see if they can include an option for an alternate logout link in a future release.

    —-
    Jeremy R.
    Rochen Limited

    • This topic was modified 3 years, 7 months ago by gordonlangley.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support mouli a11n

    (@mouli)

    3 years, 7 months ago

    Hi there,
    Can you please show us the logout URL you are having issues with?
    It would be great to see the rule you have added to your .htaccess as well so we can see if it can be revised to allow logout.

    We look forward to hearing back from you.

    Thread Starter gordonlangley

    (@gordonlangley)

    3 years, 7 months ago

    Hey Mouli – So the .htaccess rule looked like this and was in the root of the site.

    <FilesMatch ‘wp-login.php’>
    ErrorDocument 403 /403.html
    order deny,allow
    deny from all
    # whitelist IP address
    allow from xx.xxx.xxx.xxx
    allow from xx.xxx.xx.xxx
    </FilesMatch>

    I’ve removed this code from our .htaccess file.

    I haven’t changed or touched the logout link which I think is generated by WooCommerce, something like this:

    https://www.blackbough.co.uk/my-account/customer-logout/?_wpnonce=c5a30c2156

    Thanks for taking a look Mouli

    • This reply was modified 3 years, 7 months ago by gordonlangley.
    Plugin Support mouli a11n

    (@mouli)

    3 years, 7 months ago

    Hi there,
    It looks like the wp-login.php file is used during logout which is why you are seeing this issue.
    I suggest that you try blocking access to the wp-admin directory rather than that specific file. You can achieve this by adding an .htaccess file to the wp-admin directory with the following:

    Order Deny,Allow
    Deny from all
    Allow from xxx.xxx.xxx.xxx

    I hope that helps you to figure it out.
    Feel free to get back to us if you have further questions.

    Thread Starter gordonlangley

    (@gordonlangley)

    3 years, 7 months ago

    Hello Mouli

    Yes, wp-login.php is being used during logout, this is what I wanted to try and avoid so that I could IP lock wp-login.php. WooCommerce does not need wp-login.php for customers to login – so why is it used for them to logout.

    Yes, in addition we already have blocked access to the /wp-admin/ folder.

    What we are looking for is a solution that will allow WooCommerce customers to LogOut without having to access wp-login.php – many thanks, Gordon

    Plugin Support John Coy a11n

    (@johndcoy)

    Automattic Happiness Engineer

    3 years, 6 months ago

    Hi @gordonlangley

    I found this article that may help:

    https://stackoverflow.com/questions/26980125/how-to-logout-from-wordpress-without-using-wp-login-php

    Apart from that, you might want to check out our advanced WooCommerce Community in Slack:

    https://woocommerce.com/community-slack/

    or the Advanced WooCommerce Facebook Group:

    https://www.facebook.com/groups/advanced.woocommerce/

    There are many developers gathered in those communities that may be able to provide help with customizations.

    Plugin Support Ena P (a11n)

    (@drwpcom)

    3 years, 6 months ago

    Hi @gordonlangley. We haven’t heard from you in a while so I’m going to go ahead and mark this thread as resolved. If you still need help with this issue or have any other questions about the WooCommerce plugin, please start a new thread.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Customers cannot logout when /wp-admin/ is protected’ is closed to new replies.