@rdekruijf
WordPress does not include a reCaptcha feature.
So this is probably a plugin conflict with a plugin that offers reCaptcha functionality.
So which reCaptcha plugin exactly are you using ?
dwinden
Hellu Dwinden,
Thanks for your reply. Not sure if it’s called ReCaptcha in WordPress, but occasionaly it gives an extra security code before you’re able to reach the login screen. After entering this I’ll get a 404 error.
But it gives a 404 error too when I enter the login url for the first time. It then goes to an URL that reads /wp-login.php.
Maybe it’s handy to send you some screenshots?
Kind regards,
Roy
@rdekruijf
Screenshots are always welcome.
At what hosting provider is the site hosted? Wondering whether this is a WordPress specialized hosting company. I’m Dutch so I will be able to find out.
Did you install/configure the WordPress env yourself or did the hosting provider do it for you ?
Also provide a list of plugins installed. I may be able to determin which plugin includes the reCaptcha functionality.
Anyway if the reCaptcha functionality tries to redirect to the wp-login.php script while the iTSec plugin Hide Backend feature is enabled then a 404 is the expected result.
Enabling the iTSec plugin Hide Backend feature also blocks direct access to the wp-login.php script …
(What’s the point of hiding the wp-admin slug when the wp-login.php script can still be accessed directly ?)
If you provide the site URL I can even have a look at this myself.
dwinden
Good morning Dwinden,
We’re hosting all of our websites at http://www.your-webhost.nl. WordPress is installed with the help of their installer (Softcalicious).
List op plugins:
Admin Menu Editor Pro
Envato WordPress Toolkit
Facebook Page Plugin
Formidable
iThemes Security
LayerSlider WP
Redirection
WP Fastest Cache
WPBakery Visual Composer
Yoast SEO
The URL is http://www.dekamil.nl/toegang
You can also contact me via rdekruijf@prsocial.nl
Thanks!
Roy
Goodafternoon rdekruijf π
Ok, I now fully understand what is happening.
On second thought I don’t think the captcha is an active plugin in the WordPress env.
It looks like this is either part of the Softaculous install or an extra feature for WordPress sites which is included in the hosting providers package/service (which basically boils down to same thing).
You can probably find out exactly what it is by clicking on the link underneath the captcha form:
Informatie over deze beveiliging
Perhaps logging into the account management system also allows you to disable/enable or tweak the captcha feature.
In any case entering the captcha correctly once initially returns a 404. But a subsequent second attempt to access the same secret login url will provide immediate access to the WordPress Dashboard login screen (the captcha form is skipped).
So I’m pretty sure the action behind the captcha form tries to redirect to the wp-login.php script. Since the iTSec plugin Hide Backend feature also blocks (actually responds with a 404 to) wp-login.php requests a 404 is returned upon a correct captcha submit.
Basically the captcha form is unaware of the iTSec plugin Hide Backend feature responding to wp-login.php requests with a 404.
If you could somehow tweak the captcha form to redirect to the secret login slug as set by the iTSec plugin Hide Backend feature the problem would be solved.
Another option would be to disable the captcha form.
dwinden
Good morning Dwinden,
I understand what your saying. Yet when I try to access the customized URL link, even without the ReCaptcha, it gives a 404 error.
You could try it for yourself via http://www.dekamil.nl/toegang
Kind regards,
Roy
Good morning rdekruijf,
I already tried yesterday, and I just tried it again and it works fine.
It seems that there is a cookie (myauthcookie) stored in the browser when the correct captcha is submitted. As long as that cookie does not expire the secret url will give immediate access to the admin login screen.
When I manually delete the cookie from my browser, accessing the secret url takes me to the captcha screen again.
I’m testing from the Mozilla Firefox 45.0.1 browser.
Please make sure your browser is able to create/save cookies.
dwinden
Good afternoon Dwinden,
My browser is able to store cookies, yet I still can’t acces the admin screen in one go.
I’ve got screenshots if they’re any help?
Kind regards,
Roy
Good evening rdekruijf,
Screenshots are always welcome.
Have you tried from a different device ?
What client env are you on (OS, browser) ?
Interesting case …
dwinden
