Support » Plugin: iThemes Security (formerly Better WP Security) » Hide Backend feature not working

  • When I activate the hide backend feature and try to login I get a “Not Found. The requested document was not found on this server.” error page.

    I’m not sure what’s going on. It worked prior to the plugin update. If I recall correctly before the update the plugin modified the htaccess file to hide the backend. I’m not seeing any such changes to the htaccess file after the update.

    Perhaps it should be noted that my wp installation exists in a subdirectory. So right now I’m logging in via ‘’. Activating the hide backend feature and attempting to login via my chosen slug such as ‘’ produces the ‘Not Found’ error. It’s doing something though because when it’s activated it also causes wp-admin to produce that same error page.

Viewing 9 replies - 1 through 9 (of 9 total)
  • I have a similar issue, but I’m coming from a point were my login page is already hidden and accessed from a unique URL for already some time, and the upgrade to version 4.0.2, the latest, caused that when I use this specific URL I am directed to the default wp-login.php page with the following error:
    Warning: in_array() expects parameter 2 to be array, string given in /home4/<my-user-name>/public_html/<my-site-folder>/wp-content/plugins/better-wp-security/modules/free/four-oh-four/class-itsec-four-oh-four.php on line 32

    I noticed that the site’s .htaccess file was changed and it currently hold no more the redirect to the special wp-login.php URL, so it was either replaced or modified by the upgrade.

    So I worked around the issue by reverting things back:
    1. I renamed the “better-wp-security” folder (instead of delete, just in case…)
    2. I renamed the current .htaccess file at the root of the site
    3. I uploaded the latest backup of the “better-wp-security” folder to the “plugins” folder
    4. I uploaded the latest backup of the .htaccess file to the root of the site

    Now all looks back in order.

    Plugin Author iThemes


    Sorry to hear about the issues with the Hide Backend feature. Most settings from Better WP Security transferred to iThemes Security 4.0 except for Hide Backend.

    The 4.0 update will default back to the default WordPress Login URL ( After logging in from the default URL, you should be able to reset the Hide Backend setting to your original login URL slug.

    For more info:

    Dear iThemes Team,

    I am highly unhappy and unable to solve this issue. I had earlier changed the backend address to which is not able to be accessed now. I am getting some Fatal Error once I login. Secondly below the login box, I am getting my full website loaded which is a big and serious issue.

    Kindly help out as we represent one of India’s top Android Community Website. We would be very glad, thereafter.

    I’m thinking maybe it’s not necessarily the plugin, but just the way my server or wordpress install is setup. Let me share some other details that might help solve the problem.

    Hide Backend Disabled:
    The following urls work for logging in.

    When entering a url with a directory that does not exist such as I get my site’s normal missing error 404 page.

    When entering a url with a directory that does not exist that includes the subdirectory such as I get a more simple, plain “Not Found” page. The same sort of page I get with the hide backend feature enabled.

    Hide Backend Enabled:
    The chosen slug is “test”. Under it, it shows the login url as
    This url does not work and all the urls listed above that worked with the hide backend feature disabled no longer work either.

    How does the Hide Backend Feature work? Is it modifying the htaccess file or something in wp-config? I’m not seeing any evidence of it modifying any of my files.

    The normal URLS don’t work!

    I’m locked out of my own site.

    Please fix ASAP this is unacceptable!

    same issue here; have the login page, but continually get locked out of my own site. POS product. what is the fix?

    my masked login page is the only login page I can get to but i get immediately locked out.

    Here’s what I came across on my site that may be of help. The new iThemes Security isn’t compatible with WordPress HTTPS and/or Captcha plugins. After reseting iThemes Security, I deactivated the other two and Hide Backend feature works fine now. This also solved some other minor problems I was having.

    Correction to the above comment: It’s not that they’re not compatible. WordPress HTTPS caused a redirect loop to occur in the admin panel because Force SSL Exclusively was checked in its settings. After unchecking it, everything worked fine again, including the Hide Backend feature in iThemes. Captcha is no longer affected either.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Hide Backend feature not working’ is closed to new replies.