Support » Plugin: iThemes Security (formerly Better WP Security) » Log Out still redirecting to wp-login

Viewing 6 replies - 1 through 6 (of 6 total)
  • If the slug is set to opensesame the Log Out url should look similar to this:

    https://www.manek.org.uk/wp-login.php?itsec-hb-token=opensesame&action=logout&_wpnonce=23gfd4lm84

    To prevent any confusion, I’m not iThemes.

    Good Day!

    Same issue here. iThemes notified 4 weeks ago. To date, no updates received.

    Temporary Fix:

    (1) Install the plugin, titled “Code Snippets

    (2) Add a snippet, titled “Redirect WordPress Logout to Home Page,” with the following code:

    //* Redirect WordPress Logout to Home Page
    add_action('wp_logout','auto_redirect_after_logout');
    function auto_redirect_after_logout(){
      wp_safe_redirect( home_url() );
      exit;
    };

    Hoping iThemes will step up to the plate and address this nagging issue.

    Cheers!

    Ah right, after logging out it redirects to:

    https://www.domain.com/wp-login.php?loggedout=true

    But that won’t work if the HB cookie expired after an hour.

    • This reply was modified 1 month, 1 week ago by nlpro.

    My earlier post was based on observations in the Hide Backend module code.

    Just out of curiosity actually tested the issue today and …

    Yup, the issue reproduced instantly.

    Test performed using Firefox 70.0.1 (64-bits), iTSec 7.4.1, WordPress 5.2.4

    Additionally, please be aware that the @jetxpert “fix” is a workaround that cuts off part of the core logout code. For that reason it’s probably not advisable.

    • This reply was modified 1 month, 1 week ago by nlpro.
    jetxpert

    (@jetxpert)

    @nlpro

    Thanks for the info.

    As stated above, solution provided is a “Temporary Fix.” Working for us 100%.

    What would you recommend as a permanent fix? (e.g., snippet, plugin file change, etc.)

    It appears iThemes needs to chime in, confirm the issue, and fix it at earliest opportunity.

    Cheers!

    nlpro

    (@nlpro)

    The root caus of this issue is in the class-itsec-hide-backend.php file where the Hide Backend module hooks into the wp_redirect filter but the callback doesn’t work:

    add_filter( 'wp_redirect', array( $this, 'filter_redirect' ) );
    
    /**
     * Filter redirection URLs to login and signup pages to include the access token query arg.
     *
     * @param string $location The relative path to redirect to.
     *
     * @return string The location with conditionally added access token query arg.
     */
    public function filter_redirect( $location ) {
    	return $this->filter_generated_url( $location, $location );
    }

    There is something obvious in the callback that makes it fail.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.