Support » Plugin: iThemes Security (formerly Better WP Security) » Log Out still redirecting to wp-login

Viewing 6 replies - 1 through 6 (of 6 total)
  • If the slug is set to opensesame the Log Out url should look similar to this:

    To prevent any confusion, I’m not iThemes.

    Good Day!

    Same issue here. iThemes notified 4 weeks ago. To date, no updates received.

    Temporary Fix:

    (1) Install the plugin, titled “Code Snippets

    (2) Add a snippet, titled “Redirect WordPress Logout to Home Page,” with the following code:

    //* Redirect WordPress Logout to Home Page
    function auto_redirect_after_logout(){
      wp_safe_redirect( home_url() );

    Hoping iThemes will step up to the plate and address this nagging issue.


    Ah right, after logging out it redirects to:

    But that won’t work if the HB cookie expired after an hour.

    • This reply was modified 9 months, 1 week ago by nlpro.

    My earlier post was based on observations in the Hide Backend module code.

    Just out of curiosity actually tested the issue today and …

    Yup, the issue reproduced instantly.

    Test performed using Firefox 70.0.1 (64-bits), iTSec 7.4.1, WordPress 5.2.4

    Additionally, please be aware that the @jetxpert “fix” is a workaround that cuts off part of the core logout code. For that reason it’s probably not advisable.

    • This reply was modified 9 months, 1 week ago by nlpro.


    Thanks for the info.

    As stated above, solution provided is a “Temporary Fix.” Working for us 100%.

    What would you recommend as a permanent fix? (e.g., snippet, plugin file change, etc.)

    It appears iThemes needs to chime in, confirm the issue, and fix it at earliest opportunity.




    The root caus of this issue is in the class-itsec-hide-backend.php file where the Hide Backend module hooks into the wp_redirect filter but the callback doesn’t work:

    add_filter( 'wp_redirect', array( $this, 'filter_redirect' ) );
     * Filter redirection URLs to login and signup pages to include the access token query arg.
     * @param string $location The relative path to redirect to.
     * @return string The location with conditionally added access token query arg.
    public function filter_redirect( $location ) {
    	return $this->filter_generated_url( $location, $location );

    There is something obvious in the callback that makes it fail.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Log Out still redirecting to wp-login’ is closed to new replies.