Support » Fixing WordPress » Login 404 After Upgrade to WordPress 3.5.2

Viewing 15 replies - 16 through 30 (of 35 total)
  • @meshmarketer – Thanks for the thoughts. I checked the folder/file permissions. That didn’t help me though. Not much you can do about a security roll-out. There’re going to happen when they happen.

    @krishna – Thank you for all of your help today on this too! I replaced all of the site files (including wp-login.php) with WordPress 3.5.1, except the “/wp-content/” and the “wp-config.php”. I also verified that the database was rolled back to “22441”.

    I’ve also flushed my cache and cookies, tried using incognito, and another browser.

    Please contact your host. They may be running something to limit log in attempts.

    I did contact my host and they said they they are not running something to limit log in attempts. This is on a dedicated server.

    I also just tried redownloading 3.5.2 and replacing all of the files except wp-content/ and “wp-config.php”. I then checked the “wp-admin/upgrade.php” file and it says “Your WordPress database is already up-to-date!”

    I verified this in the db. It is “22442”.

    Sorry missed that above.

    @troy. I appreciate the sentiment that “They’re going to happen when they happen.” but it’s only when enough people start requesting it that it can change. It’s like the NSA spying on everyone. It will change when enough people say they want something else.

    Chrome and FF show javascript errors. I haven’t delved into yet.

    I disabled all of the plugins and switched back to twentytwelve. The site is WordPress 3.5.2 and the wp-login.php file is set to permission “775”.

    This is what my .htaccess file says:

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    RewriteRule . index.php [L]


    Forum Moderator

    @meshmarketer – please don’t hijack someone else’s thread – you have your own thread already on this request –

    Save your htaccess file. Then replace it with this.

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress

    Saved, updated, uploaded, tested…no change. 🙁




    Tried this? Adding to the wp-config.php file
    define( 'CONCATENATE_SCRIPTS', false );

    I tried adding your code to the wp-config.php file and uploading to the server. Unfortunately, that didn’t resolve the issue either.

    I’ve removed that from the file and reuploaded the config file.

    Because I’m hosting several live sites from this one installation, I’m turning the plugins and custom theme files back on.

    Again, when I try to login to any of my websites ( or or I get a 404 error. If I try to access the /wp-login.php file (permissions 755) I get a redirect loop error.

    I believe there is an issue with the WordPress 3.5.2 wp-login.php file that is causing a redirect loop and preventing users from logging into any of my WordPress Multisite sites.

    The code that’s changed in the wp-login.php file is this. Here is version 3.5.1:

    case 'postpass' :
    	require_once ABSPATH . 'wp-includes/class-phpass.php';
    	$hasher = new PasswordHash( 8, true );
    	// 10 days
    	setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
    	wp_safe_redirect( wp_get_referer() );

    And here is 3.5.2:

    case 'postpass' :
    	if ( empty( $wp_hasher ) ) {
    		require_once( ABSPATH . 'wp-includes/class-phpass.php' );
    		// By default, use the portable hash from phpass
    		$wp_hasher = new PasswordHash(8, true);
    	// 10 days
    	setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
    	wp_safe_redirect( wp_get_referer() );

    I’ve tested in multiple browsers, clearing cache and cookies, checked permissions, turned on the twentytweleve theme, turned off all plugins, check the .htaccess log code, tested the upgrade.php file, downgraded and upgraded WordPress files except wp-config.php and /wp-content/.

    (Update: I also just lowered the db_version to 22441, loaded the upgrade.php file, this time it asked to update the db, I ran the update, verified that the db_version was back to 22442 and tested the wp-admin and wp-login.php — both failed.)

    Hi Troy!

    I had this exact same thing happen on one of my main websites.

    Don’t know if it’s the same problem, but here’s what I did to fix it:

    – V3.5.2 seemed to update okay but I was kicked out of the dashboard right after it finished patching

    – could not get back in

    – noticed the 404 URL string was referencing “wp-admin/upgrade.php” could not be found

    – copied in a new and fresh upgrade.php file

    – WordPress prompted that the DB was out of date and need patching

    – DB patched — everything working great again.

    Don’t know if this helps…but I can relate to the frustration. Let me know if this solves it for you.


    @ahiddleston – Thanks for the post. I have already tried updating the wp-admin/upgrade.php file. The first attempt said that it was already up-to-date, so I lowered the db_version using PhpMyAdmin to “22441”.

    Once I reloaded the wp-admin/upgrade.php page, it offered to update the db. I ran the update and tested again. I still get redirected to a 404 page. I confirmed the db_version was updated to “22442”.

Viewing 15 replies - 16 through 30 (of 35 total)
  • The topic ‘Login 404 After Upgrade to WordPress 3.5.2’ is closed to new replies.