• Hello

    We are using Hide Backend feature of the plugin, which works great so far.

    The problem we have is the the way you process logout. Before your plugin calls wp_safe_redirect() in order to logout the user, there should be a filter in order to able to change the redirect URL for our custom implementation.

    Native WordPress logout process has this filter in place, and without Hide Backend feature, we can properly implement our custom logout redirect feature.

    I hope that my issue is clear.



Viewing 5 replies - 1 through 5 (of 5 total)
  • @yesinternet

    Are you referring to the code of the plugins_loaded() function in the better-wp-security/core/modules/hide-backend/class-itsec-hide-backend.php file ?

    And are you using Nginx as your web server ?

    Thread Starter Haris Kaklamanos



    Yes, I am referring exactly to this code.

    It does not have to do with server. I have same issue in both Apache, Nginx and Apache-Nginx stack.

    My issue is not an actual bug, I am just trying to explain that, optimally, there should be a filter there, in order to be able to control the logout redirect in my custom app. The very same filter that native WP uses in their logout routine.

    When I disable Hide Backend feature, my filtering works as intended.

    Thanks in advance for the help.



    According to the plugins_loaded() function comment:

    Makes certain logout is processed on NGINX.

    But that does not seem to be entirely true. The callback is also executed in Apache envs since it is simply hooked as an action to the plugins_loaded hook and there is no check for server == ‘nginx’ in the callback code. So indeed server env is irrelevant.

    Anyway I understand what you are saying.

    Seems like this piece of code was written before WordPress 4.2.0 was released.
    (The logout_redirect filter was added to wp-login.php logout action code in WordPress 4.2.0).
    iThemes forgot to change the code after WordPress 4.2.0 release… so the filter is missing.

    Thread Starter Haris Kaklamanos


    Thanks for the reply.

    I would like to suggest to plugin authors to include this change into next version.

    Do you know how can I do that?

    PS: At first I thought that you were from the plugin author company.


    Many people make that mistake 😉

    Personally I think the plugins_loaded() function/hook should be removed from the Hide Backend code.

    It is a hackish attempt to make the logout link work after the Hide Backend feature is enabled. Which is totally unnecessary IF you make sure the Hide Backend config change for the web server is properly applied and active.

    For Apache the config change is automatically written to the .htaccess file (unless you have disabled the Write to Files setting) so the changed logout link works immediately.

    On Nginx you need to either restart Nginx or reload the Nginx config file to make the changed logout link work.

    Anyway you can try and log a bug with iThemes here.

    iThemes does not regularly monitor this forum.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Logout redirect URL filter is missing, when using Hide Backend feature’ is closed to new replies.