Support » Plugin: iThemes Security (formerly Better WP Security) » Lost password link broken on multi site

  • Resolved danbrady

    (@danbrady)



    This has been a problem for some time.

    We run a multi site with iThemes Security network activated. We are using the ‘Hide backend’ feature which changes the login URL slug.

    The problem occurs when users forget their password and click on ‘Lost your password’ on the login screen.

    The URL for the password reset is still the old:
    mainmulitsitedomain.com/wp-login.php?action=lostpassword

    The user is then stuck as ithemes sceurity masks /wp-login.php

    https://wordpress.org/plugins/better-wp-security/

Viewing 9 replies - 1 through 9 (of 9 total)
  • Redirecting the Lost Password URL to

    mainmulitsitedomain.com/yourhideslug?action=lostpassword

    did the trick for me, not very shiny but working

    Thanks, did you need to add the redirect on each sub site individually?

    Sorry, dumb question. I forgot the link is always the same. Redirect added at the main domain works fine.

    The plugin should have a better, more elegant solution, but it works

    Thanks

    Anyone of you guys care to explain how this is done? Thanks.

    I dropped this into the functions.php of my child theme

    add_filter('lostpassword_url', 'wp_hijack_lostpassword');
    function wp_hijack_lostpassword() {
        return home_url('/yourhideslug?action=lostpassword');
    }

    Or, if you have a Redirect plugin just create a redirect on your main domain

    example:

    lost password link is
    mainmulitsitedomain.com/wp-login.php?action=lostpassword

    go to:
    mainmulitsitedomain.com/

    install/activate redirect plugin

    create redirect from
    /wp-login.php?action=lostpassword
    to:
    /yourhideslug?action=lostpassword

    But the PHP route might be better

    Thanks guys the php version works great.

    However there is still the issue of submitting the actual request form on the password reset page as the form post to the following

    /wp-login.php?action=lostpassword

    which generates 404

    Has anyone tested submitting the form?

    Can we also solve this via a filter?

    *sadly*

    The only workaround if found was to alter this line

    <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">

    and this one
    <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">

    in the wp-login.php

    I don’t like changing core files…

    Four weeks ago @eteubert added a post elsewhere to his workaround to this problem. We’ve installed it and it’s working well so far:

    https://gist.github.com/eteubert/293e07a49f56f300ddbb

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Lost password link broken on multi site’ is closed to new replies.