Mask Login Area Bug?

Resolved razman
(@razman-wan-fatul)

2 years, 9 months ago

I’ve enabled the login masking feature, hiding the default wp-admin URL. The issue is that when I add the word ‘login’ or ‘wp-login.php’ at the end of the website URL it redirects to the new login URL.

Example:
https://domain.com/wp-admin redirects to https://domain.com/custom-redirection-url (great)
but
https://domain.com/login redirects to https://domain.com/new-login-slug
https://domain.com/wp-login.php redirects to https://domain.com/new-login-slug

So people can still find the login page, it’s not really hidden. I have 3 websites with this issue – two of them are located in a sub-directory.

I’ve tried disabled other plugins, changed themes, purged n disabled cache but the problem is still happening. Any idea how to solve this?

WordPress 5.7.2
Defender 2.5.4

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Support Dimitris – WPMU DEV Support
(@wpmudev-support6)

2 years, 9 months ago

Hello there @razman-wan-fatul

This is not the default behavior and I made a test in a clean site to confirm.
Visiting /login or /wp-login.php should show a generic “This feature is disabled” WordPress error.

Did you try to:
– deactivate all other plugins and MU plugins (for the later you will have to move them out of /wp-content/mu-plugins/ folder)
– activate a default theme like Twenty TwentyOne
– test from a clean browser without older caches/cookies
That was the state of my testing site as well.

If you already did so, could you contact your hosting provider about it? Just in case there are is some other configuration causing this.

Warm regards,
Dimitris

Thread Starter razman
(@razman-wan-fatul)

2 years, 9 months ago

Hi Dimitris, yes I already did so, but the issue persists. I don’t think it’s related to plugin or theme conflicts.

I think the issue might be related to subdirectory install. My WordPress is installed in a subdirectory, but uses the same domain URL as the root. You can try to reproduce the issue using these example settings:

WordPress Address (URL): https://www.domain.com/subdirectory
Site Address (URL): https://www.domain.com

Root .htaccess:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Subdirectory .htaccess:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /subdirectory/
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

I fixed the problem by changing the setting to this:

WordPress Address (URL): https://www.domain.com
Site Address (URL): https://www.domain.com

Root .htaccess:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$
RewriteCond %{REQUEST_URI} !^/subdirectory/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /subdirectory/$1
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$
RewriteRule ^(/)?$ subdirectory/index.php [L]
</IfModule>
# END WordPress

Subdirectory .htaccess:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

I’m not sure if this is a permanent fix but I hope so.
It seems like Defender mask login won’t work well if WordPress Address is different from the Site Address, can you confirm this?

However, there’s another site of mine with the same problem, which I fixed by fresh install of Defender, could this be related to caching, or transients?

Plugin Support Patrick – WPMU DEV Support
(@wpmudevsupport12)

2 years, 9 months ago

Hi @razman-wan-fatul

Thank you for the information.

I tested the installation on my end configuring the WordPress on a subdirectory and the Mask URL if I tried to access any login, wp-login or wp-admin URL it didn’t allow me or directed.

Could you please send me an email to contact@wpmudev.org using this template:

Subject: “Attn: Patrick Freitas”
Message: link back to this thread for reference

Best Regards
Patrick Freitas

Thread Starter razman
(@razman-wan-fatul)

2 years, 9 months ago

Hi Patrick,

Already sent you an email as requested.
By the way, are you sure you tested using the example .htaccess I gave above?

Plugin Support Patrick – WPMU DEV Support
(@wpmudevsupport12)

2 years, 9 months ago

Hi @razman-wan-fatul

Thank you I received it and I am going to look further soon.

For htaccess to my installation, I used the htaccess documentation one https://wordpress.org/support/article/giving-wordpress-its-own-directory/

We are going to run some extra tests using the shared rules and we will update soon.

Best Regards
Patrick Freitas

Plugin Support Patrick – WPMU DEV Support
(@wpmudevsupport12)

2 years, 9 months ago

Hi @razman-wan-fatul

I just confirmed, it is the same rules that I used on the tests.

We will keep you posted.

Best Regards
Patrick Freitas
Plugin Support Patrick – WPMU DEV Support
(@wpmudevsupport12)

2 years, 9 months ago
Hi @razman-wan-fatul

We found the issue is happening when the WP URL is modified in WordPress > Config to match your sub directory.

Can you please try this code?
```
add_action( 'template_redirect', function(){
	if( class_exists('\WP_Defender\Model\Setting\Mask_Login') && ! is_user_logged_in() ){
		$model = new \WP_Defender\Model\Setting\Mask_Login();
		if( $model->enabled ){
			remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
		}
	}
}, 999 );
```
You can use it on your child theme > Functions.php or as a mu-plugin following this guide:
https://wpmudev.com/docs/using-wordpress/installing-wordpress-plugins/

Just in case you use mu-plugin make sure to open the PHP:
```
<?php

... code .. 
```
Let us know the result you got.
Best Regards
Patrick Freitas
Plugin Support Patrick – WPMU DEV Support
(@wpmudevsupport12)

2 years, 8 months ago

Hi @razman-wan-fatul

I hope you are doing well and safe!

We haven’t heard from you in a while, I’ll mark this thread as resolved.

Feel free to let us know if you have any additional questions or problems.

Best Regards
Patrick Freitas

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Mask Login Area Bug?’ is closed to new replies.