• On a multisite install, hiding the backend is working pretty well (except for the enable cookies problem that a segment of users keep experiencing).

    However, when someone tries to reset their password this is what happens:

    1) member goes to hidden login page & clicks ‘Lost your password’ link
    2) they are redirected to mainwebsite.com/backend?action=lostpassword
    3) they enter their username/email & click ‘Get new password’
    4) they are sent to a 404 (/not_found)
    5) they then receive the pw change email. The link to reset their pw is http://mainwebsite.com/wp-login.php?action=rp&key=whatever&login=username
    6) they click the link & it’s a 404 again (/not_found)

    I really want to hide the backend because there were over 5000 brute force login attempts daily but these problems are making it near impossible to use.

    https://wordpress.org/plugins/better-wp-security/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter Arp Laszlo

    (@echoleaf)

    Is there a solution, besides ditching iThemes Security?

    @echoleaf

    There is a solution available on this forum but in general the iTSec plugin and MultiSite is not a good combi …

    So ditching sounds like the right thing to do when using MultiSite …

    dwinden

    Thread Starter Arp Laszlo

    (@echoleaf)

    I’d still like to hide the backend as I was getting 5000+ attempted logins per day. Any suggestions for an alternative?

    @echoleaf

    There are plenty other ones in the wordpress.org repository.

    Instead of fighting symptoms perhaps it would be better if you prevented the website from being low hanging fruit on the internet …
    😉

    dwinden

    echoleaf, did you find a solution?

    I’m having the same problem here (404 errors, although I don’t even receive the email to reset the password).

    I’ve already communicated the new backend address to my users so I’d like to keep this plugin if possible!

    Thread Starter Arp Laszlo

    (@echoleaf)

    Nope :/

    If someone can’t login, I just reset their password to something simple so they can login & change it themselves.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Password reset problem after hiding backend’ is closed to new replies.