Can you please explain and provide more details about what is not working in 4.0? I am using the plugin in 30+ sites that are currently running WP 4.0 with no problems.
I’m testing with a very simple setup:
– WordPress 4.0, no other plugins activated/installed other than Header Login.
– Header Login minimally configured (username header, email header, authenticating header and logout URL). Non-existing users don’t get an account.
– Firefox with HTTP Header Mangler extension configured to provide two additional HTTP headers: one for the username, one for the email address. The username is the authenticating header.
The problem:
It seems the authentication itself is working. I dare to tell because if provided with the properly filled HTTP headers, WordPress recognizes me and shows me my username on the top right. If I provide a non-existing user, WordPress doesn’t display the top bar.
What doesn’t work is wp-admin. Assume my WordPress URL is http://www.example.org. If I try to access “http://www.example.org/wp-admin”, the address gets rewritten to “http://www.example.org/?redirect_to=http%3A%2F%2Fwww.example.org%2Fwp-admin%2F&reauth=1” and the page stays the same.
If I provide a wrong username or any headers at all, I’m able to access the login page (which is rewritten to “http://www.example.org/wp-login.php?redirect_to=http%3A%2F%2Fwww.example.org%2Fwp-admin%2F&reauth=1”). What bothers me here is that I’m not able to manually log in (though that might be intentional).
This should now be fixed. The problem was that it would not handle usernames with mixed case. The change has also fixed some other bugs as well.
I apologize for the delay in getting this fix pushed out. Please update to 2.8.7 and try again please.