Gerroald

Hey Kreeger,

It should have defaulted to Administrators. Can you check to make sure a recipient is selected? Either way, it’s just fine to dismiss the Notice.

Thanks,

Gerroald

Hi,

It sounds like Sync is hidden. You can force Sync to show by using this URL in your dashboard – yoursite.com/wp-admin/plugins.php?ithemes-sync-force-display=1.

Thanks!

Gerroald

Hi,

Thanks for the update. Please do let me know if it happens again. Please make sure to make a backup before the update, and save the actual broken file if possible.

Thanks,

Gerroald

Hi,

@diggisaur – Do you have a backup of the original wp-config.php file before you updated?

@coffeehero – If you reenable Security do you still experience this issue?

Thanks,

Gerroald

Hi,

@zakalwe – Are you having the exact same issue as @bhalodiya?

The way that Hide Backend functions changes in this release. Previously, if your Hide Backend Login Slug was wplogin, going to example.com/wplogin would result in the URL remaining example.com/wplogin. The new implementation of this feature results in a redirect to a URL that looks as follows: example.com/wp-login.php?itsec-hb-token=wplogin. While this may not be desirable for some users, this change was necessary to fix longstanding compatibility issues with other plugins. Once you access the login page using the Login Slug page, a cookie is set with an expiration time of one hour. As long as the cookie remains, you can access example.com/wp-login.php without having to access the Hide Backend Login Slug first. If you wish to confirm that Hide Backend is working properly on your site, opening up a private browsing window is a quick way to test without having to log out and clear cookies.

Thanks,

Gerroald

Hi @gecedergi,

This is how the feature is now designed. It will not change as it’s much more secure, and will cause far less conflicts. There’s no way around showing the wp-login.php portion, but this will only be shown to people that know the login.

I’m sorry if this disappoints you, but the changes made are for the better with better security and compatibility in mind.

Thanks,

Gerroald

Hi,

Can you both please share the login URLs?

You can add the code below to your wp-config.php file above the “That’s all, stop editing! Happy blogging.” comment to temporarily disable all features. Once you’re in the site you’ll need to remove it reactivate them.

define( 'ITSEC_DISABLE_MODULES', true );

@claytonkreisel – Just to be certain, when visiting your hidden slug you’re redirected to yoursite.com/wp-login.php?itsec-hb-token=custom-login-slug which results in a 404? You’re welcome to email me as well.

I understand wanting to rollback, but we haven’t been able to recreate this and need to see it in action to fix it.

Thanks,

Gerroald

• This reply was modified 8 years, 10 months ago by Gerroald.

Hi,

Can you please try testing in a browser once more that hasn’t had the itsec-hb token included? Try to access /wp-login.php in a private/incognito browser and please type versus copy/paste examplesite.com/wp-login.php.

The way that Hide Backend functions changes in this release. Previously, if your Hide Backend Login Slug was wplogin, going to example.com/wplogin would result in the URL remaining example.com/wplogin. The new implementation of this feature results in a redirect to a URL that looks as follows: example.com/wp-login.php?itsec-hb-token=wplogin. While this may not be desirable for some users, this change was necessary to fix longstanding compatibility issues with other plugins. Once you access the login page using the Login Slug page, a cookie is set with an expiration time of one hour. As long as the cookie remains, you can access example.com/wp-login.php without having to access the Hide Backend Login Slug first. If you wish to confirm that Hide Backend is working properly on your site, opening up a private browsing window is a quick way to test without having to log out and clear cookies.

Thanks,

Gerroald