[Plugin: Better WP Security] Multiple installs on one Databse – can't log in to other sites

Did both installs have the same database prefix (not sure how that could happen but I’ve seen stranger things)? If both were on the same prefix that would indeed kill the second database. If not it might have been confused as to which wp-config file to use check both and make sure the correct database prefix is present.

Hi there,

each install has it’s own database prefix as per wordpress installation instructions. I had a look and and they are both using the right prefix.

Could it be something to do with the second install still using a prefix defined by me rather than the plugin?

What do you think would happen if i went through the ‘set up process’ again? Would it start working again or would I lose everything and be on a fresh start?

appreciate the help

You definitely don’t want to run setup again. This is an odd one. This typically happens when WordPress can’t find the wp-config file.

Hope I’m talking about the same thing here – I have a problem with a WordPress Multisite setup – sharing the 1 database.
The problem occurs when I switch on the plugin’s Enable Hide Backend feature.
With this feature on I can’t login into the dashboard on any of my ‘child’ sites – only the master site.
Looking at the .htaccess file with the feature enabled – gave me and idea to why this may be the case…? Here’s the file (domain name and key have been changed):

# BEGIN Better WP Security
<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule ^login/?$ /wp-login.php?magickey [R,L]

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^admin/?$ /wp-login.php?magickey&redirect_to=/wp-admin/ [R,L]

RewriteRule ^admin/?$ /wp-admin/?magickey [R,L]

RewriteRule ^register/?$ /wp-login.php?magickey&action=register [R,L]

RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax\.php
RewriteCond %{HTTP_REFERER} !^(.*)mydomain.com/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)mydomain.com/wp-login\.php
RewriteCond %{HTTP_REFERER} !^(.*)mydomain.com/login
RewriteCond %{HTTP_REFERER} !^(.*)mydomain.com/admin
RewriteCond %{HTTP_REFERER} !^(.*)mydomain.com/register
RewriteCond %{QUERY_STRING} !^magickey
RewriteCond %{QUERY_STRING} !^action=logout
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{QUERY_STRING} !^action=register
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^.*wp-admin/?|^.*wp-login\.php not_found [L]

RewriteCond %{QUERY_STRING} ^loggedout=true
RewriteRule ^.*$ /wp-login.php?magickey [R,L]
</IfModule>

# END Better WP Security

Would the RewriteCond lines that all refer to the ‘master’ domain be a possible reason for not being able to login to the ‘child’ domains? None of the child domain folders have htaccess files in them of their own so would it not read the master htaccess?

I could be barking up the wrong tree completely here..

The (.*) in front of the domain should cover all child domains however if you’re using a domain mapping plugin you may need to manually change it to use (.*) in place of the primary domain which would cover traffic looking at any domain on the site.