Custom Admin URL and wp-login.php => 404 Error

Hi,

Are you able to log in if you deactivate the plugin via FTP by renaming it’s directory to something like ithemes-security.bak?

Could you look in your .htaccess for code the resembles the block below?

# BEGIN Hide Backend
			# Rules to hide the dashboard
			RewriteRule ^(/)?yourNewSlug/?$ /wp-login.php [QSA,L]

	# END Hide Backend

Then try your URL using the “yourNewSlug” portion.

yoursite.com/yourNewSlug

Thanks,

Gerroald

Hi Gerroald,

Thanks for the message. I’m able to deactivate the plugin via FTP. (Note that my folder is still labeled better-wp-security-bak though I believe I had upgraded to iThemes Security.)

My .htaccess file is missing at the root so I created a new one with the supplied code.

I’m still receiving the 404 error when I attempt to reach the new slug.

Could you advise further? Thanks.

EDIT: FYI, I also checked phpMyAdmin’s wp_itsec_log, which shows no 404 errors, and wp_itsec_lockouts, which doesn’t display any lockouts.

I should note also that in phpMyAdmin, under the wp_options table, the itsec_hide_backend option still displays my old login slug, which currently results in a 404 error when attempting to reach it.

This is to note that creating and inserting the new .htaccess file in root does not appear to have changed the itsec_hide_backend optin value in the database.

I am uncertain if this is a relevant factor.

The new\custom slug in the .htaccess file and in the database should match. And make sure it is not wp-admin.

Also make sure permalinks is enabled.
Most of the times people will use the “Post name” type permalink.

If enabled you should see the following result after running this SQL command from phpMyAdmin:

select option_value from [prefix]options where option_name=’permalink_structure’;

/%postname%/

Enabling the “Post name” type permalink will also add the following lines
to the END of the .htaccess file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

dwinden

Thanks dwinden, running the SQL command displays the /%postname%/ option value.

The 404 error is replaced with the client browser (Firefox) displaying “The page isn’t redirecting properly”. Similar “redirect” experience with Chrome.

Note that deactivating the iTS plugin (i.e. appending the better-wp-security folder’s name with -bak) results in a 404 error while reactivating it results in the browser reporting as above.

Any further advice is welcomed. Thanks.

Ok so it seems we have made some progress … but it still doesn’t work.

Using the better-wp-security folder name does not automatically mean the iTSec plugin is activated in WP.

Just to be sure execute the following command from phpMyAdmin:

select option_value from [prefix]options where option_name=’active_plugins’;

You should see a “better-wp-security/better-wp-security.php” listed in the result. If it is listed it is activated in WP otherwise it is not.

Please post the content of your wp-config.php file after obscuring any sensitive info. If you don’t feel comfortable posting the content of the wp-config.php file send it to me in an email [ redacted, support is not offered via email, Skype, IM etc. only in the forums ]

Is this a multi-site WP env ?

WP version ?

iTSec plugin version ?

Is the frontend of this website functional ?

Is WP installed in a subfolder ?
If so the content of the .htaccess is incorrect for both iTSec plugin hide backend feature and WP permalink. That could explain the “The page isn’t redirecting properly” message in the browser …

Basically we are trying to rebuild your .htaccess file to what it is supposed to be. But why is it gone and would it be possible to restore a backup copy ?

dwinden

Hi dwinden, first, thanks for running me through this.

Running the SQL command didn’t show iTSec or any other plugins active, save one.

Is this a multi-site WP env? I believe it is; it has an empty blogs.dir folder.

WP version? the latest upgrade pushed this week, v4.1.2

iTSec plugin version? From the Readme file, v4.6.13

Is the frontend of this website functional ? Yes.

Is WP installed in a subfolder ? Yes, OpenShift hosts the site and placed it in a subfolder.

Your last query and point may suggest the problem. Searching online, I noticed OpenShift has placed the .htaccess file elsewhere than the app’s root. The path it states on this page does not exist on my installation.

I’m currently searching the server from its root for the file. I’ll respond once completed.

Thanks.

Hi dwinden, I’d been informed that deleting the WP root .htaccess file or inserting an empty file would reset my login page and make it accessible. I was hence looking for the file to replace (inserting an empty one didn’t work).

I’ve tried finding the relevant .htaccess file for WP without success. Before deleting and reinstalling my app, which is the last resort, do you have any other suggestions?

Use the info from this link to restore access to the WP Dashboard of your multi-site and permalink enabled (in a subfolder installed) WP:

https://codex.www.ads-software.com/htaccess

At this stage I see this topic as a general WP issue and not an iTSec plugin issue.
Once normal access to WP Dashboard is restored I can assist you with configuring or if necesssary troubleshooting the iTSec plugin Hide Backend feature.

dwinden

Hi dwinden,

Thanks for the reply and suggested link. I’ll follow the link to spare recreating a server and migrating contents.

Thanks.