403 error on logging out

  • My customers and I are all getting error messages on attempting to log out.

    I’ve “hidden the back end” (although have also tested without hiding – no difference).

    The log out appears to be pointing to the unchanged login, and not the renamed hidden login – which is a problem, obviously!

    All plugins are up to date.

    FORBIDDEN
    You don’t have permission to access /wp-login.php?itsec-hb-token=wplogin&action=logout&redirect_to=http%3A%2F%2Fwww.painefreecrafts.com%2Fmy-account%2F&_wpnonce=2bb4328507 on this server. “

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

  • @painfreecrafts

    The log out appears to be pointing to the unchanged login, and not the renamed hidden login – which is a problem, obviously!

    I guess you are referring to a URL like this:

    https://www.painefreecrafts.nl/wp-login.php?itsec-hb-token=wplogin&action=logout&_wpnonce=2bb4328507

    The plugin is not supposed to change the logout URL above into https://www.painefreecrafts.nl/wplogin?action=logout&etc…

    So the logout URL being used is perfectly fine because it contains the extra URL parameter to make it work: itsec-hb-token=wplogin.

    Sounds like this is not an iTSec plugin issue.
    What happens when you temporarily deactivate the iTSec plugin ?

    • This reply was modified 7 years, 3 months ago by pronl. Reason: Corrections
    Thread Starter PaineFreeCrafts

    (@painefreecrafts)

    Not sure I really follow your message but..

    ah ok, yes, still get the same message when trying to log on even when the iTSec plugin is temporarily deactivated. Guess the error message is a little misleading. I’ll have to track what is trapping my customers on site. Ever heard of WC stopping people logging off before?

    Thread Starter PaineFreeCrafts

    (@painefreecrafts)

    oki. It’s AiO WP Security doing it.

    maybe having both is overkill! I do get a lot of bot attempts every day trying to brute force the site – but have set passwords to strong and auto lockout after 5 incorrect guesses anyway.

    I use more of the functionality in iTSec so I’ll keep that active.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘403 error on logging out’ is closed to new replies.