Authy does not redirect from hidden WordPress backends
-
Hello.
First, thanks for this plugin.
In the Authy plugin’s helpers.php file, the relative URL “wp-login.php” has been hard-coded into the Authy form tag’s “action” parameter.
Several WordPress security plugins enable a “hide backend” option that rewrites the “wp-login.php” URL to something of the administrator’s choosing. Thus, when a security plugin’s hidden backend option is configured, the Authy plugin’s form redirects users to a 404 page instead of the dashboard or other user-relevant page.
I have found that replacing the hardcoded form tag that includes the wp-login.php URL with the following code fixes the problem on one of my sites:
<form method="POST" id="authy" action="<?php echo wp_login_url(); ?>">
The above modification enables the Authy plugin to automatically populate the form tag’s “action” parameter with the correct wp-login URL for the site on which it is running, even if that URL is not the WordPress default URL.
Just thought you would want to know that this could be an issue when using the Authy plugin with other WordPress security plugins.
Thank you.
https://www.ads-software.com/plugins/authy-two-factor-authentication/
- The topic ‘Authy does not redirect from hidden WordPress backends’ is closed to new replies.