customer logout while havin wp-login protected

Yes, it is possible. You have to allow the query string “action=logout”

For Cloudflare
(http.request.uri.path contains “/wp-login.php” and not http.request.uri.query contains “action=logout”)

For Apache
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} ^/wp-login.php$
RewriteCond %{QUERY_STRING} ^action=logout
RewriteRule ^(.*)$ – [L]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ – [F,L]
</IfModule>`

Thank you for the snippet (apache)

I don’t get the basic auth screen anymore, which is good, but now I get a 404 at
mydomain.com/wp-login.php?action=logout&redirect_to….
still not logged out

I tried both, having the protection of wp-login.php before and after your script, in both cases I get the 404

If you still have auth on it will fail. You need to disable auth and use the code and other steps when you run WooCommerce.

disabled auth, the 404 still appears. Not sure what the “other steps” mentioned would be…

If you have a 404, you should start by clearing cache and then test (and check logs).

Options can include, but not limited to..

2FA on admin accounts
limit login attempts
wp-login limited to your ip

You are now asking for security, and that depends on your needs, host, server type, budget, etc. You can use plugins, good hosting, htaccess rules, nginx rules, cloudflare, etc

Hi @mmtomm,

Since we haven’t heard from you in a while, we’re hoping that means you were able to get this resolved. I’m going to close this thread out now.

If you’re still having trouble, please open up a new topic and we’ll be happy to help out.

Cheers