Hide Backend feature not working

I have a similar issue, but I’m coming from a point were my login page is already hidden and accessed from a unique URL for already some time, and the upgrade to version 4.0.2, the latest, caused that when I use this specific URL I am directed to the default wp-login.php page with the following error:
Warning: in_array() expects parameter 2 to be array, string given in /home4/<my-user-name>/public_html/<my-site-folder>/wp-content/plugins/better-wp-security/modules/free/four-oh-four/class-itsec-four-oh-four.php on line 32

I noticed that the site’s .htaccess file was changed and it currently hold no more the redirect to the special wp-login.php URL, so it was either replaced or modified by the upgrade.

So I worked around the issue by reverting things back:
1. I renamed the “better-wp-security” folder (instead of delete, just in case…)
2. I renamed the current .htaccess file at the root of the site
3. I uploaded the latest backup of the “better-wp-security” folder to the “plugins” folder
4. I uploaded the latest backup of the .htaccess file to the root of the site

Now all looks back in order.

Sorry to hear about the issues with the Hide Backend feature. Most settings from Better WP Security transferred to iThemes Security 4.0 except for Hide Backend.

The 4.0 update will default back to the default WordPress Login URL (yoursite.com/wp-admin/). After logging in from the default URL, you should be able to reset the Hide Backend setting to your original login URL slug.

For more info: https://www.ads-software.com/support/topic/recovering-the-adminlogin-url-from-hide-backend-setting

Dear iThemes Team,

I am highly unhappy and unable to solve this issue. I had earlier changed the backend address to https://www.androguru.com/loginportal which is not able to be accessed now. I am getting some Fatal Error once I login. Secondly below the login box, I am getting my full website loaded which is a big and serious issue.

Kindly help out as we represent one of India’s top Android Community Website. We would be very glad, thereafter.

I’m thinking maybe it’s not necessarily the plugin, but just the way my server or wordpress install is setup. Let me share some other details that might help solve the problem.

Hide Backend Disabled:
The following urls work for logging in.

domain.com/sub/wp-login.php
domain.com/sub/wp-admin
domain.com/login
domain.com/admin

When entering a url with a directory that does not exist such as domain.com/test I get my site’s normal missing error 404 page.

When entering a url with a directory that does not exist that includes the subdirectory such as domain.com/sub/test I get a more simple, plain “Not Found” page. The same sort of page I get with the hide backend feature enabled.

Hide Backend Enabled:
The chosen slug is “test”. Under it, it shows the login url as domain.com/sub/test
This url does not work and all the urls listed above that worked with the hide backend feature disabled no longer work either.

How does the Hide Backend Feature work? Is it modifying the htaccess file or something in wp-config? I’m not seeing any evidence of it modifying any of my files.

The normal URLS don’t work!

I’m locked out of my own site.

Please fix ASAP this is unacceptable!

same issue here; have the login page, but continually get locked out of my own site. POS product. what is the fix?

my masked login page is the only login page I can get to but i get immediately locked out.

Here’s what I came across on my site that may be of help. The new iThemes Security isn’t compatible with WordPress HTTPS and/or Captcha plugins. After reseting iThemes Security, I deactivated the other two and Hide Backend feature works fine now. This also solved some other minor problems I was having.

Correction to the above comment: It’s not that they’re not compatible. WordPress HTTPS caused a redirect loop to occur in the admin panel because Force SSL Exclusively was checked in its settings. After unchecking it, everything worked fine again, including the Hide Backend feature in iThemes. Captcha is no longer affected either.