Hide Backend not working

  • The Hide Backend feature of iThemes Security (7.3.1) isn’t working: it doesn’t hide the ‘/wp-login.php’ address. A logged out user can see this address and login there.

    Even more than that: if the user hits “Enter” in a browser’s address field with the site’s “…/wp-login.php” URL, the value in the field changes to the REDIRECT URL containing the secret hide-backend token!!!

    Also, when I enable or disable the Hide Backend feature in the plugin’s settings and hit Save, the settings are actually saved BUT the plugin’s UI shows me an error like this:

    Unknown Default Recipients contacts, 1.

    The settings could not be saved. Please correct the error above and try again.

    What should I do?
    I’m temporarily disabling the Hide Backend feature.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter allfadr

    (@allfadr)

    Oh, sorry, it does work. I had no idea the token was saved in cookies for an hour.

    Still, the abovementioned error message while saving the setting is there.

    This error probably indicates that the user with ID 1 no longer exists in your WordPress env.

    The iTSec plugin Notification Center module saves recipients using the users’ user ID.
    If subsequently a user gets deleted, saved user IDs are rendered invalid.

    You’ll need to manually replace ID 1 with an existing user ID in the itsec-storage option (“notification-center”, “default_recipients”, “user_list”) in the database. That will get rid of the error.

    To prevent any confusion, I’m not iThemes.

    • This reply was modified 5 years, 7 months ago by nlpro.
    • This reply was modified 5 years, 7 months ago by nlpro.
    • This reply was modified 5 years, 7 months ago by nlpro.
    • This reply was modified 5 years, 7 months ago by nlpro.

    Recently noticed an upgrade and its changelog mentioned this issue.
    Maybe it is working fine now.

    The error occurred for me too, and I think because …
    1) I turned on notification settings first and selected my admin account to be notified (which is ID=1)
    2) THEN I used the setting to remove user with ID=1 and
    3) THEN later went tried to use the hide backend feature, hence the error you are reporting.

    To work around is, I went back into the notification settings and re-selected my admin account for notifications (which now appeared unselected even though I’d previously set it). When I then tried to use the backend feature I didn’t receive this error.

    However, the hide backend feature isn’t working for me currently so I’m wondering if there is another issue?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hide Backend not working’ is closed to new replies.