HTTP 404 with hide backend and multisite (not_found) – potential fix

  • Greetings,

    With hide backend option on our wordpress installation (multisite) we always got HTTP 404 – not found when trying to do sign-up.

    Searching on iThemes Security code I’ve found two issues is on class-itsec-hide-backend.php which i submit for your consideration on future patch. Sorry if this isn’t the right way to submit the information but couldn’t find a better one on your site and this way other people with issues can see it too.

    First issue is usage of get_site_option( ‘users_can_register’ ) which returns false. With users_can_register_signup_filter() it works.

    Second issue is and/or logic which missed grouping and since && has higher precedence than || it failed to apply correctly. In this case since the wp-signup.php evaluated to true the or operation always resulted in true.

    Patch – use at your own risk:

    --- class-itsec-hide-backend.php	2015-01-07 11:14:49.987883759 +0000
+++ class-itsec-hide-backend.php.new	2015-01-07 15:07:47.772993105 +0000
@@ -109,7 +109,7 @@
 	public
 	function execute_hide_backend() {

-		if ( get_site_option( 'users_can_register' ) == 1 && isset( $_SERVER['REQUEST_URI'] ) && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $this->settings['register'] ) {
+		if ( users_can_register_signup_filter() == 1 && isset( $_SERVER['REQUEST_URI'] ) && $_SERVER['REQUEST_URI'] == ITSEC_Lib::get_home_root() . $this->settings['register'] ) {

 			wp_redirect( wp_login_url() . '?action=register' );
 			exit;
@@ -120,7 +120,7 @@
 		if (
 			(
 				(
-					get_site_option( 'users_can_register' ) == false &&
+					users_can_register_signup_filter() == false &&
 					(
 						isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], 'wp-register.php' ) ||
 						isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], 'wp-signup.php' )
@@ -132,12 +132,14 @@
 				( is_admin() && is_user_logged_in() !== true ) ||
 				(
 					$this->settings['register'] != 'wp-register.php' &&
-					strpos( $_SERVER['REQUEST_URI'], 'wp-register.php' ) !== false ||
-					strpos( $_SERVER['REQUEST_URI'], 'wp-signup.php' ) !== false ||
 					(
-						isset( $_REQUEST['redirect_to'] ) &&
-						strpos( $_REQUEST['redirect_to'], 'wp-admin/customize.php' ) !== false
+						strpos( $_SERVER['REQUEST_URI'], 'wp-register.php' ) !== false ||
+						strpos( $_SERVER['REQUEST_URI'], 'wp-signup.php' ) !== false ||
+						(
+							isset( $_REQUEST['redirect_to'] ) &&
+							strpos( $_REQUEST['redirect_to'], 'wp-admin/customize.php' ) !== false

+						)
 					)
 				)
 			) &&

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)

  • I’m having issues with login, not just signup.

    Any word on whether this patch would fix all the login problems associated with ithemes security and domain mapping on multisite?

    I don’t think so as this is a different issue with the Hide Backend feature.

    Some of the sign-up/register issue(s) are not even multi-site specific.
    You can consider sign-up/register with Hide Backend feature enabled as totally non functional either in single or multi-site … Major iTSec plugin bug.

    dwinden

    Hello,

    Same problem here and this patch works well.

    But it must be applied again at each plugin update.

    The resolution of this issue is expected soon ?

    Regards

    Same issue. Do you know when it will be solved?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘HTTP 404 with hide backend and multisite (not_found) – potential fix’ is closed to new replies.