Mask login Area Bug

  • Resolved Aronu

    (@aronu)


    2 years, 10 months ago

    I found a bug when using the “Mask Login Area” functionality under the tools section.

    Let’s say I change my login URL slug to : “friend”

    So my new website login URL should become: https://www.example.com/friend

    If I am already logged into my website admin and I open another tab and visit: https://www.example.com/friend

    I get a 404 error saying: The page cannot be found.

    Am I not supposed to be redirected to my website admin since I am already logged in?

    This happens to me a lot since I have a feature set for my website to keep me logged in on my computer even if I close the browser.

    So when next I try to open my website admin, I type: https://www.example.com/friend and instantly I am greeted with a 404 error page.

    So to bypass this I have to use the menu bar that appears at the top of the page (this shows because I am already logged in) to visit my dashboard. Or I have to use the default URL instead: https://www.example.com/wp-admin/.

    Please try and fix this. Thank you

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @aronu

    I hope you are doing well.

    It is not expected, when the mask URL is accessed by a logged-in user it should return to the login page again not redirect to a 404.

    Can you try to re-save the Permalinks and see if makes any difference?

    The reason is that it is also the default WordPress behaviour, Defender uses the wp-login.php, if you access this page when the user is logged in you will also get the login form again.

    A workaround is using the below script:

    /**
* Plugin Name: Redirect Logged In
* Description: Redirects logged in users when they try to access the /friend page
*/

 function wpmu_logged_in_redirect() {
    $re = '/\/friend$/m';
    $matches = [];
    
    preg_match_all($re, $_SERVER['REQUEST_URI'], $matches, PREG_SET_ORDER, 0);
     
    if ( is_user_logged_in() && !empty($matches) ) 
    {  
        wp_redirect( "https://your-url.com/wp-admin" );

        die;
    }
     
}
add_action( 'init', 'wpmu_logged_in_redirect' );

    You can use it as a mu-plugin following this guide https://wpmudev.com/docs/using-wordpress/installing-wordpress-plugins/#installing-mu-plugins

    Best Regards
    Patrick Freitas

    Thread Starter Aronu

    (@aronu)

    Re-saving the permalinks didn’t make any difference.

    I tried this plugin: https://www.ads-software.com/plugins/wps-hide-login/ and it works well.

    Even if I am logged in and I visit the masked URL on another tab it redirects me to the Admin dashboard.

    But I don’t want to add an extra plugin to my website when I am already using a security plugin that has the hide URL functionality.

    I will suggest you reach out to your developers and tell them about this little bug. When it has been fixed, let me know.

    In the meantime, I guess I will have to use a separate plugin: https://www.ads-software.com/plugins/wps-hide-login/ to add the hide URL functionality.

    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @aronu

    Thank you for response!

    Let me add up to what my colleague wrote previously.

    It seems that we are actually dealing here with two separate issues. The default and expected behavior of Defender with login masked is:

    1. if a visitor (not logged-in user) goes to site.com/friend they should see login form and be able to login; once they should immediately be taken to relevant back-end page (e.g. “profile” in case of subscriber-role users).

    2. if already logged-in user visits site.com/friend they would see login form – this is because this is a default/standard WordPress behavior and Defender does not change it.

    With login masking disabled going to wp-login.php page as a logged-in user would also show the same login form.

    So this isn’t a bug but rather “lack of feature” that the other plugin has.

    The additional code that my colleague shared is a “patch” to add that feature so already logged=in users wouldn’t see login form again but instead would be redirected to /wp-admin.

    3. However, the fact that on your site already logged-in user doesn’t see login form but instead gets “404 Not found” message – this is unexpected issue. Usually such behavior is caused (if not by permalinks which you’ve already ruled out) by a conflict caused by some other plugin or some theme feature.

    Most often, it’s happening if there’s at the same time some other plugin attempting to redirect user upon login ar in other way affects login functionality at the same time when Defender does it.

    To fix it, it would be necessary to find what exactly is causing such conflict first and first step to do this would be to perform full conflict test on site. It goes like this:

    – disable all the plugins except Defender
    – switch theme to one of “core” themes, e.g. Twenty Twenty Two

    If it’s a conflict, at this point issue should be gone and logged-in users visiting site.com/friend should see login form instead of being taken to “404 not found” page.

    If so, then switch original theme back and check again. If it still works, start enabling your plugins back one by one until you get “404 not found” again and the last enabled plugin would be the cause of conflict.

    Knowing about that we could then take it to our developers so they’d check it further and if it’s something that can be fixed on our end, we’d include fix in one of upcoming Defender releases.

    Kind regards,
    Adam

    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @aronu

    I hope you are doing well and safe!

    We haven’t heard from you in a while, I’ll mark this thread as resolved.

    Feel free to let us know if you have any additional questions or problems.

    Best Regards
    Patrick Freitas

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Mask login Area Bug’ is closed to new replies.