Update broke custom login URL

  • Resolved t-ryder

    (@ryder203)


    2 years, 1 month ago

    Hello.
    I maintain 5 websites, 2 of them have auto updates enabled. Those sites grabbed the latest All In One WP Security & Firewall plugin and now my custom login URL is gone.
    tld.com/wp-admin gives me a “not found” and tld.com/xyz-custom set in the plugin settings gives me a “not found” too… so now I am locked out and for one page I don’t even have FTP since I’m just the maintainer with no server access. Please be careful next time … Now I will have to fix stuff again and need extra time I don’t have. I’m pretty annoyed right now.

    • This topic was modified 2 years, 1 month ago by t-ryder.
    • This topic was modified 2 years, 1 month ago by t-ryder.

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Thread Starter t-ryder

    (@ryder203)

    For one site I was able to update the plugin to 5.0.4 via Plesk WP module, deleted cache via FTP but still I can not use my custom login URL. Locked out.

    Thread Starter t-ryder

    (@ryder203)

    I uninstalled the plugin via Plesk, installed latest version again, did config all settings again. Set up custom login page URL again. But for the other website for which I don’t have FTP I gotta wait and ask the admin. And I’m scared now to update my other 3-4 pages for which I also use All In One WP Security & Firewall. My site did not work even after the Plesk plugin updates to 5.0.4 and I don’t want to mess up the other sites. The other sites are projects for which I have a volunteer honorary admin promise and it will be no fun to fix all by uninstalling via FTP, reinstall and set all configs again.

    Plugin Contributor Prashant Baldha

    (@pmbaldha)

    I apologise for the inconvenience you are facing.

    It looks like you have enabled the cookie-based brute force protection Admin Dashboard > WP Security > Brute Force > Cookie Based Brute Force Protection as indicated in the screenshot https://nimb.ws/Wmih07 in the past.

    This feature wasn’t working for many WP sites before the AIOS 5.0.0 release. From the AIOS 5.0.0 release, It is working for all WP sites.

    Resolution:

    1. If you remember the secret word, please browse the URL example.com?=secretword=1 and you will redirect to the admin login screen.

    2. If you don’t remember the secret word, then open the database from PHPMyAdmin, select the options table and search for the aio_wp_security_configs option name, copy the option_value field, paste it on https://www.unserialize.com/ and unserialize it. You should find the aiowps_brute_force_secret_word string and find the value of it, and do as described above.

    3. Easy solution: In the AIOS 5.0.4 release, we have given a feature that you can disable the brute force login prevention by adding the below code line in the wp-config.php file:

    define( 'AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION', true );

    And then try to browse the login page.

    I am sorry again.

    Let me know whether you are able to access your admin dashboard or not.

    I am more than happy to help you.

    Thread Starter t-ryder

    (@ryder203)

    I did for none of the sites use the cookie-based brute force protection and I got no secret word. I only used login page rename and other sec. features

    • This reply was modified 2 years, 1 month ago by t-ryder.
    Plugin Contributor Prashant Baldha

    (@pmbaldha)

    Kindly accept my apologies for your inconvenience.

    I need more details to help you out.

    May I know the permalink settings of your WordPress site? The permalink setting is located on the Admin Dashboard > Settings > ?Permalink.

    Can you please try to browse the login page by tld.com/?xyz-custom?

    Thank you for reaching out to us.

    We are very sorry again.

    Thread Starter t-ryder

    (@ryder203)

    I solved all now using FTP, deleting the plugin, reinstalling it.
    Permalinks are https://www.tld.com/sample-post/ but I found out now that I had saved
    bookmarks to the custom login URL like https://tld.com/custom-loginxyz and suddenly for some sites it was changed by the plugin to the actual folder structure on the server like tld.com gives the page, but the wordpress location is e.g. tld.com/cms/ so the login page URL had changed to https://tld.com/cms/custom-loginxyz which I did not know. Until the plugin updates all worked with my existing bookmarks. My bookmarks were https://tld.com/custom-loginxyz which worked without the folder in the URL. Welp… what do I know.

    Plugin Contributor Prashant Baldha

    (@pmbaldha)

    @ryder203?

    Please accept apologies for the delay in the reply.

    It looks like you have installed WordPress core files in its own directory cms as described on https://www.ads-software.com/support/article/giving-wordpress-its-own-directory/#method-ii-with-url-change.

    If you renamed the login page, the login URL is https://tld.com/cms/wp-login.php. You have renamed your login page, so your login URL is https://tld.com/cms/custom-loginxyz.?

    We have received the support ticket https://www.ads-software.com/support/topic/rename-login-breaks-logout-funtion-host-set-to-wp_home/, so we have fixed it.

    Technical explanation:
    Before the AIOS 5.0.0 version, the renamed login page URL was prefixed with home_url(). but It was an issue. Even the wp_login_url () function returns a URL that begins with site_url().Reference: https://developer.www.ads-software.com/reference/functions/wp_login_url/

    We hope you understand it.

    Thank you for reaching out to us.

    Plugin Contributor Prashant Baldha

    (@pmbaldha)

    We have fixed the issue in the AIOS 5.0.7 version that is released a few hours ago. Can you please update the AIOS plugin?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Update broke custom login URL’ is closed to new replies.