wp-login.php

Yes, I am using Better WP Security plugin. I’m also fairly sure I am using the hide backend feature, or atleast I am assuming I am since I can’t get to my backend. I am not sure what I did to cause my login issue. I haven’t updated my site in several months and now I can’t get to the login screen, so I made the assumption that I turned on the hide backend, since I installed it at about the same time.

A couple things I have tried are renaming my plugins folder and my .htaccess folder, still get the 404 message.

You should rename both the plugin folder and the .htaccess file back, I think that’s the reason I can’t detect it as it was using this plugin.

Please rename them back, and let me know after you done it so I can start to test again. I’m waiting now.

I think I actually figured this out. I will post here in case anyone else runs into this and thinks it is the hide feature or WP Better Security.

I did as Handoko suggested and renamed both my plugin folder and .htaccess folder. I still received the 404 message. I switched over to Internet Explorer to see if it would make any difference. What I found there was the wp-login spun and spun, and then literally five minutes later came up with a CAPTCHA validation, which reads: The server <your domain> at WordPress attack protection CAPTCHA. It then shows a randomly generated username and password that you have to enter. You are then taken to your login page.

I contacted my host, and it turns out they did this to me. It is an “additional security feature”, for all WP sites on their servers. Would have been nice to be alerted… anyway, to get around the speed issue and Chrome issue I found that if you add the following just above the WP stuff in htaccess you can once again access your login pages after entering the CAPTCHA:

ErrorDocument 401 default

Its the same thing you do if you password protect your wp-admin folder. Thanks for your help Handoko, hopefully this will help someone else.

Interesting. Thanks for sharing your experience. I tried to visit your login page, yes, I saw the captcha too.

A good thing to do:
Keep a copy of your .htaccess file (locally), in case of this plugin breaks your site, you can simply copy it back to your website and it may back to normal again.

Since I have registration turned off I’d like to cause any bots that try to register or login to go nowhere. So I have

RewriteCond %{REMOTE_ADDR} !^75\.80\.115\.
RewriteRule ^wp-(admin|login|register)\.php https://example.com/%5BR,L%5D

The RewriteCond should allow 75.80.115.* IP addresses. The RewriteRule should work if they hit any directory as the *.php location.

But it doesn’t work. Anyone see a problem here?

Hi,

Just today I found the plugin and installed it. While installing it, I finished hiding the backend tab. I had to leave for sometime and then I logged out without finishing all other tabs. Now when I was back and tried to log in, the login page wouldn’t work. When I type https://www.domain.com/myslug it rewrites the url which is defined in the .htacess file with the secret code.

I am not being able get to the login page. Please HELP.

Thank you.