Tyler Durden

Thanks @eleopard & @mitjamadbox for temp fix,

have same issue on 4 sites, hope it’s a straightforward fix, love animate it!

thanks @karpac but, as mentioned, that didn’t work for me…

mailpoet support suggested the following which worked a treat:

.widget_wysija_cont .allmsgs li{
color: black !important;
}

hope this helps someone !

Hi,

I’m a premium user and I’m having the same issue but adding ID/class:

#form-wysija-3 .updated{….}

into my child theme/styles.css is not working for me.

is there anything else i could try?

many thanks
Kit

Hi @hansolo98

apologies , should’ve posted conclusion

ithemes security ‘Hide login Area’ does not work on 1&1 UK shared server stack [at this time of posting]
it works on some other server stacks but not 1&1
[don’t know if it works on 1&1 US stacks?]

users are generally not aware of this issue because no-one tests the slug ‘wp-login’ because wordpress doesn’t use it and it shouldnt work on any site.
[wp does use ‘wp-login.php though]

It appears that 1&1 force the slug ‘wp-login’ to take you to the login page even though wordpress does not use that slug [who knows why?]

solution for me was to disable the feature in ithemes security and use another plugin which operates differently called ‘WPS Hide Login’ …it blocks all other urls except your secret one. [ithemes should take note?]

have notified both 1&1 and ithemes security, but no fix yet from either.

thus solving unusually high number of lockouts despite ‘hide login area’ enabled in ithemes security !!

hope this helps

best
k

Hi Remy,
Great plug…thank you!

You say:

I’m not sure how Wordfence handles all this, but if the wp-login.php and wp-admin/ are throwing 404 error when you’re trying to access them, the plugin is working as it should.

Showing a 404 essentially gives a sneak peek of the site and its navigation structure which is usually present on the 404 page.
This defeats the purpose of your plug as people can see behind the curtain…[even if clicking on the nav links go to your login page it still allows users to see a section of the site.]

Like the posters above, and many others, I use a custom wp login url

Is there any way to stop users seeing the 404 page when they try to access wp-admin and standard wp-login?

i.e. every url goes to your login page forcing every user to enter your password to get to the wp login page.

many thanks

Hi,

love the plugin but would love to know the answer to this too!

many thanks

Kit

yes the two others are on the same stack…

i have a few other WP sites on other server stacks and have just checked and indeed you are right wp-login slug does not work…can’t believe i never noticed that before!

i have just copied one of the sites in question on to another server and voila…it works as expected

so it would appear to be something in the 1&1 business stack

if i find out anything further i will post the solution

many thanks for your help dwinden!

@dwinden
many thanks for your help on this..

firstly apologies… my error… wp-admin.php does indeed show a ‘not found’
all else is as above

[working late last night! – retested this all again this morning after your post]

you’d mentioned earlier, ‘If the wp-login slug is still working after disabling the Hide Backend feature obviously it is not an iTSec plugin issue.’

can i ask why this is?

this is the entry in the database for: wp_options/option_name/itsec_hide_backend

a:7:{s:7:"enabled";b:1;s:4:"slug";s:9:"secretslug-login";s:17:"theme_compat_slug";s:9:"not_found";s:16:"post_logout_slug";s:0:"";s:12:"theme_compat";b:0;s:12:"show-tooltip";b:0;s:8:"register";s:15:"wp-register.php";}

anyone know if this looks correct?

Sorry for the delay…

I deactivated all plugins [inc. itsec] and activated a default theme [2015].

Checked the .htaccess file and all itsec bits were removed…just WP default version of .htaccess remained

Tried: wp-admin, wp-admin.php, wp-login.php, wp-login, login, admin and all took me to login page as expected.
Tried secret slug and it failed as expected.

I then enabled itsec on the naked WP [no plugs, default theme] and the issue still exists …

i.e wp-admin, wp-admin.php, wp-login.php, login, admin = not found…great!
secret slug gives login page….great!
but frustratingly ‘wp-login’ ALSO gives login page…

.htaccess appears to be writing and performing correctly otherwise..

Could it be something residual in my database that has ring fenced the slug ‘wp-login’?

What server misconfiguration could cause this?

Most grateful for any ideas or thoughts..

cheers

@dwinden

the itsec plug has been running about 10 months on the site

the wp-login slug still works after hide backend is disabled

i reset permalinks to default and then back again but the issue still exists

i used plug regenerate permalinks but issue still exists ie wp-login is still available

if not an itsec issue, do you think its a plugin conflict or a server issue perhaps?

i have two other sites that were originally based on a clone of this one and they both show the same issue

Hi dwinden
many thanks for your help on this..

when using wp-login the url doesn’t get redirected or changed, it stays as:
https://www.sitename.com/wp-login

.htaccess has the following:

# BEGIN Hide Backend
			# Rules to hide the dashboard
			RewriteRule ^(/)?new-login/?$ /wp-login.php [QSA,L]

	# END Hide Backend

should there be anything else?

Kit

new topic here:

thanks dwinden,
ok, i’ll start my own topic….thought it might have been related as i became aware of it because of large number of lockouts

btw secret login slug is working
using both chrome and firefox shows the issue
no didnt change the slug to wp-login

I have a similar problem….I have backend hidden in settings so wp-admin is ‘not found’ but if i type wp-login i get to the login page despite having changed the slug

is there a setting i’m missing?

thanks
Kit