New to the community? Start here

[Defender Pro] Login area masking lockouts when the url contains invalid values

When using “Mask Login Area” and the masked url is in the form of “something/wp-admin”, the login page under that url will not allow to log in. It will redirect to the same login form without any error message.

Tue, 28 Jan 2020 6:08:04
More Defender Pro discussions
Defender Pro
  • Adam Czajczyk
    • Support Gorilla

    Hi Audra @Zindo

    I hope you’re well today!

    I have tried to set a login masking in form of “something/wp-admin” on my test site but it worked perfectly fine there and I wasn’t able to replicate the issue.

    I noticed that you have currently set masked URL in a different way and I understand it’s to avoid the issue but I’d like to do some more testing on your site to determine whether it’s indeed a bug in the plugin or its something directly related to this specific setup.

    However, using only support access I might get cut off and I won’t also be able to fix/restore masked URL to a working one in case anything goes wrong so I would need a direct access to the site. Would you please provide me with access credentials?

    Note: Don’t post your login details in this ticket.
    Instead, you can send me your details using our contact form https://wpmudev.com/contact/#i-have-a-different-question and the template below:

    Subject: “Attn: Adam Czajczyk
    – Site login URL
    – WordPress admin username
    – WordPress admin password
    – FTP credentials (host/username/password)
    – cPanel credentials (host/username/password)
    – Folder path to site in question
    – Link back to this thread for reference
    – Any other relevant urls/info

    Best regards,
    Adam

    I see that you currently have a different masked login set to avoid the issue.

  • Sanowar Prince
    • FLS

    Hi Audra @Zindo,

    Thanks for providing us the login credentials.

    I checked the issue on your site and on my test site and I was able to replicate the issue on both sites while using that specific login URL pattern/structure you provided us. After doing some investigation on my test site, I found that the issue was happening only if the New Login URL contains wp-admin word at the very last.

    For example, if the new login URL is set like this https://domain.com/some-url/wp-admin, then the login doesn’t work and the login page reloads without showing any error which makes it impossible to access wp-admin. However, if the new login URL is set like this https://domain.com/some-url/wp-admin/some-other-url, then it works as expected. I have also tested some other URL combination/pattern/structure and if wp-admin word is set at the very end of the URL, then it doesn’t work as expected.

    I am not sure exactly why it’s working this way. I have forwarded this issue to our developers, so they could investigate further on this. Please note, developer’s response might be slower than usual staff response, so we appreciate your patience on this.

    Best regards,
    Sanowar