If I browse to my wordpress wp-admin directory, I recall that I used to get redirected to the login page if I was not already logged in. Now I get the standard wordpress page not found error. I'm not aware of changing any configuration that would alter this behavior. Are there things that could have been done to stop the auto redirection from occurring? Or something I need to re-enable or reverse to get that behaviour back?
Yes, generally it is a practice used for security reasons, because you see if I know that you are using Wordpress then I can easily guess all your URLs, login URL, Admin URL, Register URL, etc...
There are some plugins that would do that for you, IThemes is an example.
Themes Security hides common WordPress security vulnerabilities,
preventing attackers from learning too much about your site and away
from sensitive areas like your site’s login, admin, etc.
Changes the URLs for WordPress dashboard areas including login, admin
and more
So the short answer is, yes you can configure it one way or another.
To Undo it, configure it again
Related
Someone is changing my wordpress site URL to their ad spam URL. I changed it from php my admin and it was fixed, the hacker inserted a java script to every wordpress post and pages to redirect all posts and pages to their ad page, I deleted all of them. Then I installed wordfence security plugin, scanned the entire website, found some malicious codes and deleted everything. Then I changed my cpanel and wordpress password. I am using my own VPS so I also changed my root password, but still just after 12-24 hours, I can see that the wordpress site URL has been changed. I fix it and again it becomes changed.
I have mentioned what I have done, what else I can do to prevent this? Please any suggestion will be appreciated...
Your website has most probably been exploited, and the exploit is still active, as a backdoor for that Hacker..
I would check the access logs for your web requests, and especially POST requests!
which might show where is the hacker logging in via.. some Theme or Plugin that was exploited most probably.
If your web host does daily backups, it might even be worth reverting back to previous days to remove any changes... -- remember if you revert back any posts/changes from that day onwards will disappear.
I recently moved my site built in Word Press to another hosting provider and I found the shortcode [woocommerce_my_account] is not working anymore.
Previously, I had a page called account login where I had the shortcode [woocommerce_my_account]. In the settings I set the landing page to be the same page (account login). so, after an user logged in, it was redirected to the same page showing his/her details.
However, in the new hosting provider this is no longer working. After I put the login information and attempt to login it is taking me to wp-login.php page and ask me to enter my login details again.
The URL path that I see in the browser after attempting to login is similar to this <site_name_url>/wp-login.php?redirect_to=http://<site_name_url>/account-login/
Anybody has got to the bottom of this issue? Thank you.
Try adding this to your wp-config.php:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Make sure you change http://example.com with your own domaine. You can also try to search and replace your domaine in the database if it has changed.
You can also try to clear browser cache and cookies. I had an issue like this before, launched a private navigation and it was working fine.
Try setting define(‘WP_DEBUG’, true);, you may see something going on.
Sometimes, php version makes a difference, try to set the same php version on you new host (google the name of your hosting provider + change php version).
When you move sites/restore databases you often need to save the permalinks again.
go to /wp-admin/options-permalink.php and click "save". This will setup your .htaccess file with the correct information for redirects.
Finally, after all of these days searching and trying different things, the answer for this issue in my case was not related with the Word Press installation itself but, with some software installed on the server called varnish, apparently used to cache the site and improve its performance.
After having a support chat with the hosting provider, they mentioned that varnish is breaking the woocommerce plugin.
At this point, I am not sure if varnish is not compatible with woocommerce or the settings applied on the server using this software make woocommerce not to work properly.
I have a WordPress installation in a subdomain (http://base.example.com), but I want users to access the front-end from (http://www.example.com). The subdomain is a subfolder within the root of the site. I have copied index.php and .htaccess to the root of my site and changed the path in index.php to point to my subdomain. The website works fine, both the front-end and back-end, but when I login and go to the front-end, I cannot see the admin bar, and it appears as if I am logged out. When I go to wp-admin, I see the admin bar, and I can preform all administration functions as needed. How do I fix this problem so I can see the admin bar on the front-end?
EDIT 2:
You should be able to resolve your issues using the plugin root Cookie. It hasn't been updated in 2 years, but it will fix the problem that you're having. You need the login/authentication cookie to be accessible across subdomains. Follow these directions:
Install and activate the plugin.
Enable subdomain support in plugin settings.
Logout of the WordPress admin.
Login again and check if it works.
The reason that this issue occurs is because when WordPress sets the cookie that says you're logged in, it sets it for the administration domain. That means, when you visit from the non-administration domain, the cookie isn't allowed to be used for authentication due to browser security. This plugin changes the URL for the cookie to allow for use across subdomains, which allows for you to see the admin bar on the front-end.
I am not an expert for mod_rewrite, so I need a big time help. Here is the scenario:
Domain Name: www.example.com
Points To: /www/public_html/
I have a wordpress installation at:
/www/public_html/subfolder/
Now I have two htaccess files, lets call them .h1 and .h2 . I have managed upto now to do this:
When user types www.example.com they are taken to the wordpress homepage in the subdirectory (sweet). In fact everything is hunky-dory besides:
MAIN PROBLEM:
I want to create a custom login URL, say : www.example.com/mylogin
I am able to do the following by setting the following in my .h2
RewriteRule ^mylogin$ wp-login.php
But when I use this URL, it taken me to the login screen but the url in the browser changes to http://example.com/subfolder/wp-login.php
I want the URL that is displayed when the login screen is presented to stay the same as before i.e. http://example.com/mylogin
More precisely, no subfolder name and no wp-login should be displayed. How do I achieve this? Any help would be appreciated.
Your solution doesn’t hide the default login url. It only adds an easier to remember url which redirects to the default url /wp-login.
Without the need for coding you can easily install the plugin Custom Login and Admin URL’s that fixes this weakness.
Caution: This plugin have been tested on a new installation of WordPress and it worked fine. However, most free plugins are unsupported which means they sometimes conflict with other plugins depending on what you have installed. If you have any issues, login to cPanel or FTP and delete the plugin or contact your web hosting provider.
Another Security plugin for WordPress which you may want to take a look at is named Better WP Security. This WordPress plugin offers security settings for WordPress login, registration and admin pages as well as many other anti hacking features to protect your site.
I would like to know how to share a session between my website non-wordpress and my wordpress blog on the same domain www.mysite.com, so that when a user is logged in to my site he's also logged in to the blog
I installed wordpress as subdirectory on my site, url for my site is www.mysite.com and I access wordpress like this www.mysite.com/wordpressBlog
On my user_login.php in my main site I activated
session_start();
to activate cookies and on my wordpress wp_unregister_GLOBALS() I added
$no_unset = array( '_SESSION', ...
But nothing happen, when I login to my main site I still have to login to the blog
as a matter of fact my site and wordpress blog are on the same domain. I installed wordpress as subdirectory on my site url for my site is www.mysite.com and I access wordpress like this www.mysite.com/wordpressBlog On my user_login.php in my main site I activated
session_start();
to activate cookies and on my wordpress wp_unregister_GLOBALS() I added $no_unset = array( '_SESSION', ...
But nothing happen, when I login to my main site I still have to login to the blog
In order to be able to share a session cookie between both sites, they will have to run under the same domain name (e.g. mysite.com). The following would be a valid configuration if the session cookie has a scope of mysite.com
www.mysite.com
blog.mysite.com
PS. I don't recommend using Cross Scripting hacks to get around this domain scoping issue. It's limited to a domain for security reasons.
[Edit]
I should also point out that it is entirely valid to have your two sub-domains (sites) hosted on different servers
[Edit]
It is difficult to provide a succinct answer to your question because you are using a non-WP site. My best suggestion for you is to post on the WordPress StackExchange where you may get someone who has done this configuration before.
I believe your issues are centred around the scope of your Cookie from WP. Editing your wp-config.php and setting the COOKIE_DOMAIN to use "" may help with your issue as referred to by this WordPress StackExchange post.
Some posts speak of removing this settign entirely. In any case you need a way to debug your HTTP sessions to see what cookies are being sent using which scope, that is why I recommended FireBug. In any case you're still going to have to re-code your non-WP site to recognise the WP cookies so understanding what's going on is important.
I did come across this other post regarding Multisite Domain Mapping that may help with your knowledge, but this is involved WP sites only so not exactly what you need.