Cannot log in – redirects to homepage

I had the same issue today, solved it in 3 min.
What to do:

FTP to your site and rename the following directory (better-wp-security):

/wordpress/wp-content/plugins/better-wp-security
INTO (example)
/wordpress/wp-content/plugins/1better-wp-security

now login to your dashboard: https://www.yoursite.com/wp-admin

Ok, you are logged in now,
change your directory back in the original state:
/wordpress/wp-content/plugins/better-wp-security

In the dashboard click one again menu item ‘dashboard’ and you see: security is back in the menu again.

Under security select Settings, find ‘Hide Login Area’
uncheck: Enable the hide backend feature.

save changes.
fixed ??
and don’t turn this on untill it’s updated ??

I tried @f1kris’ fix, but it still redirected me to my site’s home page. I ended up completely deleting the old Better WP Security plugin, including the data, and doing a fresh install. That was the only thing that worked for me.

I also have this problem
Here was the sequence of events.
SSL on login and admin appeared to stop working at some point during the upgrades
Dashboard said that SSL wasn’t being enforced
unchecked, saved and checked the “force ssl for login and dashboard” option
resaved

all was working with SSL

I then checked the “hide backend” option
then login worked but i received the /”custom url” was not found on this server 404

commenting out define( ‘FORCE_SSL in wp-config.php let me back in
I disabled SSL for login and admin

so now i have a (working) hidden backend but no ssl
.htaccess in my main folder looks ok

any ideas?

mikiegringo, do you actually have SSL certificate installed on your hosting/server that you paid for? Just making sure.

I would highly recommend WordPress HTTPS for https management for your WP, it’s much more comprehensive and better for this.

Viktor’s fix worked for me.

I started with all the deleting and reinstalling the plug-in, but issues would come back.

Then I removed a bunch of stuff from the .htaccess file. This fixed many issues with losing the admin login, but not everything.

Followed Viktors advice and went into the PHPMyAdmin and deleted the tables with itsec in title. Reactivated the plug-in, made a few changes in the settings just to get a good “save” action invoked. Now everything works as expected. Even the “hide backend” feature. I haven’t tried turning back on the “away” feature.

I’ve used other security plug-ins in the past, but I kept coming back to this one. I am going to stick with them as long as possible.

You cant expect upgrades to go seamlessly for gods sake. Especially with a tool like this that has settings saved all over and its main goal is to lock down content and hide the keys. Seems to me most (if not all) of these issues have to do with lingering data from old installs. I agree there should be better communication or documentation from the developer though. But hey its free. Nobody should complain about free.

Yep
i have the correct (but self-signed) certs set up on the server and it was forcing the session into SSL until i enabled the “hide backend” feature which then broke it.

hide backend is now working but i am no longer using ssl

it was more important to me to slow down the automated brute forcing of my site’s admin area than it was to make the traffic enciphered from end to end.

I am not handling super secret data so meh

would be nice to be able to use both so i will check out wordpress https

It solved my away problem. Just followed David’s instruction

This just worked for me which seems a lot simpler and quicker than all the file editing instructions:

? Open up your website database (if your hosting control panel has a ‘phpmyadmin’ option or you have some way of using software to connect to your database)

? Click on your database on the left column to see a list of all the tables

? Click on the table named ‘wp-options’

? In your list of entries for this table find the entry for ‘itsec_hide_backend’ and click edit

? For this entry you’ll see something like:

a:7:{s:7:”enabled”;b:1;s:… blah blah (more text etc)….

Just change the first “enabled” to “default”

Click save (or Go) it will update your database and you’ll be able to log in via your normal wp-admin address.

Backup your database before doing any direct editing as you won’t get any ‘are you sure’ messages.

Hope this helps someone

Oh I should add that if you haven’t used phpmyadmin before then when you get to the instructions for clicking on the table and finding the isec_hide_backend entry, when you initially click on the wp-options table the initial results you see in the right panel are only the first 30 or so entries in the table, so you will need to go forward a few pages to find it if you don’t know how to do searches.

Is everyone sure it’s not your own settings?

I woke up really early one morning and decided to go online. I had the same problem as everyone else where my login page kept redirecting to the home folder.

Then I recalled having set a time in iThemes security which would prevent unwanted individuals from logging into the site. I picked a time that I figured I would “never” or hardly ever login to the system.

So, I waited until after that time and now I’m in.

I would say iThemes is still working pretty good.