Compatibility issue with Rename wp-login.php plugin

Unfortunately it looks like the “Hide Login Area” feature is defective, at least on my site.

Not only did it present 404 errors for /wp-admin and /wp-login.php, it also gave a 404 error for the new URL it set up. The automated e-mail it sent me with the new link also gave a 404 error.

Thankfully I was still logged on one PC and disabled this feature, as I could not see any way of logging in.

The other plug-in I tried earlier (Rename wp-login.php) worked fine with the new URL, but as I mentioned above, caused the issue with the 404 detection.

What’s the problem with “rename wp-login.php”?

As I mentioned above, the 404 Detection does not work in iThemes Security when I use the Rename wp-login.php plugin.

The iThemes Security log had over 1000 pages of 404 errors due to a few brute force attacks over the weekend. If the 404 Detection worked, there should have been no more than 40 errors per attack as I have the 404 Detection configured for a lockout after 40 errors.

Just to update on this, I found the problem today when I went on our website to check something and noticed every page outside of the homepage was showing a 404 error.

It turns out that when I tried enabling the Hide Backend feature, it wiped everything out of the .htaccess file apart from iThemes own code, so the default WordPress rewrite rules and various other rewrite I had were gone. Once I added these back from my last backup, the site worked fine.

I updated iThemes to 4.2.13 (from 4.2.6) and tried enabling the Hide Backend feature again and this time it’s as intended, i.e. wp-admin.php now fails, but the new link works, so probably a bug in the earlier version. Pity I didn’t check the website (besides homepage), as it meant most of the website was offline for the 2 days.