Error with cookies

# BEGIN iThemes Security - Do not modify or remove this line
# iThemes Security Config Details: 2
	# Enable the hide backend feature - Security > Settings > Hide Login Area > Hide Backend
	RewriteRule ^(/)?secret-login/?$ /wp-login.php [QSA,L]

	# Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPC
	<files xmlrpc.php>
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>

	<IfModule mod_rewrite.c>
		RewriteEngine On

		# Reduce Comment Spam - Security > Settings > System Tweaks > Comment Spam
		RewriteCond %{REQUEST_METHOD} POST
		RewriteCond %{REQUEST_URI} /wp-comments-post\.php$
		RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
		RewriteCond %{HTTP_REFERER} !^https?://(([^/]+\.)?232\.192|jetpack\.wordpress\.com/jetpack-comment)(/|$) [NC]
		RewriteRule ^.* - [F]
	</IfModule>
# END iThemes Security - Do not modify or remove this line

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

This is my .htacces file content

Hi! I found a solutions for the same problem. I was migrating my site to new server and in database (wp_options) was bad URL for “siteurl” and “home”.

First disable every plugin (rename the plugin DIR via FTP)

Hope it helps.

I am able to login when I try after disabling the plugin .But cannot login with hide admin url setting on .It shows the cookie error

The issue is likely caused by your Varnish config. The config is likely set to allow and recognize cookies when the URL matches wp-login or wp-admin while dropping cookies elsewhere. The result of this is that changing the login URL causes all cookies for the custom URL to be dropped. Your options are to modify the Varnish config to allow cookies for your custom login page name (in addition to the wp-login and wp-admin URL patterns) or to not use the hide login page feature.

what exactly i have to do . i am not good in server configs and i am the server guy

I can’t give any advice beyond what I’ve given above. I’m not adept at Varnish configs, but I know enough about them to know that the Varnish config is causing this specific incompatibility.

Varnish is very, very tough to configure properly. I have seen big hosting companies get it wrong. I would assume that you probably followed a guide on setting up your server which included Varnish as part of a high-availability WordPress setup. While this can work for simple WordPress setups, such configurations often start having problems when changing things away from a standard WordPress setup.

My recommendation would be to either not use the hide backend feature or remove Varnish from your hosting setup until you learn enough about it to handle such issues.

will some thing like this do to my dafault.vcl

if ( !( req.url ~ ^/secret-login/) ) {
  unset req.http.Cookie;
}

added as follows and it worked

inside

sub vcl_miss {

 if (!(req.url ~ "wp-(login|admin)" || req.url ~ "(secret-login)")) {
    unset req.http.cookie;
}
}

and

sub vcl_backend_response {
if (!(bereq.url ~ "wp-(login|admin)" || bereq.url ~ "(secret-login)")) {
    unset beresp.http.set-cookie;
}
}

Worked !!
Thanks Chris Jeanfor pointing me out the issue ??