There are a couple of known Windows\localhost specific bugs.
Is there any error on screen or in the web server error_log ?
(Make sure to set WP_DEBUG to true in the wp-config.php file).
Are you perhaps using the Away Mode feature on localhost ?
(Doesn’t make any sense but who knows …)
Have you tested this in the latest release 4.9.0 ?
The Hide Backend feature adds a rewrite rule to the .htaccess file but it also activates iTSec plugin Hide Backend specific php code.
The functions executed are in the class-itsec-hide-backend.php file.
Please note that there have been no code changes whatsoever in the Hide Backend code for the 4.8 or 4.9.0 release …
4.6.13 Hide Backend code is identical to 4.8 and 4.9.0 Hide Backend code.
dwinden
Hi there dwinden,
Thanks for your extensive reply. Let me answer your points specifically:
- I’m not on Windows – running MAMP on OSX. Are there any known errors on Mac?
- I do get the following error in apache_error_log, but this only happens just after the actual issue of being logged out:
[Mon Aug 24 10:36:09 2015] [error] [client ::1] script '/Applications/MAMP/htdocs/index.php' not found or unable to stat, referer: http://localhost:8888/wp_sy/MY_SECRET_ADMIN_URL?interim-login=1
- there are no other errors in either apache/php_error_logs
- Yes, I got WP-DEBUG on
- I’m not using Away Mode at all
- I’m actually already testing/running 4.9.0, but I remember not having the issue until previous version 4.7 or 4.8
- I will look at the file class-itsec-hide-backend.php later, hopefully I can check some stuff, thanks for that
- Hide Backend code 4.6.13: thanks for checking this, superweird. I will try to roll back to this version and 4.7 and double-check if the issue is indeed gone.
One more thing: I also unchecked literally EVERY other option in iThemes Security, but this issue only occurs when I have Hide Backend on. And it’s suboptions don’t make any difference either.
best,
Hey again,
After extensively testing both 4.6.13 and 4.7, I can confirm the issue is indeed also occuring in these version – so my initial thought that this was related to a plugin update is not correct. Apologies.
Looking back in my own logs I do notice there have been 2 minor wordpress updates in that same timeframe as well. I’m still on 4.2.4, do you think this could be the culprit?
Please let me know if you have any ideas: it’s so weird this only happens locally! I even pulled back the version from my live server, w/o any result.
best,
The problem with any WordPress env is that often multiple components change. So that makes it difficult to identify\pinpoint the cause of an issue.
I’ve been looking around just out of curiosity …
It seems there is a regular check being performed which determins whether your session has expired and if so an inline login form which is javascript based will be displayed.
It is possible to switch the check off in your active theme functions.php file:
remove_action( ‘admin_enqueue_scripts’, ‘wp_auth_check_load’ );
Not sure whether this affects both frontend and backend.
Anyway from this point on follow the breadcrumbs and you may be able to pinpoint the exact cause.
Definately interested in anything you come up with …
dwinden
Hey dwinden, thanks again for your response. You’re totally right, it’s very hard to pinpoint the cause of this issue.
I tried your code but unfortunately this does not change anything on the issue: I get the login screen every time I try to do something new, so this always involve a click in the WordPress admin interface. (I guess you understood my initial message as if it was also happening WHILE doing something – it does not).
However, this doesn’t make much of a difference, because the moment I click a button or menu option, it’s already too late: in the background the session expired or something alike, so an action like pressing “Preview” or “Publish” never makes it through.
For now I give up and will just disable this whole setting for my site and protect the area with htaccess. It’s becoming more effort to try and find the cause than the trouble it actually solves. Obviously, I will keep testing it whenever I install a new release of WordPress or the plugin and report back here when anything changes.
