Title: [Plugin: Better WP Security] Hide Backend Function Broken
Last modified: August 20, 2016

---

# [Plugin: Better WP Security] Hide Backend Function Broken

 *  Resolved [wps](https://wordpress.org/support/users/timminstrader/)
 * (@timminstrader)
 * [14 years ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/)
 * Hide backend fuction broken. Actually bypasses the theme login redirect and sends
   the user to wp main login page. The rest of the plugin is working fine.
 * [http://wordpress.org/extend/plugins/better-wp-security/](http://wordpress.org/extend/plugins/better-wp-security/)

Viewing 15 replies - 31 through 45 (of 61 total)

[←](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/2/?output_format=md)
[1](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/?output_format=md)
[2](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/2/?output_format=md)
3 [4](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/4/?output_format=md)
[5](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/5/?output_format=md)
[→](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/4/?output_format=md)

 *  [GRzell](https://wordpress.org/support/users/grzell/)
 * (@grzell)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776145)
 * I figured out the problem. The new version of wordpress does not create a htaccess
   file for thr wp-admin folder. You need to create one manually and deny all aCcess
   to all other ip’s but your own (or ip addresses of admins)
    This fixed the issue
   for me.
 *  [natetronn](https://wordpress.org/support/users/natetronn/)
 * (@natetronn)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776146)
 * [@bit51](https://wordpress.org/support/users/bit51/) I tried using slugs without
   any reference to login, admin or register. No luck with (MT), same issue.
 *  [natetronn](https://wordpress.org/support/users/natetronn/)
 * (@natetronn)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776147)
 * With that said, I will wait for case number 1 😉
 * Thanks again!
 *  [GRzell](https://wordpress.org/support/users/grzell/)
 * (@grzell)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776148)
 * Using different slugs won’t work if uve hidden your admin area with a custum 
   login url. If you would like a copy of the htaccess file I can supply it. Just
   edit with your own info and upload via ftp or file manager
 *  [fchang](https://wordpress.org/support/users/fchang/)
 * (@fchang)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776149)
 * I have the same problem. I use the Suffusion theme. The back-end is hidden in
   that it showed an error ‘redirecting’ the page instead of ‘page not found’.
 * Also, this morning, a hacker somehow went directly to my hidden admin page to
   try to login (not a single 404 error detected). So someone is using/exploiting
   this issue and is trying to get to the backend now, which is how I search the
   net and found this post.
 * Great plugin! Still protected my site many times over….
 *  [Bit51 (part of the iThemes family)](https://wordpress.org/support/users/bit51/)
 * (@bit51)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776152)
 * OK….
 * ….Here’s the issue. WP 3.4 redirects all 404 errors (the error wp-admin/etc should
   throw if moved) to index.php which then sees them as the admin section thereby
   breaking the feature entirely.
 * …What would you all like to see? I could change it to show a 500 error or some
   other error code which would fix the issue but not really hide it as an attacker
   would potentially still think it’s there which would at least help it identify
   the site as a WordPress installation. I could try some core hacks that may cause
   other incompatibilites with other plugins/themes/etc, or I could do something
   else?
 * I’ll take the route recommended by the community I just want to know what you
   all think will serve folks best as it is even possible that many are using this
   feature for usability reasons rather than security reasons (I know at least a
   few folks in that boat).
 *  [natetronn](https://wordpress.org/support/users/natetronn/)
 * (@natetronn)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776153)
 * I’d like to avoid core hacks if at all possible myself. Having to remember to
   set the hacks again after upgrade surely would suck. Plus some of the incompatibilities
   if any.
 * I don’t have any ideas off the top of my head to address “something else” so,
   for now, 500 error gets my vote.
 *  [Bit51 (part of the iThemes family)](https://wordpress.org/support/users/bit51/)
 * (@bit51)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776154)
 * Thanks Nate!
 *  [raceman59](https://wordpress.org/support/users/raceman59/)
 * (@raceman59)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776155)
 * Its a tough call, Core hacks should be avoided at all cost since who knows how
   WP X.X will evolve.
 * Its nice to stick with 404 errors since its a standard metric for landing missed
   pages.
 * I Love the plugins other features and would really like to use the hidden backend
   feature but it is just to sensitive with my Plesk / ngenx enabled host that redirects
   requests in the pursuit of speed but at the peril of login in process alterations.
 * While the Hide Backend Function is being reworked, the dashboard needs a big 
   Red Warning and some guidance on self extraction if it all goes horribly wrong.
 * Race
 *  [Sam](https://wordpress.org/support/users/sdominique/)
 * (@sdominique)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776156)
 * Happened on a cpanel multisite install (not plesk) with only the Hide backend
   section enabled- the site froze up so I removed the htaccess rules.
 * Subscribing to this thread.
 *  [fchang](https://wordpress.org/support/users/fchang/)
 * (@fchang)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776157)
 * Don’t know much about WP 3.4, what would it do if a 400 (bad request) or 403 (
   forbidden) is thrown? If not, I will vote for 500 I guess.
 * btw, I am getting daily attempts on my ‘un-hidden’ admin page now….
 * A side question: I try to use the Away Mode to deter the hacker as it always 
   try to come in around the same time. However, on top of the Away mode page of
   the plug-in, it always show me GMT as the local time. Check my WP setting and
   the local time is set and displayed properly. So the plug-in is not picking up
   the time zone properly under 3.4.1?
 *  [fchang](https://wordpress.org/support/users/fchang/)
 * (@fchang)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776158)
 * Sorry, a correction about the away mode time problem:
 * – UTC is 2am (next day)
    – Local time is 10pm (from WP settings page, which is
   correct) – but plug-in showed me 6pm (same day)? kind of weird.
 * I should probably move this to a new topic.. sorry.
 *  [Bit51 (part of the iThemes family)](https://wordpress.org/support/users/bit51/)
 * (@bit51)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776162)
 * OK Everyone. I’ve put a fix into the development version ([http://downloads.wordpress.org/plugin/better-wp-security.zip](http://downloads.wordpress.org/plugin/better-wp-security.zip))
   that has fixed it on the 9 websites I’ve tried it on so far. Can some of you 
   give it a try on your own installations and let me know what you get?
 * Thanks!
 *  [dukejames27](https://wordpress.org/support/users/dukejames27/)
 * (@dukejames27)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776163)
 * I just tried this “Hide Backend” feature for the first time, and it doesn’t work
   at all. I can still access /wp-admin and /wp-login.php.
 * When I try to use the modified slug of /logins it doesn’t work.
 * The server is using Cpanel if this helps.
 *  [Bit51 (part of the iThemes family)](https://wordpress.org/support/users/bit51/)
 * (@bit51)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/3/#post-2776164)
 * @dukejames there is a problem with 3.3. Can you confirm you are using the dev
   version to try the fix?

Viewing 15 replies - 31 through 45 (of 61 total)

[←](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/2/?output_format=md)
[1](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/?output_format=md)
[2](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/2/?output_format=md)
3 [4](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/4/?output_format=md)
[5](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/5/?output_format=md)
[→](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/4/?output_format=md)

The topic ‘[Plugin: Better WP Security] Hide Backend Function Broken’ is closed 
to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 61 replies
 * 20 participants
 * Last reply from: [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * Last activity: [13 years, 9 months ago](https://wordpress.org/support/topic/plugin-better-wp-security-hide-backend-function-broken/page/5/#post-2776196)
 * Status: resolved