step 1: de-activate iThemes security plugin
As you cannot login to the wp-admin console, you will need ssh or ftp access to achieve this. Rename the plugin folder (on earlier installations, this folder is called ‘better-wp-security’)
$ cd /www/wp-content/plugins $ mv better-wp-security better-wp-security-disabled
(or: do a rename using your ftp client)
step 2: access wp-admin
You can now access wp-admin again. Login, and keep yourself logged in. (leave browser open on wp-admin console)
step 3: re-activate iThemes security plugin
- Rename the plugin folder back to its original name
- Using wp-admin, activate the plugin again (as it was renamed, is was automatically de-activated in step 2)
- note that your previous setting is kept, so from now, accessing https://www.example.com/wp-admin directly is disabled again. But as you have your session open (from step 2), you can modify settings
step 4: set a known login slug
In wp admin, go to:
security > advanced (selector at the top) > Hide Backend > configure settings (button)
You can review and change your login slug.