[Resolved] Password Protected Post Bug with WPEngine

[Author]

Posts

[klintV]

I received a 502 error when trying to enter a password on a password protected post on a WPEngine site while using your theme. I spoke with their support and they said it was because they have anti-brute force protections in place and code in the theme was trying to bypass this. Their system works by filtering 'site_url', which is how WordPress does it their core code (see here: https://core.trac.wordpress.org/browser/tags/4.9/src/wp-includes/post-template.php#L1625) but your theme doesn't. In the wpbootstrap_password_form function of the parent theme you have the following code (line 266 in functions/bootstrap-wordpress.php):

action="' . get_option( 'siteurl' ) . '/wp-login.php?action=postpass"

I created a function to override this in the child theme and fixed the problem by using the following:

action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '"

Again, this is consistent with the WordPress core code, so my suggestion would be for you to update the parent starter theme to match.

Thanks!

--
Klint

[Noman Supporter Languages: English (English ) Timezone: Asia/Karachi (GMT+05:00)]

Hi Klint,

Thank you for getting in touch with us and for the feedback. We will review your suggestion and update if its really required.

Thank you