⚙️ Fix for Compatibility with “WP Hide & Security Enhancer”
Reason:
WordPress now uses a secure way to load internal files, but the “WP Hide & Security Enhancer” plugin changes default WordPress paths, which causes issues — so this fix is only for users using that plugin.
——–
🧩 Steps to Fix
File to edit:
../wp-content/plugins/js-support-ticket/js-support-ticket.php
In the file, replace each block below exactly as shown:
———————————————————-
Find:
if(strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/plugin.php’;
}
Replace with:
$wp_admin_path = ABSPATH . ‘wp-admin/includes/plugin.php’;
———————————————————-
Find:
if(strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/admin.php’;
}
Replace with:
$wp_admin_path = ABSPATH . ‘wp-admin/includes/admin.php’;
———————————————————-
Find:
if(strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/file.php’;
}
Replace with:
$wp_admin_path = ABSPATH . ‘wp-admin/includes/file.php’;
———————————————————-
Find:
if(strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/class-pclzip.php’;
}
Replace with:
$wp_admin_path = ABSPATH . ‘wp-admin/includes/class-pclzip.php’;
———————————————————-
Find:
if(strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/class-wp-ajax-upgrader-skin.php’;
}
Replace with:
$wp_admin_path = ABSPATH . ‘wp-admin/includes/class-wp-ajax-upgrader-skin.php’;
———————————————————-
Find:
if(strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/class-wp-upgrader.php’;
}
Replace with:
$wp_admin_path = ABSPATH . ‘wp-admin/includes/class-wp-upgrader.php’;
———————————————————-
Find:
if(strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/class-plugin-upgrader.php’;
}
Replace with:
$wp_admin_path = ABSPATH . ‘wp-admin/includes/class-plugin-upgrader.php’;
———————————————————-
Find:
if(strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/translation-install.php’;
}
Replace with:
$wp_admin_path = ABSPATH . ‘wp-admin/includes/translation-install.php’;
———————————————————-
Find:
if(strpos($wp_site_path, “http”) !== false) {
$wp_site_path = ABSPATH . ‘wp-includes/class-phpass.php’;
}
Replace with:
$wp_site_path = ABSPATH . ‘wp-includes/class-phpass.php’;
———————————————————-
Hello, this is not even the same code anymore
It was updated to this format after my post:
if(jssupportticketphplib::JSST_strpos($wp_admin_path, "http") !== false) {
$wp_admin_path = ABSPATH . 'wp-admin/includes/plugin.php';
}
i even switched from WP Hide & Security Enhancer to WP Ghosts since the last topic and the issue is the same
there has to be a permanent fix you can apply as many other plugins work fine with changing the admin path
a user would prefer not to have to edit the code manually each time
Thank you
I’m adding another report related to the use of custom admin and login URLs with plugins such as WP Hide & Security Enhancer and WP Ghost.
When trying to log in from wp-admin and entering a wrong password, JS Help Desk intercepts the wp_login_failed action and redirects the user to the JS Help Desk login page
The related function is located in: “includes/jsst-hooks.php”
add_action('wp_login_failed', 'jssupportticket_login_failed', 10, 2);
function jssupportticket_login_failed($username)
{
$referrer = wp_get_referer();
if ($referrer && !strstr($referrer, 'wp-login') && !strstr($referrer, 'wp-admin')) {
if (isset($_POST['wp-submit'])) {
JSSTmessage::setMessage(esc_html(__('Username / password is incorrect', 'js-support-ticket')), 'error');
wp_redirect(jssupportticket::makeUrl(array('jstmod' => 'jssupportticket', 'jstlay' => 'login', 'jsstpageid' => jssupportticket::getPageid())));
exit;
} else {
return;
}
}
}
The condition:
$referrer && !strstr($referrer, 'wp-login') && !strstr($referrer, 'wp-admin')
only checks for the default WordPress URLs (wp-login and wp-admin).
This does not work when custom login/admin URLs are used, causing backend login failures to be incorrectly treated as frontend logins.
Additionally, in my JS Help Desk settings I am using a custom login and registration URL (WooCommerce pages), not the “JS Help Desk Login Page”.
This redirect does not respect that configuration either and always forces the JS Help Desk login URL.
Please add a more robust check or a configurable option to handle these scenarios correctly when custom login and admin URL plugins are used, instead of relying on hard-coded wp-login and wp-admin string checks..
Hi,
File to edit:
../wp-content/plugins/js-support-ticket/js-support-ticket.php
Find function jssupportticket_load_wp_plugin_file
It look like this
function jssupportticket_load_wp_plugin_file() {
$wp_admin_url = admin_url(‘includes/plugin.php’);
$wp_admin_path = str_replace(site_url(‘/’), ABSPATH, $wp_admin_url);
if(jssupportticketphplib::JSST_strpos($wp_admin_path, “http”) !== false) {
$wp_admin_path = ABSPATH . ‘wp-admin/includes/plugin.php’;
}
require_once($wp_admin_path);
}
Replace whole function with
function jssupportticket_load_wp_plugin_file() {
if ( ! function_exists( ‘get_plugins’ ) ) {
require_once ABSPATH . ‘wp-admin/includes/plugin.php’;
}
}
Please inform the result, it will help us for future updates.
We will update the wp_login_failed hook in the next version.
Hello, replacing the function seems to work! No need to change all the other functions like before.
Hopefully everything else works, and you can apply both fixes in the next updates and won’t need to come back to report it.
I appreciate the support.
