This is one of those tricky errors that required a subtle fix. If you’ve got the “Members” plugin on your site, read on. We’ll explain why admin profiles were getting logged out of WordPress for seemingly no reason.
We were using two plugins: Plugin A, a slideshow plugin, and Plugin B, the Members plugin. After a bit of looking, we realized that the Members plugin was breaking the admin screens.
Essentially, the Members plugin, when left unconfigured, will set access to things, including 404 errors, and even your home page. In this instance the plugin was set to “deny” 404 pages and the homepage. Even a site administrator would be denied access to both. That meant that a 404 error generated inside the admin panel would actually log the user out, delete their cookies, and then the UI would direct the user back to the login page.
Here is the breakdown of how we figured this out.
Because Plugin A referenced a non-existent image in a CSS file inside its wp-admin UI, WordPress generated a 404 page. This should be a simple 404, but we were getting completely logged out, and all our cookies were disappearing as well.
The first place to look is plugin A, the slideshow plugin. Even though it was referencing a non-existent image, and 404-ing, the culprit was plugin B, the Members plugin. Members was marking 404s and the Homepage as “deny,” so those 404 errors actually logged out the user.
Anytime we tried to do anything after being near plugin A, our cookies would actually be gone and so the NEXT thing we did in the UI would redirect us back to the login page.
Fix: Configure the plugin to not deny. Even though the slideshow plugin was “wrong,” it wasn’t the main problem.
In reality, anything that is 404-ing on a resource should be fixed. Both plugins needed to be resolved, but the unconfigured Members plugin made the problem a bit more difficult to diagnose.
VERY weird. Beware the unconfigured Members plugin!