Fixing Broken BuddyBoss Email Links When Using WPS Hide Login

Many WordPress administrators use the WPS Hide Login plugin to enhance their site's security by changing the default login URL. However, some users running the BuddyBoss platform or BuddyPress have reported a specific conflict: confirmation links in emails for data export requests appear broken or fail to work entirely.

The Core Problem

This issue arises because of how different plugins generate and process URLs. The core WordPress feature for handling user data export and erasure requests creates confirmation links that point directly to the standard wp-login.php file.

When WPS Hide Login is active, it intercepts requests to wp-login.php and redirects them to your custom login slug. In some cases, this redirection process can break the specific parameters (action=confirmaction&request_id=XXX&confirm_key=XXX) needed to validate the data request. The user either sees a broken link, no link at all, or is redirected to a login page without the action being confirmed.

How to Resolve the WPS Hide Login and BuddyBoss Conflict

Based on community reports and discussions, here are the most effective solutions to try.

Solution 1: The Most Common Fix

The most straightforward workaround is to add a snippet to your theme's functions.php file or a custom functionality plugin. This code explicitly allows the specific confirmation action to bypass the login URL redirect.

/**
 * Fix for WPS Hide Login breaking data export confirmation links
 */
add_filter( 'wps_hide_login_allow_redirect', function( $allow_redirect, $path ) {
    // Check if the request is for the data confirmation action
    if ( strpos( $path, 'action=confirmaction' ) !== false ) {
        return false; // Do NOT redirect this request
    }
    return $allow_redirect;
}, 10, 2 );

What this does: This filter tells WPS Hide Login to not redirect any URL that contains the string action=confirmaction. This allows the link in the email to load the standard wp-login.php file directly and process the confirmation, resolving the issue while keeping your custom login URL secure for all other purposes.

Important: Always use a child theme or a code snippets plugin to add custom PHP to your site. This prevents your changes from being lost during theme updates.

Solution 2: Check for a Plugin Update

While not directly mentioned in the provided threads, it is always a best practice to ensure all your plugins are up to date. The WPS Hide Login team or the BuddyBoss team may have released an update that addresses this compatibility issue. Check your updates page in WordPress and apply any available updates for both plugins.

Solution 3: Temporary Deactivation for Troubleshooting

If you need to confirm that WPS Hide Login is the source of the problem, temporarily deactivate the plugin and request a new data export email. If the link works with the plugin off but breaks when it's reactivated, you have confirmed the conflict. You can then use Solution 1 to fix it permanently without leaving the plugin deactivated.

Conclusion

This conflict is a classic example of a plugin compatibility issue, not necessarily a "bug" in one single plugin. The WPS Hide Login plugin performs its intended function correctly, but its security measure interferes with a less common WordPress core function. Using the provided code snippet is the recommended way to create an exception for data export links, allowing both plugins to function together seamlessly.