I inherited this website (i.e., I did not build it). In WordPress general settings, I have:
WordPress Address: https://example.com/dev
Site Address: https://example.com
The WordPress directory is indeed in a folder called "dev" which I can see via FTP. As I browse through the public-facing website, I never see "dev" in the URL, however. I have never seen a WordPress host configured this way before.
Anyway, we have several pages that are password-protected using the generic WordPress "visibility: password protected" method. The page template that generates the password input is as follows:
<form action="https://example.com/dev/wp-login.php?action=postpass" class="pass-form post-password-form" method="post">
<p>This content is password protected. To view it please enter your password below:</p>
<p><input type="password" class="pw-enter" name="post_password" id="pwbox-<?php the_ID(); ?>" size="20" /> <input type="submit" class="access-btn" name="Submit" value="Submit" /></p>
</form>
It works with no problem in Firefox. However, in both Safari and Chrome the redirect never happens. The page just seems to reload or sit there after you submit the password, without doing anything.
My suspicion is that it is related to the "dev" in the WordPress address.
In the form, if I change the action to this:
https://example.com/wp-login.php?action=postpass
...I get a "page not found" error when trying to submit the password. So it seems like the browser is getting to wp-login.php correctly, but not redirecting from there back to the originating page? Which is where it needs to go, in order to reload that page with the password authenticated.
If I go into WordPress general settings and remove the "dev" from the URL, the entire site breaks.
Any suggestions on where I should be looking for this issue?