WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[closed] Better WP Security changes .htaccess causing "Internal Server Error" (27 posts)

  1. embgroup
    Member
    Posted 1 year ago #

    [Moderator note: Topic title de-capped. Please do not shout at us.]

    There is no common plugin or obvious attack, causing it to change .htaccess

    But removing a few recent additions in the .htaccess, fixes sites.

    http://wordpress.org/plugins/better-wp-security/

  2. krbender
    Member
    Posted 1 year ago #

    Hi

    Im having the same issue and I just realized it's not just on the back end My sites are all down when this happens.

    have you found a fix?

    thanks

  3. embgroup
    Member
    Posted 1 year ago #

    Yes. It brings whole site/software down.
    htaccess causes "Internal Server Error".

    No-one has replied.
    It's only on a few sites with no obvious connection.
    So removing the plugin.

    Not sure WordPress & plugins can be risked on important sites, any longer.
    Industries support appears to be dropping.

    No captcha plugin being maintained.
    Lots of others being abandoned.
    Hackers constantly attacking it.

  4. supawiz6991
    Member
    Posted 1 year ago #

    Question for you. When just prior to your sites going down did you enable the "Write to WordPress core files" option?

    If so, then the issues should go away after 5 minutes or so (possibly sooner). From time to time when enabling this option on new or existing sites it tries to write a bunch of stuff all at once which temporarily overloads the server.

    You can either wait it out, restart Apache or disable BWP (not recommended).

  5. embgroup
    Member
    Posted 1 year ago #

    Thanks for the help.

    On our side... no
    "Write to WordPress core files" option not changed.

    The problem is sudden and without changes/interaction, our end.
    It appears to be the site reacting to an login/hacking attempt.
    It has not happened since a couple of days ago (on 2 different sites)

    Not using HackRepair.com's blacklist may be a fix.
    But it works on others, fine.

  6. krbender
    Member
    Posted 1 year ago #

    HI

    thanks for the replies It happens on every site which has plugin installed I believe I had just about every option checked off!

    It is sudden and may take 2 min or 2 hours but since it's making all sites go down I had to disable/remove it!

    it's def. the .htaccess files the amount of info written though isn't the issue, as if it were it would have brought the sites down fast and at times it may not happen for days????

    I think I need to switch to a paid version of a security plugin as theses are my affiliate sites and that's not good :(

    Any recommendations would be appreciated!
    It's too bad as the plugin worked real well when I had 4 break in attempts in 2 days a few weeks back and it did a great job!

    thanks!

  7. embgroup
    Member
    Posted 1 year ago #

    It broke more sites today.

    Turning off the 'ban' items, might stop it breaking sites.
    Note: it breaks the site again, when turning them off!
    (changes .htaccess causing a "Internal Server Error")

    But hopefully for the last time

    Shame the plugin maker isn't joining in, but cannot suggest others on their forum.

  8. usevhdl
    Member
    Posted 1 year ago #

    Mine did this once. For some reason extra non-printing characters got into the .htaccess file. The characters in mine were before the first line. They could not be deleted with my editor.

    Instead, I copied the .htaccess file to another name. Created a new .htaccess file. Typed in the first line. Then copied the rest of the lines using cut and paste. Then it worked.

    Not sure why it happened. I may have been better-wp-security on its own, it may have been that I had the .htaccess open in filezilla at the wrong time. If yours ends up being the same, please let the author know as a 1 issue like this may have just been me bumbling around.

  9. krbender
    Member
    Posted 1 year ago #

    HI

    Thanks for the comments None of the above are resolving my situation :(

    Plugin is doing this in all sites I install it on and it brings sites down Only way to fix error is to clean out folders from my host but that is super time consuming and a pain.

    I disabled all for now and unfortunately I have to use a diff. plugin until issue is resolved.

    @ London WP--- I can clear out .htaccess files but it continues to happen over and over again and is too frequent, I could not even write a post.......

    THanks I'll be waiting for a fix even if it takes a long time :)

  10. su1
    Member
    Posted 1 year ago #

    Hi,

    I also get an internal server error and found that the line

    "RewriteCond %{HTTP_USER_AGENT} ^\^Zeus 32297 Webster Pro V2\.9 Win32 [NC,OR]"

    in my .htaccess is causing this. Can you guys see if you have the same problem (try to remove it)? I'll report it to the plugin maker.

  11. Handoko
    Member
    Posted 1 year ago #

    Hi all. As far as I know some features of the plugin may cause 500 internal server error, you may need to disable one or all these below:
    - Menu > Security > Ban Users > Enable Default Banned List
    - Menu > Security > Database Backup > Enable Scheduled Backups
    - Menu > Security > Intrusion Detection > Enable File Change Detection

    Internal server error can happen if your website try to use more memory than allowed by your server. Those features above have been reported using much memory. If memory really is the problem, you may try to ask your web host company to increase the max allowed memory.

  12. krbender
    Member
    Posted 1 year ago #

    Hi,

    @ su1 my error is not win32..........
    but is internal server error 500

    @Handoko I had considered that possibility!!
    I had sched. backups off for sure as I use diff program, default banned list was off on some sites which still went down.....I'm not sure about file change detection but will try that on one site with all 3 disabled and will report back! thanks

    PS...if any other settings you think should be disabled please advise ASAP so I can test!

    thanks!
    Will try soon! :)

  13. krbender
    Member
    Posted 1 year ago #

    Hi,

    ok i made those 3 changes on 1 site, then plugin needed update, got failure page, cleared out .htaccess like 2-3x and cleared cache, worked on site for about an hour and so far so good.....

    if that fixes it id be thrilled :)

    What I think would be a great idea if someone happens to have this saved on wouldn't mind copy/pasting....is a copy or Doc. with ---> what they think are best settings, as to help those of us having multiple errors etc.....I know it would be a TON to paste in here but it would be really helpful to a lot of people I'm sure...and I would do this myself except that my settings are not all set up and I have been having so many issues I'd hate to have someone else's site go down :)

    My 500 errors happen over various time periods so I will check back in next 24 hrs

    Thanks to all of you!
    :)

  14. embgroup
    Member
    Posted 1 year ago #

    Enable Banned Users
    IT IS THE banned users feature
    'Ban Hosts' bit

    AND IF YOU UNCHECK THE BOX, IT IS FINE BUT...
    THE PLUGIN RE-CHECKS (enables) IT!
    breaking the site again!

    EG BELOW

    # BEGIN Better WP Security
    Order Allow,Deny
    Deny from env=DenyAccess
    Allow from all
    SetEnvIF REMOTE_ADDR "^95\.62\.197\.135$" DenyAccess
    SetEnvIF X-FORWARDED-FOR "^95\.62\.197\.135$" DenyAccess
    SetEnvIF X-CLUSTER-CLIENT-IP "^95\.62\.197\.135$" DenyAccess
    # END Better WP Security

  15. krbender
    Member
    Posted 1 year ago #

    See this post from Handoko few days back:
    These 3 things - do them all!!

    Hi all. As far as I know some features of the plugin may cause 500 internal server error, you may need to disable one or all these below:

    - Menu > Security > Ban Users > Enable Default Banned List
    - Menu > Security > Database Backup > Enable Scheduled Backups
    - Menu > Security > Intrusion Detection > Enable File Change Detection

    Internal server error can happen if your website try to use more memory than allowed by your server. Those features above have been reported using much memory. If memory really is the problem, you may try to ask your web host company to increase the max allowed memory.

    :)

  16. krbender
    Member
    Posted 1 year ago #

    Oh if I pasted the code it was writing to my file in here forget it, like a mile long!! :)

  17. embgroup
    Member
    Posted 1 year ago #

    Thank you

    Better WP Security, adds to .htaccess, after each event.
    The last one being the one that broke it.

    All those features are off.
    But the software puts Ban Users, back on.
    Then breaks the site!

  18. embgroup
    Member
    Posted 1 year ago #

    Upgrading to the latest version of 'Better WP Security' breaks some sites (reverting to previous .htaccess fixes them)

    It could be other plugins, as some sites don't break

  19. embgroup
    Member
    Posted 1 year ago #

    Shame, but...
    Turning of '- Menu > Security > Ban Users > Enable Default Banned List'
    Stops site dying

    Along with turning off '- Tweaks > Write to WordPress core files'
    To stop the software turning it on again/writing to the the .htaccess file (recon it adds characters the server doesn't like).

    Effected sites have stayed up

  20. Wlat
    Member
    Posted 11 months ago #

    Same here.... tried to tighten security after I noticed quite some "404 errors" and Bad logins. Turned on the .htaccess security and it totally ruined my .htaccess file. Site menu doesn't work anymore, all subpages can't be reached.

    What's the use of a security plugin if you have to turn off the "banned" list and .htaccess security to get it to work?

  21. embgroup
    Member
    Posted 11 months ago #

    It is a pain.

    Not happening on all sites, but pretty sure it is just breaking sites when a character is added that the server doesn't like.

    As part of blocking a particular threat/event.

    Maybe hackers are purposely getting it to bring down sites, so it becomes useless and .htaccess security is turned off.

  22. mbrsolution
    Member
    Posted 11 months ago #

    Hello all I use this plugin on all my sites and it works superbly however I don't enable all the options for the same reason that some of you are experiencing from the above mentioned.

    There is another plugin that it is receiving great reviews and downloads. You might like to try it AIOWPS. I have been testing this plugin and it is great. You might even want to run both at the same time only enabling different options from both plugins.

    I hope this helps you.

    Kind regards

  23. embgroup
    Member
    Posted 11 months ago #

    Excellent.

    Possibly better to bet on anyway, as this thread has been ignored by Better WP Security.

    Some plugins don't make the maker enough to support them.

    So future bugs may also not be fixed.

  24. Handoko
    Member
    Posted 11 months ago #

    @embgroup:

    Actually this plugin still has future. It's still being improved, you may check its development website here:
    https://github.com/Bit51/Better-WP-Security/issues

    The developer team doesn't abandon it, the author ever mentioned they're now focusing on version 4.0 and paid support is available:
    http://wordpress.org/support/topic/suggestions-and-bwps-40

    @mbrsolution:

    All In One WordPress Security plugin is indeed a good security plugin. It's new compare to BWPS, might contain some bugs. What I like about the plugin is the development team is nice, active monitoring the forum and improving the plugin. I use AIOWPS and BWPS, still not decided yet which is the best.

  25. efernandez
    Member
    Posted 10 months ago #

    Exactly the same issue here, I reported the issue a while back but this was ignored. My htaccess file gets duplicated entires, with bad headings.
    I think the parser for .htaccess is buggy, and unfortunately this problem is highly critical, since a bad htaccess brings a site down.

    Really, I would be happy to purchase support for such a plugin. Hopefully this will be fixed soon.

  26. su1
    Member
    Posted 10 months ago #

    yes a buggy parser could be the problem. I run BWPS on multiple sites (with "write to wordpress core files" enabled) and every week I have sites down for mostly two reasons:

    - the WordPress part between "# BEGIN WordPress" and "# END WordPress"
    has been removed from .htaccess (will cause a 404 error on all posts)
    - the plugin is writing some SetEnvIF X-CLUSTER-CLIENT-IP instructions at some random places in the .htaccess file

    Now I know how to fix those errors but doing it each week and having to monitor my sites at all times is really time consuming, if this is not fixed soon (or if at least we don't receive a response from the developers) I will stop using BWPS for good.

  27. jnorell
    Member
    Posted 10 months ago #

    I've also suspected a parser problem. I made a couple custom/manual entries to a .htaccess file and started hitting this problem after that - I removed the comments (I left the functional pieces) I had added, and haven't seen it since, though it may be too soon to be conclusive (I think 2-3 weeks now without a problem).

    Another suspicion would be simultaneous .htaccess/rewrites causing the problem (lack of proper file locking). But so far the parser is leading my suspicions.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic