WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] Couldn't log into my website after setting up Better WP Security 3.3 (23 posts)

  1. gfcoach
    Member
    Posted 1 year ago #

    I was recently hacked and a web developer I turn to for assistance at times like these suggested your plugin Better WP Security. I installed it on one site and all seemed well. I began using it on multiple sites and I think I set some of the intrusion stuff too secure because when I tried to log into my websites it just kept taking me to the home page. the /wp-login and /admin links redirected to home. Luckily I am also using Manage WP.com and was able to deactive the plugin.

    I tried to keep a log of the setting changes I made (see below). Can you tell me what setting I should change so I don't have this problem again. I'd really like to reactive the plug in but also need to get in. ;-)

    Added Better WP Security plugin by Bit51.com version 3.3. Modified settings:

    * Require Strong Passwords for Contributors and above

    * Remove EditURI header clicked

    * Under Header Tweaks, selected Remove WordPress Generator Meta Tag and Remove wlwmanifst header

    * Under Dashboard Tweaks selected Hide Theme, Plugin and Core Update Notifications

    * Enabled Away Mode and made the site not accessible daily between 2 am - 7 am

    * Enabled Login Limits (with default settings)

    * Enabled 404 Detection

    * Whitelisted my IP address so I don't get blocked because of accidental 404 Erors

    * Selected Blacklist Repeat Offenders under Intrusion Detection

    * Changed the database table prefix from the default wp_. to XXXXXX_

    * removed generic ADMIN user.

    Thanks!
    Victoria

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Caps
    Blocked
    Posted 1 year ago #

    This is happening to me too, am getting locked out just when setting up the one click secure button. I have removed the Lock out option and it still locks me out.

  3. The redirect to home page is because of time restrictions set in away mode.

    @Caps Have you checked your logs? Your issue sounds like you have a bunch of 404 errors in your site.

  4. Caps
    Blocked
    Posted 1 year ago #

    The redirect to home page is because of time restrictions set in away mode.

    The "set away" mode is off. So I suspect perhaps on a delete, after deactivate, the data base is not being cleaned up. The plugin is probably using previous data. I will check if the plugin is actually leaving behind data after it has been deleted.

    If I set away mode to daily, and set the start time to 10:-00 pm and the stop to 7:00 am. It will still lock you out. The notifications states:

    "A host, 72.175.40.32, has been locked out of the WordPress site at yoursite.com until Sunday, June 24th, 2012 at 3:31:13 pm UTC due to too many login attempts. You may login to the site to manually release the lock if necessary.” Unfortunately, Better WP Security sees successful logins as login attempts. The result is that the admin or user will get kicked even though logins are successful."

  5. Caps
    Blocked
    Posted 1 year ago #

    Please contact me so that this may be resolved. This piugin is a great contribution to WP.

    Regards,

    Caps

  6. snoofox
    Member
    Posted 1 year ago #

    I have the same issue on several installations, had to rename/delete plugin via FTP to be able to login again. Sad, because it seems to be a good plugin. Unfortunately locking myself out of the site doesn't help at all :-(

  7. baljeet
    Member
    Posted 1 year ago #

    I also have the same issue.. yesterday only I installed this plugin and now I am not able to login back to my site as admin..

    http://www.mynextlaptop.com

    could someone please help me.. I tried to rename the plugin using FTP but that also not helping... its urgent for me.. pls advise .

  8. baljeet
    Member
    Posted 1 year ago #

    Guys - I was trying to edit my .htaccess file and finally I removed all the content of .htaccess file and now I am able to login in my admin page.

    .htaccess is a hidden file.. so make sure while logging in your cpanel or FTP server, make sure you click on show all hidden files option.

    regards :-
    http://www.mynextlaptop.com

  9. Caps
    Blocked
    Posted 1 year ago #

    Then you have also deleted the file permission assigned to the various system and core folders. Unfortunately the plugin is just too buggy for commercial use.

  10. calik1d
    Member
    Posted 1 year ago #

    You will need SSL to access log in. I had the same issue when I added Better WP Security. It seems like a good plugin but it messes up a lot of your other plugins. Just like what another poster said, this plugin is tooooo buggy.

    If you don't have SSL don't even bother with this plugin, unless the next upgrade allows for non ssl users.

  11. @calik1d there is no requirement for SSL in the plugin. In fact most sites on which I employ it have all but ssl turned on due ssl not being available.

  12. calik1d
    Member
    Posted 1 year ago #

    @Bit51 your right SSL is not required to use the plugin. But the plugin is still way to buggy to use when trying to implement the security features. If the plugin was written with better code in a newest version it would be helpful. Until then I would stay way from it and go with a plugin that doesn't bring up the 404 pages.

  13. It works for almost 200,000 folks at this point calik1d, unfortunately nothing of this scope will work for 100% of environments as it is just too complicated for the many ways WP can be installed.

  14. gfcoach
    Member
    Posted 1 year ago #

    Got a little sidetracked with other things and now wanting to get back to this plugin issue and use it to secure my site. After reading the posts am I to understand I should turn off the 404 detection?

    Thanks!

  15. @gfcoach I would recommend turning off 404 detection in BWPS and working to make sure the 404 errors it is encountering are fixed. Turning it off will keep my plugin from locking you out but it won't prevent Google and other search engines from seeing them which can severely affect your SEO.

  16. gfcoach
    Member
    Posted 1 year ago #

    Thanks! I activated the plugin on one of my sites without the 404 detection to see how it goes. Thanks for your response!

  17. DJMorrow
    Member
    Posted 1 year ago #

    Same thing happening to me...I think. All was working well yesterday...I was in and out of the site several times. I DO have the away function on...however 12am to 5am...just the wee hours of the eastern am. But upon attempting to login to the site today...all I get is the home page. Can I tweak any of the settings via phpMyAdmin?

  18. Native Imaging
    Member
    Posted 1 year ago #

    I am also locked out of my site after activating SSL for the admin area & logins. I've looked in my tables and don't see any IP's in the BWPS_lockouts table. there isn't a BWPS_d404 table, but I do notice a few lines in the bwps_log table. I've tried resetting the .htaccess & setting the "FORCE_SSL_LOGIN & ADMIN" to false, but still unable to access the Admin or Login page. Just redirected to a 404.html.

    Should I drop the bwps_log tables?

  19. Native Imaging
    Member
    Posted 1 year ago #

    aha. my config file was locked. changed permissions and was able to access the Admin Dashboard. Just need to understand why I was locked out....

  20. yourmate
    Member
    Posted 1 year ago #

    My computer knowledge is very weak. I installed Better WP security to try to protect my website.

    I first of all I admit to setting my security too strong.

    I got locked out with 404 not found coming up when I login into my dashboard using wp-admin login.

    I managed to get into the better wp security dashboard using my HTC smartphone and disabled every setting.

    I was then able to get into my site.

    Today I tried to log in using the wp-admin login and I got the 404 not found again.

    I've still got access to my dashboard using my smartphone. I apparently have no logs and I cleared anyway.

    I am flabbergast I just don't know where I am with this. I'm sorry I don't know how to code and all the technicals are really confusing can you simply tell me what I'm doing wrong. I really need to protect my website, http://www.yourmatechecker.com

  21. jamjarmedia
    Member
    Posted 1 year ago #

  22. plembo
    Member
    Posted 1 year ago #

    I learned a long time ago never to accept the defaults during install of any system management/security software. When installing something like this it's always best to go the most conservative route at first. In the case of Better WP Security that means avoiding "One Click Protection" at all costs, and initially not even giving it permission to change your core WP files. After it is set up you should spend some time studying just what each option does (the documentation is actually quite good) before enabling anything.

  23. gxgl
    Member
    Posted 11 months ago #

    Hi guys!

    I had same problem and I have found this
    define( 'DISALLOW_FILE_EDIT', true );

    define( 'BWPS_AWAY_MODE', true );
    define( 'BWPS_FILECHECK', true );
    at the top of wp-config.php

    After I set
    define( 'BWPS_AWAY_MODE', false );
    I was able to access the admin side.

    Also I have deactivated this function from plugin options.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.