WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] default admin login page? (21 posts)

  1. Majklas
    Member
    Posted 1 year ago #

    I've just installed this plugin. Hit create backup (luckily had from wp-backup plugin) and nothing happened-no email at admin email, just new buttons with "secure from basic attacks". I changed strong password authentication to editor from admin and then I hit save button. Strange things then heppened, I was logged out, red baloon in wp login aread was empty and wp-admin nor wp-login.php no longer worked.. Any ideas?

    http://wordpress.org/extend/plugins/better-wp-security/

  2. gh0stshell
    Member
    Posted 1 year ago #

    try admin, but if you can get to the login page the hide backend feature is not turned on.

    the blank red error window will occur if you are using SSL on your login page

    you may have to FTP in and delete or rename the plugin folder

  3. Majklas
    Member
    Posted 1 year ago #

    thank's for a reply.. BUT:
    - /admin is not working.. Says not found as default no post found page.
    - renaming plugin folder -> The page isn't redirecting properly
    and I'm still stuck :(

  4. gh0stshell
    Member
    Posted 1 year ago #

    delete the BWS plugin folder then try

    you may also have to check your .htaccess but thats rare and most can rename or remove the plugin folder

    you dont rename the plugin folder itself, just the plugin you are having issues with

  5. Handoko
    Member
    Posted 1 year ago #

    Have you try the new login slug? Usually it will be:
    http://www.yourwebsitedomain.com/login

    Add "/login" at the end of your website address. This this how this plugin works, you should read all the instructions before you click the "Save Settings" button.

    @gh0stshell
    Sorry to interrupt. Renaming or deleting the plugin folder is not the good thing to do for this case. It might make thing worse.

  6. Majklas
    Member
    Posted 1 year ago #

    1. I've renamed that folder to _plugin-name <- no luck
    2. http://judesiukas.nereal.us/login doenst' work, says redirect cycle is found
    3. htaccess are clean..
    4. I've restored my db from backup keeping old in other database, still no luck

    any other options? damn, ran from attackers, and lost myself into abyss

  7. Handoko
    Member
    Posted 1 year ago #

    You should renamed back the plugin to what is should be. You should not clean the .htaccess, do you still have the copy of it which have been altered by Better WP Security? If no, things will be different.

    You restored the backup, it means now the database is not matching with your files (.htaccess, plugin files, etc) so everything become complicated. Why? Because what you should restore are database and files. I don't know why this plugin only suggest users to backup database.

    You issue was very simple, by default (if you press the "secure from basic attacks") it will change your login url to .../login. But now things become very difficult.

    - Do you have a complete backup? Both files and database? You may restored your website but what you need are the complete backup.

    - Do you have a copy of the .htaccess file which just altered by the plugin (after installation)?

  8. Handoko
    Member
    Posted 1 year ago #

    (no response?)

    In many cases this may help you get access back to your website backend:
    http://wordpress.org/support/topic/after-log-in-screen-goes-blank

    Good luck.

  9. Majklas
    Member
    Posted 1 year ago #

    1. I've renamed it back.
    2. I told htacess is clean, just ordinary wordpress htacces without any modifications. So plugin did not alter it.
    3. no i have just my db, no files..

    defining old db login config and will let you know how it goes

  10. Majklas
    Member
    Posted 1 year ago #

    Still I get "The page isn't redirecting properly"

    maybe i could sent serialized options from db? bit51_bwps and bit51_bwps_data ?

  11. Majklas
    Member
    Posted 1 year ago #

    well..
    It renamed my wp-login file, so it was not discoverable. As timestamp of the file hasn't changed, I did not looked over there.

    uff.. "better security my a55"

  12. Majklas
    Member
    Posted 1 year ago #

    @Handoko, thank You for Your time and willingness to help me! Good luck mate!

  13. Handoko
    Member
    Posted 1 year ago #

    Have you solve the login issue?

  14. Majklas
    Member
    Posted 1 year ago #

    Yes i did. my wp-login.php was renamed to something else, so I've renamed it back and everything worked like a charm..

  15. Handoko
    Member
    Posted 1 year ago #

    Never heard anybody said this plugin will rename wp-login.php. And the author of this plugin did mention the things changed by this plugin are (only):
    - .htaccess file
    - wp-config.php
    - wp-content folder
    - database
    source: http://bit51.com/what-is-changed-by-better-wp-security

    I know you have nightmare with this plugin but if you can make it works you'll definitely love it, this really is a great security plugin.

  16. Majklas
    Member
    Posted 1 year ago #

    it reanamed it wp-login.1.php and i'm familiar with wp, so i thought this is odd :)
    Yeah, just configured it to work perfectly :)

  17. esmi
    Forum Moderator
    Posted 1 year ago #

    I doubt that this was the plugin., More likely it was your hosts that changed the file's name after the recent worldwide brute force attacks.

  18. Majklas
    Member
    Posted 1 year ago #

    esmi, You're right, maybe it was my admin. He won't leave unpunished :)

  19. Handoko
    Member
    Posted 1 year ago #

    Interesting. I've been monitoring this forum more than a year. You perhaps are the first one that have such case. I agree with what esmi said. I'm sorry to hear such misfortune happened on you.

    Anyway, glad to know you can sleep sound tonight.

  20. esmi
    Forum Moderator
    Posted 1 year ago #

    I've seen quite a few hosts doing this and, frankly, I think it's a rather clumsy attempt to circumvent brute force attack issues. My guess is that the attackers will simply try common variants of wp-login.php. You'd better off renaming the file back & looking at Brute Force Attacks which contains a number of better solutions.

  21. Handoko
    Member
    Posted 1 year ago #

    Renaming the file for avoiding brute force attack is okay for me personally, but what I think not okay is why don't they inform their clients about the renaming. Bad, very bad.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.