WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
How to disable File Change with Better Security Configuration file? (15 posts)

  1. cheater1
    Member
    Posted 1 year ago #

    Which settings disables File Change in better-wp-security.php? I enable file change something and now I can't load my website.

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Handoko
    Member
    Posted 1 year ago #

    Did you get a white blank screen with a text: "error" showing on the corner?

    If yes, I think your IP have been blocked. Many reasons may cause an IP being blocked. Normally, you will be able to load or login to your website after a period of time.

    This information maybe useful:
    http://wordpress.org/support/topic/after-log-in-screen-goes-blank

  3. cheater1
    Member
    Posted 1 year ago #

    No. I don't get a white blank screen with a text: "error" showing on the corner. It takes me a long time to load a page and I get the following error:

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

  4. Handoko
    Member
    Posted 1 year ago #

    Internal Server Error (500) may happen if your website using more memory than available. Most shared hostings have memory limit that set to low, which is only enough for small blogging sites.

    Some features in this plugin require much memory, you may consider to turn it off. I personally experienced high CPU load and increase of memory usage if I enable these features:

    - File Change Detection (menu > Security > Intrution Detection)
    - Enable Scheduled Backups (menu > Security > Database Backup)

    If you want to hear more about my recommendations, read here:
    http://wordpress.org/support/topic/it-seems-very-risky-to-use-this-plugin

    You may also disable some other plugins if you want to free more memory.

  5. cheater1
    Member
    Posted 1 year ago #

    I can't access the plugin though wordpress because if I enable it I'm locked out. Is there away to set

    - File Change Detection (menu > Security > Intrution Detection)
    - Enable Scheduled Backups (menu > Security > Database Backup)

    through cpanel or configuration files?

  6. mbrsolution
    Member
    Posted 1 year ago #

    Hi @cheater1 have you tried to disable the plugin?

  7. Handoko
    Member
    Posted 1 year ago #

    @cheater1:
    You said if you enable the plugin, you'll be locked out.

    I think you need to do a clean re-installation of the plugin. Here are some information you may need:

    - Repair your .htaccess file, please follow this:
    http://wordpress.org/support/topic/plugin-better-wp-security-i-could-not-login-to-my-website-after-activating-hide-my-backend

    - Remove the some data the plugin put in your database.
    To do it you need to have some knowledge about SQL, or ask your friend to help you. This plugin store its configuration in table: wp_options. There are 3 records are related with it. You can use this SQL command to search the record:

    SELECT *
    FROM 'wp_options'
    WHERE option_name LIKE '%bwps%'

    The result may show you the records with option_name:
    1. bit51_bwps_data
    2. bit51_bwps
    3. bwps_file_log
    Delete them manually.

    - Additional information you may need:
    http://bit51.com/what-is-changed-by-better-wp-security/

    Remember thing may get worse, it is good to backup before you do it.

    Good luck!

  8. cheater1
    Member
    Posted 1 year ago #

    Thank You I will try this and post any results.

  9. cheater1
    Member
    Posted 1 year ago #

    Ok all is working now. Did a clean install and got better wp security to work again.

    Thank You so much for the help.

  10. ochado
    Member
    Posted 11 months ago #

    I had this same problem, mostly likely because my shared hosting doesn't give me enough RAM for it to work. (The plugin really should warn us about this! Anyway, that's my only complaint against this otherwise awesome plugin.)

    Based on Handoko's comments above, I did the following focused change to get back into my site. Before I begin, I note that I use Online Backup for WordPress to make daily backups, so I had a safe fallback in case this hack didn't work. I tried this just so that I could avoid reinstalling my entire site, and it happened to work for me:

    1. I went to phpMyAdmin in my web host to enter into the WordPress database.
    2. I located the xxxxx_options table. (Handoko said "wp_options", but if you changed the database prefix like Better WordPress Security recommends, it will start with something other than "wp_".)
    3. In the xxxxx_options table, I located the row that with option_name=bit51_bwps (not to be confused with bit51_bwps_data). I clicked the edit (pencil) icon.
    4. In the lengthy text box for option_value, I identified this portion: <strong>s:14:"id_fileenabled";i:1;</strong>. I guess that this means something like "string of length 14 characters with value id_fileenabled, whose value is an integer with value 1". This is just a guess based on the structure of option_value. I'm guessing that this is the option (1 for true) that enables the file write tracking that knocked my site out.
    5. I changed i:1 to i:0, so that the substring then became <strong>s:14:"id_fileenabled";i:0;</strong>. Please note that the only change I made to option_value was to change that single 1 to a 0; I left everything else intact.
    6. I then saved my change ("Execute" button, with the "Save" option selected).

    Boom! I typed in my site URL and my site was up again and I could login with no problem. However, all the Better WordPress Security settings were completely reinitialized, and I had to completely reconfigure it. (Only exceptions were fundamental changes I had made from the beginning, like changing the database prefix and content folder directory name--these major site changes remained intact.)

    I hope this works for some other people as well.

  11. Handoko
    Member
    Posted 11 months ago #

    Interesting. Thanks for sharing your experience.

    I'm still guessing what the id_fileenabled really for. Why changing its value can cause complete reinitialization of settings? Anyway, it is glad to hear you now have fixed your issue.

  12. inspiringmums
    Member
    Posted 9 months ago #

    Hi Handoko

    I installed BWPS worked fine, loved it, then I got 404 error got locked out. Fixed it. But scared me but I had uninstalled the plugin before changing the setting that stops changes to the theme via the theme editor. So now when I go back in, I can't edit my theme even though BWPS isn't installed. I was worried about reinstalling so I followed your steps to delete what you suggested.

    SELECT *
    FROM 'wp_options'
    WHERE option_name LIKE '%bwps%'

    The result may show you the records with option_name:
    1. bit51_bwps_data
    2. bit51_bwps
    3. bwps_file_log
    Delete them manually.

    But I also discovered in the same xxxx_options table, I have

    "uninstall_plugins" the autoload says "no"

    But should I delete it or leave it?

    So far having done this I am still unable to edit the theme with the editor.

    Any ideas?

  13. Handoko
    Member
    Posted 9 months ago #

    I'm not very sure this can help or not, but I think you should try.

    Your case sounds that you have enabled feature to disallow users to edit themes and plugins.

    My suggestion is, install Better WP Security, go to the admin area and make sure you have disable all the features from this plugin, and uninstall this plugin.

    Good luck.

  14. inspiringmums
    Member
    Posted 9 months ago #

    I managed to reinstall BWPS and I can now see my theme editor again

    solved.

  15. jpmizell
    Member
    Posted 8 months ago #

    Interesting -

    I opened up MySQL to make the DB mods and found 2 option_id's with bwps in the option_name. I selected both, and deleted them.
    There was no change in my site and when I executed a second search within the DB for %bwps% it turned up two more ids with the same table information.
    So I attempted to try ochado's approach.
    However my values don't show the same. Instead they show:
    s:14:"id_fileenabled";s:0:"0"; (note there is no i value. instead, I changed the second s value from 1 to 0.. just because)
    still no access to the site.

    Site error: 503
    Shared hosting: dreamhost

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.