WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
How To Reinstall this Plugin (4 posts)

  1. joietan
    Member
    Posted 1 year ago #

    Hi,
    I have search and read the support forum and i still have problem with site and plugin

    I have not been meddling with my site for some time.
    I have installed this plugin and i dont remember what i did configure.
    Now I am locked out out of wp-admin
    everytime I tried to login it gives me error user/password. When I reset the password and relogin again, it direct me to 404 page

    I still have my cpanel access

    Is there anyone who has step by step on how to disable and get me back inside my wp-admin dashboard.

    like, what files must i delete or modify from cpanel?

    here are my wp-options:
    bit51_bwps has

    a:73:{s:14:"initial_backup";i:1;s:17:"initial_filewrite";i:1;s:10:"am_enabled";s:1:"0";s:7:"am_type";s:1:"0";s:12:"am_startdate";s:1:"1";s:10:"am_enddate";s:1:"1";s:12:"am_starttime";s:1:"1";s:10:"am_endtime";s:1:"1";s:12:"backup_email";s:1:"1";s:19:"backup_emailaddress";s:0:"";s:11:"backup_time";s:1:"1";s:15:"backup_interval";s:1:"1";s:14:"backup_enabled";s:1:"0";s:11:"backup_last";s:0:"";s:11:"backup_next";s:0:"";s:17:"backups_to_retain";s:2:"10";s:10:"bu_enabled";s:1:"0";s:10:"bu_banlist";s:0:"";s:11:"bu_banagent";s:0:"";s:12:"bu_blacklist";s:1:"0";s:10:"hb_enabled";s:1:"0";s:8:"hb_login";s:5:"login";s:11:"hb_register";s:8:"register";s:8:"hb_admin";s:5:"admin";s:6:"hb_key";s:0:"";s:10:"ll_enabled";s:1:"0";s:18:"ll_maxattemptshost";s:1:"5";s:18:"ll_maxattemptsuser";s:2:"10";s:16:"ll_checkinterval";s:1:"5";s:12:"ll_banperiod";s:2:"15";s:14:"ll_blacklistip";s:1:"1";s:23:"ll_blacklistipthreshold";s:1:"3";s:14:"ll_emailnotify";s:1:"1";s:15:"ll_emailaddress";s:0:"";s:10:"id_enabled";s:1:"0";s:14:"id_emailnotify";s:1:"1";s:16:"id_checkinterval";s:1:"5";s:12:"id_threshold";s:2:"20";s:12:"id_banperiod";s:2:"15";s:14:"id_blacklistip";s:1:"0";s:23:"id_blacklistipthreshold";s:1:"3";s:12:"id_whitelist";s:0:"";s:15:"id_emailaddress";s:0:"";s:14:"id_fileenabled";s:1:"0";s:18:"id_fileemailnotify";s:1:"1";s:19:"id_filedisplayerror";s:1:"1";s:19:"id_fileemailaddress";s:0:"";s:14:"id_specialfile";s:0:"";s:12:"id_fileincex";s:1:"1";s:16:"id_filechecktime";s:0:"";s:11:"st_ht_files";i:1;s:14:"st_ht_browsing";i:1;s:13:"st_ht_request";i:1;s:11:"st_ht_query";i:1;s:12:"st_generator";i:1;s:11:"st_manifest";i:1;s:10:"st_edituri";i:1;s:11:"st_themenot";i:1;s:12:"st_pluginnot";i:1;s:10:"st_corenot";i:1;s:17:"st_enablepassword";i:0;s:11:"st_passrole";s:13:"administrator";s:13:"st_loginerror";i:0;s:11:"st_fileperm";i:1;s:10:"st_comment";i:0;s:16:"st_randomversion";i:1;s:10:"st_longurl";i:1;s:11:"st_fileedit";i:1;s:13:"st_writefiles";i:1;s:14:"ssl_forcelogin";s:1:"0";s:14:"ssl_forceadmin";s:1:"0";s:12:"ssl_frontend";s:1:"0";s:14:"oneclickchosen";s:1:"0";}

    bit51_bwps_data has
    a:3:{s:7:"version";s:4:"3059";s:13:"activatestamp";i:1347628193;s:6:"no-nag";i:1;}

    table wp_bwps_lockouts and wp_bwps_log both are empty

    please help.
    Thank you ,
    Joie

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Now I am locked out out of wp-admin

    I'm pretty sure it's a known issue.

    http://wordpress.org/support/topic/troubleshooting-wordpress-35-master-list?replies=4

    Particularly this part.

    BulletProof Security - http://wordpress.org/extend/plugins/bulletproof-security/
    Update to the latest version (.47.7) to fix issues with javascript functionality in WordPress not working correctly.
    Note: You can still have this problem if you have *ever* used the BulletProof Security in the past, even if you have removed it. If you are experiencing problems with menus and widgets and the editor and similar not working, and you have ever used BulletProof Security, even if you're not using it anymore, then look for an .htaccess file in the /wp-admin directory, and delete it if it is there.

    Look in your wp-admin directory. If you see a .htaccess file there then delete it. You may need to enable "View hidden files" to find it.

  3. joietan
    Member
    Posted 1 year ago #

    Thank you Jan.
    I have never installed Bullet Proof Security before,

    I was thinking if i can get access again if i modify the bit51_bwps options, but i dont know what to modify.

    Currently under my wp-admin there is no .htaccess file

    There is one .htaccess at /public_html that says

    .htaccess
    UTF-8 Unicode text
    # BEGIN Better WP Security
    Options -Indexes
    
    <files .htaccess>
    Order allow,deny
    Deny from all
    </files>
    
    <files readme.html>
    Order allow,deny
    Deny from all
    </files>
    
    <files readme.txt>
    Order allow,deny
    Deny from all
    </files>
    
    <files install.php>
    Order allow,deny
    Deny from all
    </files>
    
    <files wp-config.php>
    Order allow,deny
    Deny from all
    </files>
    
    <IfModule mod_rewrite.c>
    RewriteEngine On
    
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    RewriteRule ^(.*)$ - [F,L]
    
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
    RewriteCond %{QUERY_STRING} http\:  [NC,OR]
    RewriteCond %{QUERY_STRING} https\:  [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|concat|insert|union|declare).* [NC]
    RewriteCond %{QUERY_STRING} !^loggedout=true
    RewriteCond %{QUERY_STRING} !^action=rp
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
    RewriteRule ^(.*)$ - [F,L]
    
    </IfModule>
    # END Better WP Security
    
    # AddHandler php5_2-wrap .php
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
  4. Thank you Jan.
    I have never installed Bullet Proof Security before,

    Aaaannd that's what happens when I read one set of words and my brain (such as it is) interprets a whole 'nother set entirely. Sorry about that.

    :)

    I was thinking if i can get access again if i modify the bit51_bwps options, but i dont know what to modify.

    Not sure myself how to do that but the plugin author may have some links to assist you from the FAQ.

    http://bit51.com/fixing-better-wp-security-lockouts/
    http://bit51.com/what-is-changed-by-better-wp-security/

    I don't see in those links where it describes that but I may have missed it as my reading capabilities are sub-par at the moment...

    Is there anyone who has step by step on how to disable and get me back inside my wp-admin dashboard.

    Up for a little experimentation? Make sure you have backups of your files and database first. In case of a disaster they'll be your life line.

    http://codex.wordpress.org/WordPress_Backups
    http://codex.wordpress.org/Backing_Up_Your_Database
    http://codex.wordpress.org/Restoring_Your_Database_From_Backup

    Make and keep safe a copy of that original .htaccess file and reduce that down to just the basics like so.

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    The via FTP or CPANEL navigate to the wp-content/plugins directory and save that better-wp-security directory somewhere save. Once that's done delete the better-wp-security directory.

    If it is BWS then hopefully that will get you back access to wp-admin. If something goes OMGWTFBBQ!! wrong then restoring your backups will put you to where you are right now.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic