WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] I Can't Login After Installing Better WP Security, Even wp-admin link Broken (22 posts)

  1. eliterarysociety
    Member
    Posted 2 years ago #

    Hello,
    Please Help me to remove Better Wp Security Plugin at any cost. Or To Suggest to resolve my problem, I did not Take backup before instaling this plugin, I already tried to remove through FTP but it did't work.

    Please Guide me in full way.

    I Thankful to u all

    Please Help Me.

    http://wordpress.org/extend/plugins/better-wp-security/

  2. arjanv
    Member
    Posted 2 years ago #

    had the same problem.
    couldn't login anymore.
    i've just deleted this plugin

  3. ejohnson43
    Member
    Posted 2 years ago #

    I had the same problem!!

  4. mr_swede
    Member
    Posted 2 years ago #

    Hi all.

    The only solution to get back in to your site is to remove your .htaccess file which has been modified by BWPS.

    I have experienced this problem with older versions but upgraded to BWPS 3.0.1 today which, again, rendered my site inaccessible.

    The .htaccess file that crashes my site (giving a http 500 error) looks like this:

    # BEGIN Better WP Security
    Options All -Indexes
    
    Order allow,deny
    Allow from all
    Deny from  
    
    <IfModule mod_rewrite.c>
    RewriteEngine On
    
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    RewriteRule ^(.*)$ - [F,L]
    
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} tag\= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
    RewriteCond %{QUERY_STRING} http\:  [NC,OR]
    RewriteCond %{QUERY_STRING} https\:  [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteRule ^(.*)$ - [F,L]
    
    # END Better WP Security

    If someone could help out to identify what causes the http 500 error I'd be happy.

    A few minutes later:

    After having deleted almost every line in the BWPS generated .htaccess file I ended up with this, and my site is still inaccessible!

    # BEGIN Better WP Security
    Options All -Indexes
    
    Order allow,deny
    Allow from all
    Deny from  
    
    <IfModule mod_rewrite.c>
    RewriteEngine On
    
    # END Better WP Security

    There has to be something seriously wrong happening when BWPS generates the .htaccess file, but I don't know what it is...

  5. Patrick Nommensen
    Member
    Posted 2 years ago #

    The updated version seems to be working fine for me. Just thought I would share that.

  6. alex80ks
    Member
    Posted 2 years ago #

    Im using WP-buddypress and have same problems.
    First i try just to update plugin and my website becomes unusable then i deleted plugin and cleared all data in database so i installed fresh...still didnt worked so i decided to delete once again and returned older version of plugin wotrked seamless so i uncheck all security options and cleaned database again includin cleaning .htacces file to be old wordpress wpconfig with normall permissions and i installed plugin again and doesnt working.
    Some of server error are next:
    WP database 'mybase._bwps_lockouts' doesn't exist for query INSERT INTO _bwps_lockouts (type,active,starttime,exptime,host,user) VALUES ('2','1','1330960478','1330960478','66.249.66.174','') made of require, require_once, include, get_header, locate_template, load_template, require_once, wp_head, do_action, call_user_func_array, bwps_secure->check404, bwps_secure->logevent, bwps_secure->lockout

    'mybase._bwps_log' doesn't exist for query SELECT COUNT(*) FROM _bwps_log WHERE type=2 AND host='66.249.66.174' AND timestamp > 1330960478; made of require, require_once, include, get_header, locate_template, load_template, require_once, wp_head, do_action, call_user_func_array, bwps_secure->check404, bwps_secure->logevent

    i removed database prefix from this code but i hope that this will help making it fix.Just to mention my cleaning database have meaning that i deleted just records of site lockout and not whole table,also i noticed when i install never version and i want to untick all options there was an error becouse data in htacces file and wp-config staying nchanged for permissions and data stored while plugin was active i didnt check install file also.Can you make when i want to uninstall plugin to be all settings restored as was before installing it?in this case i must do manual.Thanks I think this is very good plugin and keep it working ppl :)

  7. domainkcl
    Member
    Posted 1 year ago #

    This is a simple problems. It is not because of upgrade or anything else. When you implement the Better WP security, there is a button to Hide Backend Options. The Security tool changed fro, wp-admin, wp-login etc to just admin, without the wp. So you can either log in by entering your domain followed by admin or login eg.
    http://www.mydomain.com/admin or you can use the http://www.mydomain.com/wp-adminXXXX where XXXX is the secret code you were provided when you enabled the Hide Backend options: If this helped leave me a commment here on our blog. http://www.sleekwarehouse.com

  8. xfalcon1
    Member
    Posted 1 year ago #

    where is saved secret key? I forgot it and now can't login

  9. thealchemist
    Member
    Posted 1 year ago #

    I have the secret key but still can't log in because I made the mistake of changing "login" "admin" and "register" with a word I can not remember and I stupidly did not write down.

    Anything I can do? Or just keep trying to use words I thought I used?

  10. xfalcon1 you can get it from your .htaccess file

  11. solomirar
    Member
    Posted 1 year ago #

    OK, thanks to you all I could solve it. Opened the htaccess file editor and copypasted the wp-admin line as you said. Now we now the solution if the login page gets lost again. For the rest I am very happy with the pluguin. Feel safer!

  12. Glad it's working. Thanks for the followup.

  13. pacspy
    Member
    Posted 1 year ago #

    I'm not able to find the wp-admin line in .htaccess. What section is it in and what should I look for? Thanks.

  14. thealchemist
    Member
    Posted 1 year ago #

    I simply can not figure out how to get in to my client's site. I have tried every combination of /login , /admin, /login[secretcode] , /login?[secretcode] ... etc. and can not get into the site.

    Should I just rename the htaccess file and start with a blank one? Very frustrating

  15. thealchemist
    Member
    Posted 1 year ago #

    using /admin[secret code] isn't working for me. still only getting "not_found"

  16. jrnin
    Member
    Posted 1 year ago #

    I'm having the same problem and can not resolve the error not_found

  17. thealchemist
    Member
    Posted 1 year ago #

    Also, when I delete the .htaccess file AND the plugin I get a 500 access denied message.

    VERY FRUSTRATING.

  18. webdesignerchristian
    Member
    Posted 1 year ago #

    hmmm it worked for me...

    i went into my .htaccess found this line of code

    RewriteRule ^login/?$ /wp-login.php?4gr2..removed..5vmob2 [R,L]

    i think that is the rewrite log in rule with the session id attached
    so i just modified my log in link to match and pasted it into my url browser and logged in

    ps my final log in link was

    http://www.hotrockhosting.com/wp-login.php?4gr2..removed..5vmob2

    and urs wont say ..removed.. (removed for public sample purpose)

    webdesignerchristian at gmail :)

  19. campbell1958
    Member
    Posted 1 year ago #

    spooky domainkcl i used the http:www.mydomain.com/admin and got in immediately. I am in no way a tech geek but it worked way too easy. is my PC going to explode now?

  20. tmrait
    Member
    Posted 1 year ago #

    Nothing above worked for me. This is what I did to get it fixed.

    I logged in via FTP and under wp-content/plugins I changed the name of the Better WP Security plugin (wasn't game enough to delete it);

    I deleted .htaccess in the main directory;

    Then I could log in to /wp-admin;

    I then went to Plugins in the WP dashboard and DELETED the Better WP Security Plugin;

    I then went and installed it again and activated it, but it looks like it kept the previous installs settings, so I unticked the "HIDE" admin setting so now I can login to wp-admin and I have Better WP Security install... yeah...

    But now only my home page works, all the other urls are broken :(

    Back to the drawing board.

  21. Zak Chapman
    Member
    Posted 1 year ago #

    Issue : if i activate "Display random version number to all non-administrative users" on my site i got API Google Map error, my site stay in loop...

  22. Gillian
    Member
    Posted 1 year ago #

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic