I Can't Login After Installing Better WP Security, Even wp-admin link Broken

had the same problem.
couldn’t login anymore.
i’ve just deleted this plugin

Hi all.

The only solution to get back in to your site is to remove your .htaccess file which has been modified by BWPS.

I have experienced this problem with older versions but upgraded to BWPS 3.0.1 today which, again, rendered my site inaccessible.

The .htaccess file that crashes my site (giving a http 500 error) looks like this:

# BEGIN Better WP Security
Options All -Indexes

Order allow,deny
Allow from all
Deny from  

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]

RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]

# END Better WP Security

If someone could help out to identify what causes the http 500 error I’d be happy.

A few minutes later:

After having deleted almost every line in the BWPS generated .htaccess file I ended up with this, and my site is still inaccessible!

# BEGIN Better WP Security
Options All -Indexes

Order allow,deny
Allow from all
Deny from  

<IfModule mod_rewrite.c>
RewriteEngine On

# END Better WP Security

There has to be something seriously wrong happening when BWPS generates the .htaccess file, but I don’t know what it is…

Im using WP-buddypress and have same problems.
First i try just to update plugin and my website becomes unusable then i deleted plugin and cleared all data in database so i installed fresh…still didnt worked so i decided to delete once again and returned older version of plugin wotrked seamless so i uncheck all security options and cleaned database again includin cleaning .htacces file to be old wordpress wpconfig with normall permissions and i installed plugin again and doesnt working.
Some of server error are next:
WP database ‘mybase._bwps_lockouts’ doesn’t exist for query INSERT INTO _bwps_lockouts (type,active,starttime,exptime,host,user) VALUES (‘2′,’1′,’1330960478′,’1330960478′,’66.249.66.174’,”) made of require, require_once, include, get_header, locate_template, load_template, require_once, wp_head, do_action, call_user_func_array, bwps_secure->check404, bwps_secure->logevent, bwps_secure->lockout

‘mybase._bwps_log’ doesn’t exist for query SELECT COUNT(*) FROM _bwps_log WHERE type=2 AND host=’66.249.66.174′ AND timestamp > 1330960478; made of require, require_once, include, get_header, locate_template, load_template, require_once, wp_head, do_action, call_user_func_array, bwps_secure->check404, bwps_secure->logevent

i removed database prefix from this code but i hope that this will help making it fix.Just to mention my cleaning database have meaning that i deleted just records of site lockout and not whole table,also i noticed when i install never version and i want to untick all options there was an error becouse data in htacces file and wp-config staying nchanged for permissions and data stored while plugin was active i didnt check install file also.Can you make when i want to uninstall plugin to be all settings restored as was before installing it?in this case i must do manual.Thanks I think this is very good plugin and keep it working ppl 🙂

where is saved secret key? I forgot it and now can’t login

xfalcon1 you can get it from your .htaccess file

Glad it’s working. Thanks for the followup.

I simply can not figure out how to get in to my client’s site. I have tried every combination of /login , /admin, /login[secretcode] , /login?[secretcode] … etc. and can not get into the site.

Should I just rename the htaccess file and start with a blank one? Very frustrating

I’m having the same problem and can not resolve the error not_found