WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
My loginpage doesnt exist after update (14 posts)

  1. My
    Member
    Posted 4 months ago #

    I had my loginpage and admin on a secret url through this addon. But after the update, and logging out I can no longer access my login page (says there's no such page)....

    Kind of a huge issue... So what should I do?

    https://wordpress.org/plugins/better-wp-security/

  2. BBIndikator
    Member
    Posted 4 months ago #

    Hey, try the following:

    Open your htaccess and look for the following slug:

    RewriteRule ^your-slug/?$ /wp-login.php [QSA,L]

    Erase this line and save your htaccess. After that go to your Plugin-Folder an rename the better-wp-security to better-wp-securityx (add just a x at the end)

    Go to your Browser and open http://your-domain/wp-admin

    If it works, rename better-wp-security to original and go in wp-admin to plugins. Activate BWPS again, go to settings and disable the Hide-Login sector and safe.

    After that, wait for support... : ) Hope it helps

  3. ncmapblog
    Member
    Posted 4 months ago #

    Edit to original query: Is this the answer I'm looking for? And if so, where do I find this wp-config.php?

    I've enabled the Enforce SSL option and it broke my site. How do I get back in?
    Open your wp-config.php file in a text editor and remove the following 2 lines:
    define('FORCE_SSL_LOGIN', true);
    define('FORCE_SSL_ADMIN', true);

    Original query: Acting the fool, a natural role, I took advice and added the iThemes Security plugin today. One of its recommendations was to Force SSL for Dashboard (it also said my server supports SSL) I use MacHighway for hosting my site (blog.ncmaps.org). I clicked that Force SSL for Dashboard option but I did NOT click the Force SSL for Login option. After saving, I can no longer access my blog Dashboard; I can't even log in to the admin site. Heck, I can't even get to a login page! I tried the old /wp-admin URL (without and with "s" on http) and I tried the new login url that I created at iTheme Security's urging.

    I need help! I'm so dumb, if you can help me, you'll need to assume I know absolutely nothing. For example, in the above response from BBlndikator, "Open your htaccess..." I have no idea what or where htaccess is. I don't know what's on my home laptop vs what's on some server 3 time zones away.

    Thanks in advance for any help y'all can provide.

  4. BBIndikator
    Member
    Posted 4 months ago #

    Hey! You need to use your ftp-client. With this you need to go to your root-path, it´s the folder where all your website datas are included..

    In this path you can find wp-config.php and .htaccess. It can happen that .htaccess is hidden in your ftp-client window. In this case you need to find a setup-menu-item in your ftp-client to "show hidden files". If you don´t know what is a ftp-client, look for FileZilla. Install it and paste your Server-Datas in it to get access.. Look in your Hosters Manual how to do this..

    To open both Files, you need a text-editor (don´t use word or anything like this). If you don´t have one, look for "Notepad++ for windows" or "Textwrangler for Mac". Both are free.

    If you need an absolute powerful tool, look for Sublime Text..

    You don´t need to erase`
    define('FORCE_SSL_LOGIN', true);
    define('FORCE_SSL_ADMIN', true);`

    Just write 2 slashes before them "//" to comment them out..

    // define('FORCE_SSL_LOGIN', true);
    // define('FORCE_SSL_ADMIN', true);

    Good luck

  5. My
    Member
    Posted 4 months ago #

    There's no line like this: RewriteRule ^your-slug/?$ /wp-login.php [QSA,L]

    I found this line in htaccess though:

    RewriteRule ^wp-admin/includes/ - [F] And removed it.

    Changed better-wp-security to better-wp-security-x

    That helped! Thank you.

    When can I activate this again? Do we need to wait for an update?

  6. ncmapblog
    Member
    Posted 4 months ago #

    edit: while typing the following, midorian posted a reply to the forum. I'll try midorian's tip once i locate htaccess.

    Thanks so much, BBIndikator. I actually found wp-config.php. I'm so proud of myself ;)

    Unfortunately, the file doesn't have those lines. At the top, there is this comment:
    <?php
    //The entries below were created by iThemes Security to enforce SSL
    define( 'FORCE_SSL_ADMIN', true );

    But below that, nothing at all that looks like the two lines I am looking for. In fact, SSL doesn't appear again anywhere. Here's the rest of the file... (I hope this is not a forum faux pas to post so much text). I've replaced personal info with ******** or with 'gibberish text string". While y'all take a look at this, I'll go search for htaccess

    /**
    * The base configurations of the WordPress.
    *
    * This file has the following configurations: MySQL settings, Table Prefix,
    * Secret Keys, WordPress Language, and ABSPATH. You can find more information
    * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
    * wp-config.php} Codex page. You can get the MySQL settings from your web host.
    *
    * This file is used by the wp-config.php creation script during the
    * installation. You don't have to use the web site, you can just copy this file
    * to "wp-config.php" and fill in the values.
    *
    * @package WordPress
    */

    // ** MySQL settings - You can get this info from your web host ** //
    /** The name of the database for WordPress */
    define('DB_NAME', '*********');

    /** MySQL database username */
    define('DB_USER', '**********');

    /** MySQL database password */
    define('DB_PASSWORD', 'gibberish text string');

    /** MySQL hostname */
    define('DB_HOST', 'localhost');

    /** Database Charset to use in creating database tables. */
    define('DB_CHARSET', 'utf8');

    /** The Database Collate type. Don't change this if in doubt. */
    define('DB_COLLATE', '');

    /**#@+
    * Authentication Unique Keys and Salts.
    *
    * Change these to different unique phrases!
    * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
    * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    *
    * @since 2.6.0
    */
    define('AUTH_KEY', 'very long gibberish text string;
    define('SECURE_AUTH_KEY', ':very long gibberish text string;
    define('LOGGED_IN_KEY', 'very long gibberish text string;
    define('NONCE_KEY', 'very long gibberish text string);
    define('AUTH_SALT', 'very long gibberish text string;
    define('SECURE_AUTH_SALT', 'very long gibberish text string;
    define('LOGGED_IN_SALT', 'very long gibberish text string;
    define('NONCE_SALT', 'very long gibberish text string;

    /**#@-*/

    /**
    * WordPress Database Table prefix.
    *
    * You can have multiple installations in one database if you give each a unique
    * prefix. Only numbers, letters, and underscores please!
    */
    $table_prefix = 'wp_';

    /**
    * WordPress Localized Language, defaults to English.
    *
    * Change this to localize WordPress. A corresponding MO file for the chosen
    * language must be installed to wp-content/languages. For example, install
    * de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
    * language support.
    */
    define('WPLANG', '');

    /**
    * For developers: WordPress debugging mode.
    *
    * Change this to true to enable the display of notices during development.
    * It is strongly recommended that plugin and theme developers use WP_DEBUG
    * in their development environments.
    */
    define('WP_DEBUG', false);

    /* That's all, stop editing! Happy blogging. */

    /** Absolute path to the WordPress directory. */
    if ( !defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . '/');

    /** Sets up WordPress vars and included files. */
    require_once(ABSPATH . 'wp-settings.php');

  7. ncmapblog
    Member
    Posted 4 months ago #

    found hidden .htaccess and removed the following line

    RewriteRule ^wp-admin/includes/ - [F]

    Changed plugin folder named better-wp-security to better-wp-security-x, then changed it to x-better-wp-security-x

    Still have no admin access to my blog, either with wp-admin or wpncmblogin which is what I changed the URL to at iTheme Security's recommendation. The login page just doesn't exist. This is a big problem.

  8. BBIndikator
    Member
    Posted 4 months ago #

    @midorian - you can rename wpbs now and activate it, but go directly to settings and deactivate the functions that causes your issues.. To use them, wait for update, yes. It seems that a lot of people have problems like this. If there is an update available, wait to use it until you see no new issues from others in this Forum. It seems that they changed a lot in the architecture. It is normal that it causes some issues at the beginning..

    @ncmapblog

    try this (2 slashes):
    // define( 'FORCE_SSL_ADMIN', true );

    Let the rest of wp-config stay as it is..

    This is not the right line: RewriteRule ^wp-admin/includes/ - [F] It´s to protect the wp-admin/includes..

    Find "# BEGIN iThemes Security" and "# END iThemes Security". Erase the complete content inside and change it with this:

    # BEGIN iThemes Security
    	# BEGIN Ban Users
    		# Begin HackRepair.com Blacklist
    		RewriteEngine on
    		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^CazoodleBot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^discobot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ecxi [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^GT::WWW [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^heritrix [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^HTTP::Lite [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^id-search [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^id-search\.org [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^IDBot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^IRLbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^LinksManager.com_bot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^linkwalker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^MFC_Tear_Sample [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ URL\ Control [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Missigua\ Locator [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^panscient.com [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PECL::HTTP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PHPCrawl [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PleaseCrawl [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SBIder [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Snoopy [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Steeler [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^URI::Fetch [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^urllib [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^User-Agent [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^webalta [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebCollage [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Wells\ Search\ II [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WEP\ Search [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^zermelo [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ZyBorg [NC]
    		RewriteRule ^.* - [F]
    
    	# END Ban Users
    	# BEGIN Tweaks
    		# Rules to block access to WordPress specific files
    		<files .htaccess>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files readme.html>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files readme.txt>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files install.php>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files wp-config.php>
    			Order allow,deny
    			Deny from all
    		</files>
    
    		# Rules to disable XML-RPC
    		<files xmlrpc.php>
    			Order allow,deny
    			Deny from all
    		</files>
    
    		# Rules to disable directory browsing
    		Options -Indexes
    
    		<IfModule mod_rewrite.c>
    			RewriteEngine On
    
    			# Rules to protect wp-includes
    			RewriteRule ^wp-admin/includes/ - [F]
    			RewriteRule !^wp-includes/ - [S=3]
    			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
    			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
    			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
    			RewriteRule ^wp-includes/theme-compat/ - [F]
    
    			# Rules to prevent php execution in uploads
    			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
    
    			# Rules to block unneeded HTTP methods
    			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    			RewriteRule ^(.*)$ - [F]
    
    			# Rules to help reduce spam
    			RewriteCond %{REQUEST_METHOD} POST
    			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
    			RewriteCond %{HTTP_REFERER} !^(.*)pur-mainz.de.*
    			RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
    			RewriteCond %{HTTP_USER_AGENT} ^$
    			RewriteRule ^(.*)$ - [F]
    		</IfModule>
    	# END Tweaks
    # END iThemes Security

    It includes the most important features from bwps, but no rewrite rules...

  9. BBIndikator
    Member
    Posted 4 months ago #

    @midorian - you can rename wpbs now and activate it, but go directly to settings and deactivate the functions that causes your issues.. To use them, wait for update, yes. It seems that a lot of people have problems like this. If there is an update available, wait to use it until you see no new issues from others in this Forum. It seems that they changed a lot in the architecture. It is normal that it causes some issues at the beginning..

    @ncmapblog

    try this (2 slashes):
    // define( 'FORCE_SSL_ADMIN', true );

    Let the rest of wp-config stay as it is..

    This is not the right line: RewriteRule ^wp-admin/includes/ - [F] It´s to protect the wp-admin/includes..

    Find "# BEGIN iThemes Security" and "# END iThemes Security". Erase the complete content inside and change it with this:

    # BEGIN iThemes Security
    	# BEGIN Ban Users
    		# Begin HackRepair.com Blacklist
    		RewriteEngine on
    		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^CazoodleBot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^discobot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ecxi [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^GT::WWW [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^heritrix [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^HTTP::Lite [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^id-search [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^id-search\.org [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^IDBot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^IRLbot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^LinksManager.com_bot [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^linkwalker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^MFC_Tear_Sample [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ URL\ Control [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Missigua\ Locator [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^panscient.com [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PECL::HTTP [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PHPCrawl [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^PleaseCrawl [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^SBIder [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Snoopy [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Steeler [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^URI::Fetch [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^urllib [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^User-Agent [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^webalta [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WebCollage [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^Wells\ Search\ II [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^WEP\ Search [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^zermelo [NC,OR]
    		RewriteCond %{HTTP_USER_AGENT} ^ZyBorg [NC]
    		RewriteRule ^.* - [F]
    
    	# END Ban Users
    	# BEGIN Tweaks
    		# Rules to block access to WordPress specific files
    		<files .htaccess>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files readme.html>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files readme.txt>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files install.php>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files wp-config.php>
    			Order allow,deny
    			Deny from all
    		</files>
    
    		# Rules to disable XML-RPC
    		<files xmlrpc.php>
    			Order allow,deny
    			Deny from all
    		</files>
    
    		# Rules to disable directory browsing
    		Options -Indexes
    
    		<IfModule mod_rewrite.c>
    			RewriteEngine On
    
    			# Rules to protect wp-includes
    			RewriteRule ^wp-admin/includes/ - [F]
    			RewriteRule !^wp-includes/ - [S=3]
    			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
    			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
    			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
    			RewriteRule ^wp-includes/theme-compat/ - [F]
    
    			# Rules to prevent php execution in uploads
    			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
    
    			# Rules to block unneeded HTTP methods
    			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    			RewriteRule ^(.*)$ - [F]
    
    			# Rules to help reduce spam
    			RewriteCond %{REQUEST_METHOD} POST
    			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
    			RewriteCond %{HTTP_REFERER} !^(.*)pur-mainz.de.*
    			RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
    			RewriteCond %{HTTP_USER_AGENT} ^$
    			RewriteRule ^(.*)$ - [F]
    		</IfModule>
    	# END Tweaks
    # END iThemes Security

    It includes the most important features from bwps, but no rewrite rules...

  10. BBIndikator
    Member
    Posted 4 months ago #

    Ups.. Sorry for doublepost..

  11. ncmapblog
    Member
    Posted 4 months ago #

    BBIndikator, if you were here I would kiss you right smack on the lips. Repeatedly. Over and over again. You'd probably prefer a great big THANK YOU!!!!!!!!!!!!!!!!!!!!!!

    Is it now safe for me to delete the currently deactivated iThemes Security plugin?

  12. BBIndikator
    Member
    Posted 4 months ago #

    : ) Don´t erase it.. It´s really a good Plugin for Security. I think in 2 or 3 Updates (in the next days and weeks), all errors will be fixed.. Just enable all functions without SSL, Login-Rename and all the functions with the warning that some plugins will not work with it..

    Use it definitely for: LoginAttempt; Enable Strong-Password; Force Nickname; delete generator tab; Display WP-Version randomly; Disallow Comments without register; disable PHP in Uploads; disable login error messages; Disable author page if post count is 0; disable File Editor; disable Directory Browsing

    For this it´s safe...

  13. ncmapblog
    Member
    Posted 4 months ago #

    Thank you so much for fixing my broke site and for the advice on how to use iThemes Security. If you ever have a question about really old maps, just holler.

  14. BBIndikator
    Member
    Posted 4 months ago #

    You´re welcome.. I´m glad it works... : )

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.