WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] obscured the login webpage (10 posts)

  1. ivanyez
    Member
    Posted 1 year ago #

    Hello,

    I downloaded your plugin on my website sometime ago. I "obscured" my login and admin webpage. It was sometime ago I didn't write down my new login webpage. I forgot the new address, so that I cannot enter my administration site now. Is there any way to undo the changes so that I can enter my administration site? If I erase the whole plugin from the CPanel site, will it work? I admit my stupidity, but I was completely positive that I wrote down the login page address somewhere.

    Shame on me,

    Iván Matellanes Fresnadillo

    My webpage: http://www.sarasuati.com/

    http://wordpress.org/extend/plugins/better-wp-security/

  2. I "obscured" my login and admin webpage.

    I wish people wouldn't do that, it really only provides a false sense of security and can lead to this...

    I forgot the new address, so that I cannot enter my administration site now.

    I could not find your specific problem in this plugin's FAQ. Have you tried contacting the author via his website?

    http://bit51.com/support/

  3. ivanyez
    Member
    Posted 1 year ago #

    I tried, but you need to pay 40$ and I was expecting to solve the problem without that.

  4. ivanyez
    Member
    Posted 1 year ago #

    Finally, I managed to solve the problem. I just erased the plugin. It took a time to refresh to the old login page, though. Well, I supposed it was that ... 'Cause I didn't do anything else and the problem got solved!

    Thanks for your support.

    Ivan Matellanes Fresnadillo.

  5. shawn00m
    Member
    Posted 1 year ago #

    ivanyez, Did you just delete the plugin folder via FTP? I'm having the same problem with one of my sites.

  6. Emstatay
    Member
    Posted 1 year ago #

    Hello (shawn00m & others):

    I had the same problem. I could have caused it myself (in the MySQL back-end) or something else happened. I use KeePass to keep complicated passwords and the login URL and I just got 404 - no login page.

    So I opened the htaccess file in the root directory of my site with a text editor (on-line or FTP - makes no difference).
    IF you enabled blacklisting you may have many URLs at the top of that file. E.g.
    # BEGIN Better WP Security
    # Begin HackRepair.com Blacklist
    RewriteEngine on
    # Abuse Agent Blocking
    RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]

    etc. - scroll down to the end.

    LOOK FOR
    RewriteRule ^open/?$ /wp-login.php?RandomString4urSite [R,L]

    In your browser PASTE:
    http://www.yourdomain.tld/wp-login.php?RandomString4urSite

    You should be at your WP login-screen

    Hope you had the same problem and this fixed it ...
    You just saved $40 in support (plus my $40 = nice dinner)

    wishing you success with your fix ...

    Greets, Emstatay

  7. ivanyez
    Member
    Posted 1 year ago #

    Hi there,

    I just erased the plugin via FTP and, it worked. However, nor after one or two days after erasing the folder could I actually enter the default login page. If you are in a hurry, you may use the tip that Emstatay said. I have not try this second tip, but it actually looks like it will be working fine.

    Ivanyez

  8. ivanyez
    Member
    Posted 1 year ago #

    Hi there,

    I just erased the plugin via FTP and, it worked. However, nor after one or two days after erasing the folder could I actually enter the default login page. If you are in a hurry, you may use the tip that Emstatay said. I have not try this second tip, but it actually looks like it will be working fine.

    Ivanyez

  9. Handoko
    Member
    Posted 1 year ago #

    Most plugins can be (temporary) disabled by deleting or renaming the plugin folder. You can use File Manager (cPanel) or FTP. This trick also works on this Better WP Security. But sometimes it may not work if you have enabled certain settings in the plugin.

    In some cases, you may need to consider to completely remove this plugin. Here is how to do it:

    1. Backup your website
    It is a good idea to make a full backup (database and files) before continue to the next steps. If you're lazy, it is enough just keep a copy of .htaccess file.

    2. Modify the .htaccess file
    Save the .htaccess file to your local computer. Open and edit the file using text editor (Notepad if you're using Windows, or Text Editor if you're using Ubuntu). Find the text "# BEGIN Better WP Security" and " END Better WP Security" in the file. Delete all the lines between the #BEGIN... and #END... (which just mentioned), save it and upload it back to your website.

    3. Delete the plugin folder
    You can use File Manager or FTP to manually delete the plugin folder. Normally it is located at:
    public_html/wp-content/plugins/better-wp-security

    4. Delete some data in the database
    You can use phpMyAdmin (cPanel) to search and delete the data left by this plugin. Use this SQL command to search the record

    SELECT *
    FROM 'wp_options'
    WHERE option_name LIKE '%bwps%'

    The results are the records with option_name:
    - bit51_bwps_data
    - bit51_bwps
    - bwps_file_log

    This plugin broke my sites several times. Usually if this plugin breaks your site, it means you have enabled certain feature that is not compatible with the other plugins you're using or your webhost environment.

    Using the steps above I can bring my site normal again. It will remove the plugin and its settings so it will be safe to reinstall the plugin and you can reconfigure the settings.

    But if want to 100% remove it and revert all the things changed by this plugin, you also need to edit the wp-config.php file and wp-content folder. Here has the information provided directly by the author:
    http://bit51.com/what-is-changed-by-better-wp-security/

  10. Emstatay
    Member
    Posted 1 year ago #

    Hello Handoko:

    why the need to remove and leave other entries in your DB?
    Use the above instructions to login to your site - then REMOVE the plugin from within WP if you really do not want it. CLEAN REMOVAL!

    Yes, I admit that I got myself logged out. However looking at the log of my site and the high number of:
    a) attempted logins with admin (and other combinations)
    b) attempted page loads of default WP page names with scripts
    I WILL LEAVE the modifications made by this plugin for a while because I think there are ACTUAL attempts to get into my site which have been reduced to nothing but a 404 record! So the trouble of getting back in - I confider it a MINOR problem compared to the number of login attempt.

    Therefore, please note that my suggestions above simply allow you "back-in" to your site and you may decide what to do with the plugin [orderly removal possible!]

    nothing more ... greets ... Tatay

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.