You need to look into your .htaccess file
lines like
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/wp-login\.php
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/HIDDENBACKEND1
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/HIDDENBACKEND2
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/HIDDENBACKEND3
RewriteRule ^.*wp-admin/?|^.*wp-login\.php /not_found [R,L]
Then you can see how the rewrite is done if you forgot it.
Or you remove the lines/setting a comment # to make it invalid.
Attention: WPSec. might have set .htaccess to read-only.
I had the same problem, not sure if the prefix rewrite or the hide back end feature caused it. Neither the wp_config not the .htaccess files seem to have been changed though, so it’s a total mystery what happened here.
I got the same problem after activating all features which i dont understand fully , i cant login at all,
please hellppp
Anyone could access to your admin? Please let me know…
Hello, I ever had bad experiences with this plugin that caused me not able to login. Here are somethings you may try:
First, and the very first make necessary backup of your important files.
You can use your FTP program or cPanel File Manager to do it. What to backup? Here are the important files:
– .htccess on the root of your website folder
– Entire folder of the plugin wp-content/plugins/better-wp-security
– Entire folder of your website
– The database of the website using cPanel phpMyAdmin
To backup all files in a folder, it will be easier if you compress the entire folder.
Now, things you can try to retrieve your login:
1. Try to delete (or rename) the .htaccess file. If you still unable to login, you should restore it from the backup. But if you can login, it means there are somethings wrong in the file. You need to examine and edit the file (restored from your backup), pay attention of the texts between these lines:
# BEGIN Better WP Security
# END Better WP Security
2. You may also try to use .htaccess file from your other WordPress website that is working correctly. You should not try it if one of the website has WordPress multisite enabled.
3. If you still have no luck, you may try to delete the entire folder of the plugin wp-content/plugins/better-wp-security. You can even combine this option with option no. 1.
If you managed to login to your admin area. You may need to reinstall the plugin (or perhaps uninstall if you not wish to use it). This reinstallation is neccessary to make sure the plugin won’t left unused data on your website (database). Once if you’re sure your website is working correctly, you should do backup immediately.
These above are based on my experiences, I can’t guarantee success. Try it on your own risk. Hope it helps.
Hi Handoko,
I had the same problem and I already have done the process you describe. My problem is that I can’t use any of my usernames, because it says they not exist. Can you help me?
Thanks.
To be honest,i unistall the app.
@enelbus:
If you follow the instruction above you should be able to login. Have you tried to reset your account by clicking the Lost your password on the login form?
@handoko
Yes, I tried that. Also an emergency php file where I changed my password, and changing the password directly via the phpMyadmin panel on my server. Nothing worked. When I tried to login, the window just erased the words from the form without an error. I tried to login on different computers. I think, in my case, another part of the code from the plug-in is still there hidding the usernames and I didn’t save the secret key.
I just gave up and I’m going to start all over again the blog.
If you trust me, you can email me your .htaccess file handoko_yahu[at]yahoo.co.id.
I found the easiest way to get back into my site when I couldn’t log in was by accessing the .htaccess file via ftp and deleting the Better WP Security entries, or at least those dealing with the redirects; as mentioned at the end of #1 by Handoko above.
Glad to hear you can easily fix the login problem. In some other cases, we may need to use step 2 or 3.
A good things to do: you should keep a copy of the .htaccess file on your local computer, because many problems may be fix simply copy/paste the .htaccess from backup.
I’m freaking out. I am very new to wordpress. I created a site for a client. Things were fine for a few months. Then the site was hacked. I got everything cleaned up and back to normal and installed your plugin. I really just did whatever options it said, and now, when I go to mysite/wp-admin it is a spam site. How the heck do I login??? Any help will be greatly greatly appreciated.
Thank you.
Hello @kravedesigns, what do you mean by:
I really just did whatever options it said, and now, when I go to mysite/wp-admin it is a spam site.
If it is reporting a spam site, are you sure you cleaned your site correctly? You can use the following link to check your site for viruses or other issues.
Kind regards
