[Plugin: Better WP Security] Issue with "Enable Default Banned List"

dma999999
(@dma999999)

11 years, 9 months ago

Hi there. First, I did want to say that I really like this plugin. Lots of useful stuff that has helped me to secure my WordPress installation.

I just wanted to briefly mention an odd error I experienced using the above function. Not having seen it before, I tried using it by checking the box and clicking “Add Host and Agent Blacklist”. The first couple of times, all I got back in response was a blank page with nothing more than “Security error!”. I then tried it a third time and then was unable to access either my site or the admin interface – just got 403 errors. So I ftp’d in, deleted the plugin, and deleted the Better WP Security lines from my .htaccess file and was able to access.

However, when I tried re-installing BWPS, it was not possible to deselect the “Enable Default Banned List” setting. While I could reinstall the plugin, when I tried going to that setting to deselect, the moment I hit save, I’d get a 403 again. I could recover by leaving the plugin in place and editing the .htaccess file. Everything seems to work fine so long as I don’t try to update any options in BWPS. If I do, then boom, 403 again.

I’d very much like to continue using the plugin. Anyone have any suggestions? I imagine there’s a setting in one of the MySQL tables I could change through phpMyAdmin. If anyone knows where I might find that, or any other suggested fixes, it/they would be most appreciated.

Tried searching the forum for other notes on this but didn’t seem to find any. If this is something that is worth looking into further, I’d be happy to provide more details to the extent I can.

http://wordpress.org/extend/plugins/better-wp-security/

Viewing 3 replies - 1 through 3 (of 3 total)

Bit51 (part of the iThemes family)
(@bit51)

11 years, 9 months ago

First I’m curious as to what part of the .htaccess is causing the error for you. Are you using an unusual browser or something that might be picked up in that list?

If your comfortable editing a serialized array you can find the setting in your options table under bit51_bwps. The key is “bu_blacklist”

Finally, what happens when you deselect the blacklist setting? Is it throwing you an error?

Thread Starter dma999999
(@dma999999)

11 years, 9 months ago

I’m not sure, to be honest. I don’t think my browser is too unusual – it’s Chrome. To be honest I’m not sure I’d be able to tell you what, if anything, in the list would be blocking me.

Thanks for providing the reference. Not sure if I am comfortable editing a serialized array, but will take a look when I get home (they block phpMyAdmin access ports at work) and see.

The specific problem I am having is that I can’t deactivate the blacklist setting without getting the 403 error. As far as I can tell, when I deselect the checkbox and click save, it first writes .htaccess to *include* the blacklist, presumably to align the manually edited .htaccess with what the settings say should be there, before attempting to remove the blacklist. But of course, by then it’s too late, because of the 403 error.

Of course, this is purely a wild-assed guess on my part. All I know is that when I deselect and hit save, I get a 403 error. When I open up .htaccess, all the BWPS settings have reappeared. If I manually delete and re-upload, 403 goes away, but the blacklist is still selected.

Let me know if I can provide any other information.

Bit51 (part of the iThemes family)
(@bit51)

11 years, 9 months ago

Thanks for the feedback.

The plugin actually saves the setting to the database and then builds the htacess before finally writing it which is what makes your situation so unique. If you would like I could help you disable that setting. Email me at info [at] bit51 [dot] com if you’re interested.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘[Plugin: Better WP Security] Issue with "Enable Default Banned List"’ is closed to new replies.

Tags