WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
Unable to write to your .htaccess or nginx.conf file. (58 posts)

  1. markemark
    Member
    Posted 3 months ago #

    I keep seeing error

    Unable to write to your .htaccess or nginx.conf file. If the problem persists contact support.

    the log file is simply the header information so no information on what is causing it.

    I am on a Amazon hosted system, so this may be the cause, it would be useful if the output would tell me what changes are required to the .htaccess then I can manually update as required ?

    https://wordpress.org/plugins/better-wp-security/

  2. AtomicT
    Member
    Posted 3 months ago #

    I too have this issue, just updated to iThemes Security 4.0 and whether .htaccess has 0644 or 0444 it presents this message...

  3. respectyoda
    Member
    Posted 3 months ago #

    If you go to the admin backend, click on Security -> Dashboard. Scroll all the way down and you will see a section with the title of "Rewrite Rules." Information in this section is what you can copy and paste in your .htaccess file.

  4. PeteGeek
    Member
    Posted 3 months ago #

    If you go to the admin backend, click on Security -> Dashboard. Scroll all the way down and you will see a section with the title of "Rewrite Rules." Information in this section is what you can copy and paste in your .htaccess file.

    The old Better WP Security did this just fine and displayed all required changes but iThemes Security doesn't.

    As I use iTS in conjunction with other security packages I'd like to see all changes required to .htaccess and wp-config.php so I can generate them myself. Basically, because iTS does not lock the .htaccess or wp-config.php files and currently leaves them open for the public to view - even when the "protect core files" option is checked.

  5. respectyoda
    Member
    Posted 3 months ago #

    PeteGeek, it is best for you to use a FTP client such as FileZilla and set the file permissions for your .htaccess file.

  6. Mauricio Gouvea
    Member
    Posted 3 months ago #

    I'm having the same problem. Which are the right permissions for the .htaccess file?

  7. PureWeb
    Member
    Posted 3 months ago #

    I've also seen this today. I have five domains set up the same, and decided to change some of the settings (SAME changes for each of the domains) after updating the iThemes Security plugin on all of them.

    All changes went fine on three of the five domains, but one of the domains kept giving the same message others are seeing "Unable to write to your .htaccess or nginx.conf file" and would not make the changes I selected. After trying to make them 5 or 6 times, the message stopped appearing, and the changes finally "took"!

    I made one more change after that, and I now have these messages displaying on my iThemes Security "Settings" page at the top:

    Unable to release a lock on your .htaccess or nginx.conf file. If the problem persists contact support.

    Unable to release a lock on your wp-config.php file. If the problem persists contact support.

    even though the changes WERE made!

    On the fifth domain, the first time I tried to make a change of the setting "Disable PHP in Uploads" (to true) I got "Are you sure you want to do this?" and the change was NOT made - I tried changing it again and it "Took" on my second attempt - Very Strange Behavior on both the domains that were acting like the plugin didn't want to let me make changes - and then let me after repeated attempts and without ANY other changes in between attempts!

    So (even though I have checked the box labeled:
    Allow iThemes Security to write to wp-config.php and .htaccess.)-

    Where there used to be a list of rewrite rules on my dashboard for each of these domains (before the change/update from BWPS to iThemes Security), there is now only the notices:

    Rewrite Rules
    There are no rules to write.

    wp-config.php Rewrite Rules
    There are no rules to write.

    which makes no sense - since there ARE still rewrite rules listed in the .htaccess file and a whole section that starts with "Begin iThemes Security" and includes a section "#Begin Hide Backend" with a rule to change the login slug- which is followed by "#End Hide Backend" but not the other hide backend rule BWPS had to hide the wp-admin folder . . .?

    I suspect this omission has to do with compatability - for other plugins that need access to the wp-admin folder - but aren't those hackers out there adept at hacking thru the wp-admin to gain access to our sites?

  8. elemental.tm
    Member
    Posted 3 months ago #

    I have the same issues, I'm guessing this is a big as the plugin has recently undergone a major rewrite and there are frequent updates. Hopefully will be addressed in next version.

  9. respectyoda
    Member
    Posted 3 months ago #

    Mauricio, the .htaccess file should have the permission of 644.

  10. eitanc
    Member
    Posted 3 months ago #

    I had the same issue, using the latest version of this plugin.

    I simply renamed the .htaccess file at the root folder of the relevant site to something else and strangely the "hide backend" feature is working fine now... although it should NOT work since there is no rewrite operation at the .htaccess file level.

    The content of the file looks like the following:
    # BEGIN iThemes Security
    # BEGIN Hide Backend
    # Rules to hide the dashboard
    RewriteRule ^/<my-secret-text>/?$ /wp-login.php [QSA,L]

    # END Hide Backend
    # END iThemes Security

    I think this is one of the worst upgrade moves I've seen for a long time.

  11. PeteGeek
    Member
    Posted 3 months ago #

    PeteGeek, it is best for you to use a FTP client such as FileZilla and set the file permissions for your .htaccess file.

    I do. In fact I'm required to check them every time any plugins, not just iTS, updates. Just good practice to do so.

    I'm having the same problem. Which are the right permissions for the .htaccess file?

    Set the permissions as follows:
    .htaccess - 404
    index.php - 400
    wp-config.php - 400
    wp-blog-header.php - 400

  12. PureWeb
    Member
    Posted 3 months ago #

    Basically, because iTS does not lock the .htaccess or wp-config.php files and currently leaves them open for the public to view - even when the "protect core files" option is checked.

    I thought this section inside the iThemes Security section of the .htaccess protects those files. Is that incorrect, and the public can get around these rules in the .htaccess file?

    # BEGIN Tweaks
    # Rules to block access to WordPress specific files
    <files .htaccess>
    Order allow,deny
    Deny from all
    </files>
    <files readme.html>
    Order allow,deny
    Deny from all
    </files>
    <files readme.txt>
    Order allow,deny
    Deny from all
    </files>
    <files install.php>
    Order allow,deny
    Deny from all
    </files>
    <files wp-config.php>
    Order allow,deny
    Deny from all
    </files>

    # Rules to disable XML-RPC
    <files xmlrpc.php>
    Order allow,deny
    Deny from all
    </files>

    # Rules to disable directory browsing
    Options -Indexes

    <IfModule mod_rewrite.c>
    ..................
    ..............." etc.

  13. mpa4hu
    Member
    Posted 3 months ago #

    so whats the solution?

  14. AKJK
    Member
    Posted 3 months ago #

    Faced this issue as well. Noticed it only after I upgraded to 4.0.7.
    Here was what happened. I had previously upgraded to 4.0.3, rolled back to 3.6.6 after issues with the hide backend feature. When 4.0.7 was released, decided to try my luck again with version 4.0.7 and that was when this issue floated up.
    I tried going into FTP to change my htaccess file permission from 404 to 644 but no luck. Also changed my wp-config from 444 to 644 but again no luck. Plugin still says "unable to release lock."
    I then decided to deactivate the plugin and it immediately broke my site. Contacted my webhost and was told that these lines were written into my wp-config file.
    define( 'FORCE_SSL_LOGIN', true );
    define( 'FORCE_SSL_ADMIN', true );
    The funny thing is that I did not even use the SSL feature in the plugin so not sure why those lines were even triggered.
    When the webhost removed the above lines, I was able to login again via wp-admin. Given the bad experience, I once again rolled back to 3.6.6.
    I am now monitoring this support forum for the date when all issues are solved before trying to upgrade once more.
    Meanwhile, does anyone know why this is happening i.e. the statement that it is "unable to release lock" as well as the lines forcing SSL?

  15. intercloudhost
    Member
    Posted 3 months ago #

    had to roll back to previous version, having this same issue even when changing file permissions. Any one having success to solving this?

  16. intercloudhost
    Member
    Posted 3 months ago #

    Had to roll back to previous version since having thi same issue, even when changing file permissions. Any success solving this?

  17. kr0hm
    Member
    Posted 3 months ago #

    Getting the same error message since last update when saving settings...

    Also the backup option seems to have been broken too.
    When I make a backup with the button in the backup tab, I receive the email but there is no file created and the log indicate success for the backup process...

    Anyone got the same backup issue ? Might be separated issue but happen only since the last update!

  18. delphon
    Member
    Posted 3 months ago #

    Yep same problems here. Message about unlocking the two files won't go away even after changing permissions via ftp client.

    If this is their new sales technique I guess there will never be any official help here...

  19. PhilMeadows
    Member
    Posted 3 months ago #

    Bugger.

    Have rolled back to 3.6.6

  20. delphon
    Member
    Posted 3 months ago #

    Okay, I have done some more testing and despite this error message, my installation seems to be making all changes to the file as I change settings, check yours and see.

    I have the .htaccess file set to 644..

  21. Ramzii
    Member
    Posted 3 months ago #

    Same issue here, strangely it doesnt appear on each site im running iTS on.

    Unable to write to your .htaccess or nginx.conf file. If the problem persists contact support.

    Can anyone tell me the cause of this annoying error?
    ..will keep a close eye on this thread. Thank you.

    Changing the permissions of the .htaccess file to 644 (which it already was) or to 404 as suggested earlier in this topic did no good.

  22. noelgreen
    Member
    Posted 3 months ago #

    To get the backups to work — and this also removed the error — I simply created the directory that it was trying to create using FTP. Then it was fine.

  23. iThemes Support
    Member
    Plugin Author

    Posted 3 months ago #

    Hi all,

    We apologize for the issues and the frustration this has caused you. Here at iThemes we value your feedback and are working hard to fix these pervading issues.

    Please update to the most recent release (currently v4.0.21), which addresses a number of outstanding issues.

    We appreciate your feedback and your patience in helping us resolve these issues as quickly and efficiently as possible.

    Thanks,
    D.V.

  24. billsmithem
    Member
    Posted 3 months ago #

    Well, the error message has been reworded, but the problems are the same.

    "WordPress was unable to save the your options to .htaccess or nginx.conf file. It looks like another process might already be working on the file. Please wait a few minutes and try again or contact support if the problem persists."

  25. billsmithem
    Member
    Posted 3 months ago #

    I've noticed (and reported) that File Change Detection isn't displaying the minus icon correctly (loading from the wrong location), and the exclude list appears to be ignored in WP installs where Site Address and WordPress Address are different. Possibly the install directory look-up is being done incorrectly somewhere???

  26. Wombat
    Member
    Posted 3 months ago #

    Consider this problem SOLVED. Steps:

    1) Delete the plugin folder entirely, either by CLI or FTP.
    2) Delete your .htaccess file.
    3) Go to SETTINGS >> PERMALINKS and be sure to reset your permalink structure to what it was prior to deleting the .htaccess file
    4) Reinstall the iThemes Security plugin, configure (most should be saved at the database level already from previous install), save, done.

    No more error message.

    Not sure what the root cause of this is, but deleting and re-installing the plugin worked for me. Probably some remnant files from a previous plugin version or something.

  27. lgustaw
    Member
    Posted 3 months ago #

    I have the same problem!
    -WordPress v3.8.2
    -iThemes Security (formerly Worst New Version) v4.0.21

    Older version below 4 working properly!

  28. finomeno
    Member
    Posted 3 months ago #

    Thank you Wombat,

    Your solution solved this for me (:

  29. rwnfrnnd
    Member
    Posted 3 months ago #

    Yes, Wombat's method worked for me as well. To me the 3rd step wasn't that clear. What I did was I set the permalink to WP default setting after the 2nd step, then after 4th step set it back to the style I want in my website. Thanks.

  30. heartharmony
    Member
    Posted 3 months ago #

    Same issue here - Unable to write to your .htaccess or nginx.conf file. If the problem persists contact support.

    I tried Wombat's method but on reinstalling the plugin I noticed that the .htaccess file didn't show ANY Better WP Security code, although the plugin registered as being active. And the error message remained, so I reinstalled my backup htaccess file just to have something working on the site.

    It seems like Better WP is not writing at all to htaccess with the latest update, as no ban ips have also been added to my htaccess files since the changeover - even through the dashboard neatly shows the thousand added in ip addresses that have been blocked in the past week.

    I have checked permissions, and all are as per normal - 644 for htaccess.

Reply »

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.