WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
Version 4.0.7 is live. Please let us know if you are still seeing issues (68 posts)

  1. iThemes
    Member
    Plugin Author

    Posted 3 months ago #

    Hey iThemes Security community, version 4.0.7 is a release intended to fix issues surrounding the Hide Backend feature.

    We’ve been fast at work since launch and reporting of the issues.

    If you have issues or bug reports, please submit those here giving as much detail as possible so we can identify the issue and fix them.

    http://ithemes.com/security/bugs/

    Thank you for your patience and assistance as we continue to iterate on the plugin for you.

    https://wordpress.org/plugins/better-wp-security/

  2. WaldenPondDesign
    Member
    Posted 3 months ago #

    Still not working. I did a clean install of 4.0.7. When I activate I am kicked out of WordPress. When I try and access the dashboard I get "You do not have sufficient permissions to access this page.". Thus I am forced to renamed "better-security" to access the dashboard.

    The guys at WordFence are probably laughing their assess off.

    Guess I gotta wait for 4.0.8

  3. zimxo
    Member
    Posted 3 months ago #

    doesn't work for me either - same issues as WaldenPondDesign across 10 sites

  4. wp_kc
    Member
    Posted 3 months ago #

    Locked me out. The only way I could get back in was to...

    * delete the plug-in folder.
    * delete all itsec tables from the database.
    * delete all iThemes Security entries in the .htaccess file.
    * reinstall plug-in and reconfigure.

    Not a very friend way to update a plugin. Also... I am still see these in the 404 logs...

    /wp-content/plugins/better-wp-security/lib/icon-fonts/fonts/ithemes-icons.ttf
    /wp-content/plugins/better-wp-security/lib/icon-fonts/fonts/ithemes-icons.woff

    I added that fonts folder to the 404 whitelist for now. But I could see how that could easily lock someone out in sort order.

  5. RandomNick
    Member
    Posted 3 months ago #

    Site without jquery works without a problem. Other site with jquery - same problem as zimxo and WaldenPond. Maybe that will help about fix.
    Also maybe we must clear database to make plugin work again?
    Viktorix post in another thread
    http://wordpress.org/support/topic/how-to-reset-ithemes-security-plugin-to-fix-issues

  6. Patty
    Member
    Posted 3 months ago #

    I updated the plugin and now when I try to log in I just get a blank page. On one site I didn't change any settings but when I logged out, I couldn't log back in. I just see a white screen.

    On the other site, I enabled compatibility mode for hide the backend to test if this was the problem and I still ended up getting locked out of this site.

    I removed all reference to iThemes security in .htaccess but I still just get a black screen when I try to log in.

    Please help. I used to love this plugin but this update is causing me major headaches.

  7. Viktor Nagornyy
    Member
    Posted 3 months ago #

    It doesn't seem to be the code that's causing issues, it's your options in database that are causing conflicts. I can't waste time to figure out exactly what it is, but it's clearly in there.

    To iThemes, you need to reset better wp security database entries instead of transferring them. Think about this?

    What's more painful?
    Redo settings OR not being able to login to your own website at all.

  8. Stephen Judge
    Member
    Posted 3 months ago #

    After upgrading to 4.0.8 I think iThemes Security is interfering with the 'Google Authenticator for WordPress' plugin. The form field on the login page to enter my two factor authentication code is now missing. I am just able to login with my username and password. When I look at the Google Authenticator for WordPress settings it is still active as before.

  9. Patty
    Member
    Posted 3 months ago #

    There is a new version that fixed the white screen problem. That was just released. It's version 4.0.8.

    The solution for me to regain access to my site so I could upgrade to the fixed version is found here: http://wordpress.org/support/topic/how-to-reset-ithemes-security-plugin-to-fix-issues?replies=1

  10. Patty
    Member
    Posted 3 months ago #

    I should point out that on the second site that I fixed, all I had to do was rename the Better WP Security folder in the plugins directory to better-wp-security2 from the file manager in the cPanel on my hosting account.

    This deactivated the plugin and I could then log in to my site with http://www.mysite.com/wp-admin/. Then once I was logged in, I renamed the plugin folder to it's original name which was better-wp-security2.

    Then I reactivated the plugin on my site and updated to version 4.0.8 and everything seems to be working fine now.

    I'm glad they fixed this glitch soon! Thank you to the developers for releasing a new stable version quickly!

  11. WaldenPondDesign
    Member
    Posted 3 months ago #

    >>
    Still not working. I did a clean install of 4.0.7. When I activate I am kicked out of WordPress. When I try and access the dashboard I get "You do not have sufficient permissions to access this page.". Thus I am forced to renamed "better-security" to access the dashboard.

    Guess I gotta wait for 4.0.8
    >>

    Tried 4.0.8 exact same response.

  12. Patty
    Member
    Posted 3 months ago #

    @WaldenPondDesign, did you try cleaning your database as described in this post: http://wordpress.org/support/topic/how-to-reset-ithemes-security-plugin-to-fix-issues?replies=1?

    I just updated 25 sites to 4.0.8 and they're all working now. I made sure to make a backup of my database before I cleaned the database when fixing the first site. On the other sites, I didn't have to clean the database. I was able to just update to 4.0.8.

    If you're getting the "You do not have sufficient permissions to access this page." error message, you might have enabled the hide the backend feature. If you do this, you'll get that error message if you try to access your site with /wp-admin/. I think it replaces the wp-admin/ with a generic default login slug with something like wplogin but I can't remember since I used a custom code in that field.

  13. Patty
    Member
    Posted 3 months ago #

    @WaldenPondDesign. I would try logging in with http://www.yoursite.com/wplogin to see if you still get the error. I just checked and that is the default Login slug for the plugin as shown here: http://ithemes.com/security/recovering-admin-login-url-hide-backend-setting/.

    That page is about a different problem than the one you're having but it shows a screenshot of the default iThemes Security Login slug.

  14. Carrot Cruncher
    Member
    Posted 3 months ago #

    I've manually cleared out the old version of the plugin and installed 4.0.8 from scratch. Enabling the hide backend option just loops the login page and when I disable this option and check the logs I see numerous 404 errors which seem to be due to the fact that the plugin is not correctly recognising that my WordPress installation is in a subdirectory.

  15. Stephen Judge
    Member
    Posted 3 months ago #

    To confirm my problem with iTheme Security interfering with Google Authenticator for WordPress. I disabled iThemes Security, logged out, navigated to the login page again and my Google Authenticator for WordPress authentication code form field was present requiring me to provide a 2FA code in order to login. I logged in and re-enabled iThemes Security, logged back out again, navigated to the login page and again my Google Authenticator for WordPress authentication form field is gone again and I am able to login using only my username and password.

  16. Nando_lavras
    Member
    Posted 3 months ago #

    After update to 4.0.10 my google authenticator plugin not work anymore... in the admin login screen there should be a third field to enter the code from google authenticator after this update the field simply disappeared and now I'm going straight with only username and password, please check this.

  17. Big_Rich
    Member
    Posted 3 months ago #

    Just updated to 4.0.10

    The hidden wp-admin now works (that is to say the secret word works) BUT if instead of using the secret word I pur wp-admin, instead of getting a 404 error I get:

    You do not have sufficient permissions to access this page.

  18. visceral concepts
    Member
    Posted 3 months ago #

    Updated to version 4.0.10 and am now getting the following fatal error:
    Fatal error: Out of memory (allocated 62128128) (tried to allocate 3864595 bytes) in /homepages/15/d373560574/htdocs/wp-includes/wp-db.php on line 951

    Has also happened for other files. It seems iThemes security is eating memory like it's nobody's business.

  19. dpipitone
    Member
    Posted 3 months ago #

    Just updated, and the backups are not working. It states the locally saved backups should be located in "..../wp-content/uploads/ithemes-security/backups" and no such folder exists.

    Also, the ones emailed to me have no attachment.

    Help?

    Thanks

  20. respectyoda
    Member
    Posted 3 months ago #

    Visceral, you'll have to add this in your wp-config.php.

    //MEMORY LIMIT
    define('WP_MEMORY_LIMIT', '256M');

    Please note that the memory limit will vary from one hosting provider to another. The way to find the memory limit is as follows:

    If you find out what your php.ini limit is set to you can increase WP limit to that and see if that helps. You can use a simple function to check your PHP settings.

    Create info.php and put this in there.

    <?php phpinfo(); ?>

    And view it in your browser: domain.com/info.php and look for the memory limit value.

  21. upfromheree
    Member
    Posted 3 months ago #

    I didn't have any issues with 4.0.7, but when I upgraded to 4.0.10 I started having the same issue as Stephen Judge without the ability to log in. When I try to log in using just the username and password, I get the same error message as WaldenPondDesigns.

    I logged in to FTP and changing the name of the BWPS folder allows me to login using the Authentication, so I was then able to deactivate Google Authenticator. From there I renamed the BWPS folder and reactivated. I'm able to log in now, though without the two-factor authentication, which makes me a little uncomfortable.

  22. christina-b
    Member
    Posted 3 months ago #

    I wonder how to savely uninstall Ithemes Security. I just had an internal server error after deactivating it. I restored a complete backup of the site and database ( time of backup 2 days prior to installing Ithemes Security). But I see it still exists in my plugin folder. What is the safest way to delete the plugin completely?

    Thanks!!

  23. Big_Rich
    Member
    Posted 3 months ago #

    OK so I just found the solution for the problem I mentioned above.

    In the Hide backend section of the settings theres a new option called "Enable Thema Compatibility" (or very something similar)

    Once that was selected everything now works fine.

  24. Nando_lavras
    Member
    Posted 3 months ago #

    4.0.12 up.... G Auth issue continues!

  25. lindsphill256
    Member
    Posted 3 months ago #

    Updated my client's site to 4.0.12, and I'm still seeing 404 errors for admin pages after trying all possible admin URLs.

    Anyone know what these two bullet points in the changelog mean?
    Added an option for custom login action that can bypass hide login
    Allow admin-ajax.php to bypass hide backend

  26. CarrieM
    Member
    Posted 3 months ago #

    I'm having similar issues. I updated the plug in on three sites and it crashed all three. I'm getting the following error:

    Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 128 bytes) in /home/[site]/[folder]/wp-includes/wp-db.php on line xxxx

    For each site the only way to get back in was to delete my .htaccess file and delete the plug in via ftp.

  27. kodowd
    Member
    Posted 3 months ago #

    I just enabled on one of my sites and set it up to email backups. I got the email, but attachment it referenced was not attached.

  28. WaldenPondDesign
    Member
    Posted 3 months ago #

    Yikes I am still watching by the sidelines after issues with both 4.0.7 and 4.0.8. I am waiting for 5.0.

    The more daring they may want to try using the Sandbox plugin to mitigate issues with crashing site.

    My heart goes out to you guys, this really must be a tough issue to fix.

    Best,

    Andrew

  29. edubz15
    Member
    Posted 3 months ago #

    I don't seem to be having the issues anyone else here is having, I can get into my back-end just fine but can't go to plugins section or update-core section! I've cleared DB of all bwp instances and cleared htaccess of it as well. HELP!

  30. Patty
    Member
    Posted 3 months ago #

    @ebudz15 - I would try going to security settings and making sure that you don't have the "Disable File Editor" option checked. If you do, uncheck it, refresh the page while you're in the WP dashboard, and you should have access to the editor in the WordPress dashboard.

Reply »

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.