I have contacted Nextgen customer support, and they claim it’s an issue with iThemes, not their plugin.
Hi,
Could you try disabling Long URLs and Suspicious Query Strings and see if that helps?
Thanks,
Gerroald
nope. I uninstalled this plugin and will be awaiting to hear back when it’s known to be compatible. Otherwise I’ll find a better security plugin. Been nothing but problems with this plugin since the name change.
In fact, I have removed the plugin and just left the htaccess file it creates in place. This htaccess file is what breaks the Nextgen plugin. ithemes security doesn’t even need to be active. Just the htaccess is enough to break it.
I’ve had more back and forth with the developers of Nextgen, who believe that the conflict is with how iThemes Security writes the portion of the htaccess file that redirects the login URL.
Specifically, they said they didn’t understand why it was written this way, and how line 2 below wouldn’t cause conflicts with other plugins.
Here are the lines they said were causing the conflict. I’ve edited out the private details…
RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax\.php
RewriteCond %{HTTP_REFERER} !^(.*)url.com/wordpressdirectory/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)url.com/wordpressdirectory/wp-login\.php
RewriteCond %{HTTP_REFERER} !^(.*)url.com/wordpressdirectory/location
RewriteCond %{HTTP_REFERER} !^(.*)url.com/wordpressdirectory/locationb
RewriteCond %{HTTP_REFERER} !^(.*)url.com/wordpressdirectory/locationc
RewriteCond %{QUERY_STRING} !^qmkjj0xqerhjkcygky4fi
RewriteCond %{QUERY_STRING} !^action=logout
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{QUERY_STRING} !^action=register
RewriteCond %{QUERY_STRING} !^action=postpass
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^.*wp-admin/?|^.*wp-login\.php /wordpressdirectory/not_found [R,L]
Simple troubleshooting steps…
start with adding this to wp-config.php then go deeper………..
/** NextGen Gallery Fix **/
if ( preg_match( '/wp-login\.php/', $_SERVER['REQUEST_URI'], $matches ) ) {
if ( ! defined( 'NGG_DISABLE_RESOURCE_MANAGER' ) ) {
define( 'NGG_DISABLE_RESOURCE_MANAGER', true );
}
}
Oops yeah disregard. Just looked at the ithemes code again and yeah the basic troubleshooting code above wouldn’t help in any way.
would be great if this was addressed.