Support » Plugin: iThemes Security (formerly Better WP Security) » completely uninstall Better WP Security

  • Hi,

    I’m experiencing an issue with an ecommerce plugin and just to be 100% sure what the problem is I want to completly uninstall Better WP Security.

    I went into the tweaks tab and unchecked everything.

    Now the dashboard only shows these items as green.

    The admin user has been removed.
    The user with id 1 has been removed.
    You are blocking known bad hosts and agents with’s blacklist..
    Your login area is protected from brute force attacks.
    Your installation is actively blocking attackers trying to scan your site for vulnerabilities.
    Your installation is actively looking for changed files.

    The rest are blue orange and red.

    So if I deactiveate and delete Better WP Security will wordpress be back to it’s state from before I installed Better WP Security?

    The only exception I can see is that user 1 and admin are removed.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Peter


    restore the old .htaccess, I am not sure if Better WPSec does it automatically

    I agree with what Peter said.

    One of my developer clients had the same problem with the latest version of the plugin. After restoring a copy of the .htaccess file generated by an older version of the plugin, his client’s site is back up and running.

    I should note that this is a temporary fix at best, even if the settings for the plugin aren’t changed. Without a thorough inspection of the plugin’s code and a fix for the issue, there’s no telling what might happen moving forward.

    Jan C.



    Hi, I am also having problems with Better WP security and want to uninstall it. But I don’t know how to “restore the old .htaccess” . Is there any way to get rid of this plugin, or has it changed my site permanently?

    This is the standard WP .htaccess with permalinks.

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress

    disable most settings save, then delete htaccess files and replace them with the default.

    You can also do this by going to settings -> permalinks.

    Yesterday I installed Better WP Security. Sorry I did! I’m locked out of my site and have been trying to get back in for the last day.

    I wouldn’t mind but I had only just restored my site after being hacked.
    I thought I’d up the ante on security so I installed ‘Admin Username Changer so I could change the username from ‘Admin; then I looked for additional security and found Better WP Security, installed it, followed instructions to the letter and still now locked out.

    In PhpMyAdmin the wp-users table showed 1 user with an ID of 2, the user_pass for which keeps changing. Why does the password keep changing?

    So when I try to login with the currently displayed password in PhpMyAdmin, I get a login error “ERROR: The password you entered for the username xxx is incorrect.” If I do a password retrieval, the confirmation link is sent

    Logging in with a new user I created in PhpMyAdmin, password from PhpMyAdmin doesn’t work, when I reset password I get “You do not have sufficient permissions to access this page.

    I’ve been locked now out a couple of times – received a site lockout notification in my email. Tried deleting the log entries, tried waiting for the lockout period.

    I’ve cleared the cache, cookies etc.

    I changed the htaccess file to the following (from a thread on this forum) however when I access I get “You do not have sufficient permissions to access this page.”

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    It was this beforehand.

    # BEGIN Better WP Security
    Options All -Indexes

    Order allow,deny
    from all
    Deny from

    <IfModule mod_rewrite.c>
    RewriteEngine On

    # END Better WP Security

    I see that some are posting about changing the .htaccess file however I seem to have several .htaccess files – should I change all of them to the above code.

    I just want to get back into my wordpress site – whatever it takes. I’ve spent the last day trying different suggestions from this forum.

    How can I get rid of this plugin and get back my access back.

    Any assistance at all is welcome. Help!

    Hi justmo,

    I had the same thing happen to me yesterday… Not Good….

    I used my FTP program to connect to my Site and then I downloaded the Better WordPress Security Plugin Folder to my PC so I would have it and then I deleted it off of my WordPress site and I was able to get right in with no problems…

    Now I did NOT do any of things you did before hand so I don’t know what kind of problems your going to have and I recommend you move forward with my technique with extreme caution and make a full backup/download the entire site to your local machine first just to be safe…

    Hope this helps you and good luck.

    Make sure you White List your IP’s before logging out… and check your IP regularly if it changes like mine does…

    To add IP’s to your white list:
    —> Better WP Security – Intrusion Detection —> Detect Tab —> Drop down to: 404 White List, and enter your IP’s

    Thanks for that Tony, much appreciated. I will try that and see if I can access the site. At the moment I cannot log in at all.

    I was just 403 forbidden’d and this is how I regained access.

    1. Login to your Database. (Be careful in here. I’m not responsible for your errors.)
    2. Find “bwps_lockouts” table.
    3. Find the specific record with your IP address and Delete it. NOT the bwps_lockouts table!
    4. Find bwps_log table.
    5. Find the specific record(s) with your IP address and Delete it. NOT bwps_log!
    6. Get FTP access to the root .htaccess for you domain.
    7. Right click and change Permissions from 0444 to 0666 (if applicable)
    8. Open .htaccess in text editor.
    9. Find your IP address and change the first number. (ie; from 50 to 60) (Not sure if you can just delete the entire line)
    10. Save .htaccess
    11. Change permissions back to 0444
    12. Wait a few minutes for server to update.
    13. Try your website root domain.(
    14. If you can see it, you should be able to login.
    15. Once logged in, go to Better WP Security >> Ban Users
    16. Remove you IP address from “Ban Users” text field.
    17. Save Changes
    18. Go to Better WP Security >> Intrusion Detection and add your IP address to the 404 White List. Keep in mind, that your IP address could change and you might what to enter your Ip address neighborhood range. Or use wildcards (###.###.*.*)
    19. Save Changes

    With this method, you should have to rename the plugin.

    Let me know if you spot a flaw in list and I’ll edit it.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘completely uninstall Better WP Security’ is closed to new replies.