Support » Plugin: iThemes Security (formerly Better WP Security) » Couldn't log into my website after setting up Better WP Security 3.3

  • Resolved gfcoach


    I was recently hacked and a web developer I turn to for assistance at times like these suggested your plugin Better WP Security. I installed it on one site and all seemed well. I began using it on multiple sites and I think I set some of the intrusion stuff too secure because when I tried to log into my websites it just kept taking me to the home page. the /wp-login and /admin links redirected to home. Luckily I am also using Manage and was able to deactive the plugin.

    I tried to keep a log of the setting changes I made (see below). Can you tell me what setting I should change so I don’t have this problem again. I’d really like to reactive the plug in but also need to get in. 😉

    Added Better WP Security plugin by version 3.3. Modified settings:

    * Require Strong Passwords for Contributors and above

    * Remove EditURI header clicked

    * Under Header Tweaks, selected Remove WordPress Generator Meta Tag and Remove wlwmanifst header

    * Under Dashboard Tweaks selected Hide Theme, Plugin and Core Update Notifications

    * Enabled Away Mode and made the site not accessible daily between 2 am – 7 am

    * Enabled Login Limits (with default settings)

    * Enabled 404 Detection

    * Whitelisted my IP address so I don’t get blocked because of accidental 404 Erors

    * Selected Blacklist Repeat Offenders under Intrusion Detection

    * Changed the database table prefix from the default wp_. to XXXXXX_

    * removed generic ADMIN user.


Viewing 15 replies - 1 through 15 (of 22 total)
  • This is happening to me too, am getting locked out just when setting up the one click secure button. I have removed the Lock out option and it still locks me out.

    The redirect to home page is because of time restrictions set in away mode.

    @caps Have you checked your logs? Your issue sounds like you have a bunch of 404 errors in your site.

    The redirect to home page is because of time restrictions set in away mode.

    The “set away” mode is off. So I suspect perhaps on a delete, after deactivate, the data base is not being cleaned up. The plugin is probably using previous data. I will check if the plugin is actually leaving behind data after it has been deleted.

    If I set away mode to daily, and set the start time to 10:-00 pm and the stop to 7:00 am. It will still lock you out. The notifications states:

    “A host,, has been locked out of the WordPress site at until Sunday, June 24th, 2012 at 3:31:13 pm UTC due to too many login attempts. You may login to the site to manually release the lock if necessary.” Unfortunately, Better WP Security sees successful logins as login attempts. The result is that the admin or user will get kicked even though logins are successful.”

    Please contact me so that this may be resolved. This piugin is a great contribution to WP.



    I have the same issue on several installations, had to rename/delete plugin via FTP to be able to login again. Sad, because it seems to be a good plugin. Unfortunately locking myself out of the site doesn’t help at all 🙁

    I also have the same issue.. yesterday only I installed this plugin and now I am not able to login back to my site as admin..

    could someone please help me.. I tried to rename the plugin using FTP but that also not helping… its urgent for me.. pls advise .

    Guys – I was trying to edit my .htaccess file and finally I removed all the content of .htaccess file and now I am able to login in my admin page.

    .htaccess is a hidden file.. so make sure while logging in your cpanel or FTP server, make sure you click on show all hidden files option.

    regards :-

    Then you have also deleted the file permission assigned to the various system and core folders. Unfortunately the plugin is just too buggy for commercial use.

    You will need SSL to access log in. I had the same issue when I added Better WP Security. It seems like a good plugin but it messes up a lot of your other plugins. Just like what another poster said, this plugin is tooooo buggy.

    If you don’t have SSL don’t even bother with this plugin, unless the next upgrade allows for non ssl users.

    @calik1d there is no requirement for SSL in the plugin. In fact most sites on which I employ it have all but ssl turned on due ssl not being available.

    @bit51 your right SSL is not required to use the plugin. But the plugin is still way to buggy to use when trying to implement the security features. If the plugin was written with better code in a newest version it would be helpful. Until then I would stay way from it and go with a plugin that doesn’t bring up the 404 pages.

    It works for almost 200,000 folks at this point calik1d, unfortunately nothing of this scope will work for 100% of environments as it is just too complicated for the many ways WP can be installed.

    Got a little sidetracked with other things and now wanting to get back to this plugin issue and use it to secure my site. After reading the posts am I to understand I should turn off the 404 detection?


    @gfcoach I would recommend turning off 404 detection in BWPS and working to make sure the 404 errors it is encountering are fixed. Turning it off will keep my plugin from locking you out but it won’t prevent Google and other search engines from seeing them which can severely affect your SEO.

    Thanks! I activated the plugin on one of my sites without the 404 detection to see how it goes. Thanks for your response!

Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘Couldn't log into my website after setting up Better WP Security 3.3’ is closed to new replies.