iThemes Security (formerly Better WP Security)
[resolved] [closed] Error on your picture :) (16 posts)

  1. Netz
    Posted 1 year ago #


    In 404 errors (viewing log file) your own .png file is HITTING itself?

    Details for /wp-content/plugins/better-wp-security/modules/free/file-change/images/redminus.png

    Time: 2014-03-26 12:17:30
    Referrer: http://www.mysite.dk/blog/wp-admin/admin.php?page=toplevel_page_itsec_settings&settings-updated=true
    Time: 2014-03-26 12:18:18
    Referrer: http://www.mysite.dk/blog/wp-admin/admin.php?page=toplevel_page_itsec_settings&settings-updated=true


  2. rizal72
    Posted 11 months ago #

    Same here! I had to put the redminus.png url in the whitelist...

    I think this issue happens to people who have wp installation inside a folder (es. wordpress) like me. The plugin panel goes looking for that image in "/wp-content/plugins/better-wp-security/modules/free/file-change/images/redminus.png" instead of lookin for it in "/wordpress/wp-content/plugins/better-wp-security/modules/free/file-change/images/redminus.png".
    In the file "class-itsec-file-change-admin.php" I found that the variable $path is used to generate the url of that image.


  3. Blazar
    Posted 11 months ago #

    I've got the same thing)

  4. Netz
    Posted 11 months ago #

    Solved.... :)
    @rezal72 Spot on...
    I downloaded the PRO version from Ithemes and installed that one..
    The error was fixed the next day with an update!

    Another issues was that all my pictures path to itself showed up as "broken links" ... But the update fixed that one.

    Another issues was that I use BAN users in the free version and my IP list is LONG!! But I had to delete the entire list to get everything working and not locking my self out! And my "Domain watcher" from US was reporting SERVER DOWN ... So every bad hacker and login attempt has got an undeserved second chance!!

  5. respectyoda
    Posted 11 months ago #

    Netz, you should add your IP to the Lockout White List!

  6. Netz
    Posted 11 months ago #

    I did... and my host! and my domain... etc.
    But my IP is dynamic :-(

  7. rizal72
    Posted 11 months ago #

    That is definitely NOT a solution! :)

    Here is the solution:

    in the file better-wp-security/core/class-itsec-lib.php

    in the function (see the line in bold):

    public static function get_module_path( $file, $with_sub = false ) {
    $directory = dirname( $file );
    $path_info = parse_url( get_bloginfo( 'url' ) );
    $path = trailingslashit( '/' . ltrim( str_replace( '\\', '/', str_replace( rtrim( ABSPATH, '\\\/' ), '', $directory ) ), '\\\/' ) );
    if ( $with_sub === true && isset( $path_info['path'] ) ) {
    $path = $path_info['path'] . $path;
    return $path;

    has to become:
    $path_info = parse_url( get_bloginfo( 'wpurl' ) );

    in this way the plugins get the correct url to the REAL wordpress folder (this happens when someone installs wp inside a custom folder, like me).


  8. iThemes
    Plugin Author

    Posted 11 months ago #

    Hey All,

    Thanks for the information! Could you please share what versions you're using? If you're not running the latest version of 4.0.21, could you update and let me know if that helps?



  9. rizal72
    Posted 11 months ago #

    Hello Gerroald!
    Bad luck! :) i've intalled the latest version today before writing the solution tweak. The issue is still present in v. 4.0.21
    Thanks for replying

    PS Wonderful plugin!

  10. Blazar
    Posted 11 months ago #

    Yes, I confirm. The issue is still present in 4.0.21.

  11. rizal72
    Posted 11 months ago #


    version 4.0.23: issue still present.

  12. Blazar
    Posted 11 months ago #

    Please, fix this error!) It is still present in version 4.0.25.

  13. iThemes
    Plugin Author

    Posted 11 months ago #


    We've tested this with a subdirectory and root install and well as multi-site with subdirectories, subdomains and domain mapping none of which have seen the problem after about 4.0.7. Can you please email us on our contact form so we might be better able to reproduce what you are seeing?

  14. Blazar
    Posted 11 months ago #


    I can't find your contact form. Or should I open new thread on your support forum?
    I've got single-site with subdirectory installation. I'm using 4.0.25 now and if I open "Settings" tab in iThemes Security plugin, I always get 404 error:
    redminus.png is present in ../free/file-change/images/.
    But I think correct path should be:

  15. blairw
    Posted 11 months ago #

    I am being locked out even while whitelisting my I.P. address. How do I get back into my own sites after being locked out without removing the plugin. Because I can't reinstall the plugin without being locked out again and the error I'm being locked out for is not of my creation but of the theme developers.

    Forget it. I found the write up on accessing the database and deleting my I.P. there.

    Latest update Version 4.0.27: Can't update CSS code, save anything, enter i.p. addresses for white listing, build a product, edit a form. I can't do anything without getting locked out. Checked the log file, which hit 195mb inside of a few seconds, and everything (every plugin and the theme) is being nailed as an Error or 404.

    (following day) After a week plus of nonsense on both existing sites and new ones I have opted to remove iThemes plugin due to so many errors and lockouts. Going back to BWPS 3.6.6. and my old security set up because it worked flawlessly and it was free to boot.

  16. Dademaru
    Posted 11 months ago #

    I have the same issue on WP 3.9, iThemes Security 4.1.5.
    I have bloginfo( 'wpurl' ) different than bloginfo( 'wpurl' ) since WP is installed in a subfolder.

    in Logs » 404 errors found I'm always getting:

    Could this be fixed?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic