WordPress.org

Forums

iThemes Security (formerly Better WP Security)
Expiring Session in Less than 1 Second After Latest Update (4 posts)

  1. reinaldocfilho
    Member
    Posted 10 months ago #

    After the latest update it expires my session within less than 1 second, so, I can't manage to change any options and can't stay in the admin panel for more than 1 second, it broken totally my WordPress admin after that update, the only solution was to delete the plugin folder from the FTP since I don't even been capable of accessing my own plugins menu.

    https://wordpress.org/plugins/better-wp-security/

  2. Cartman
    Member
    Posted 10 months ago #

    I had the same problem as the OP, and even reverting to the old version didn't solve the problem, I was still getting a 403 Forbidden message everytime I logged in.

    So I started poking around with things, and it seems like something in the .htaccess file was added in this update is causing the 403 error. I removed all of the iThemes Security stuff from my .htaccess file, and then I was able to get version 4.1.5 working again. (which then added stuff to the .htaccess file, but nothing that broke the site)

    Hopefully this helps the developers pinpoint the issue..

    On a side note, my logs don't seem to work now, but I'm hoping that's just a byproduct of upgrading to the new version and then downgrading again.

  3. iThemes Support
    Member
    Posted 10 months ago #

    The only change in 4.2 to htaccess was the addition of the WPScan agent in the blocked hosts. Would love to see what is causing this for you. Please submit a bug report at http://ithemes.com/security/bugs/ and we'll work with you to solve it.

  4. Cartman
    Member
    Posted 10 months ago #

    If you look at this thread:
    http://wordpress.org/support/topic/after-update-to-422-locked-out-of-my-website?replies=1#post-5554075

    The OP has an interesting theory as to why this might be happening. If that is in fact the case, anyone with the default username of admin is seriously screwed. (Mine isn't, but based on the logs, these bad guys have figured out my username as well and just keep trying to crack my PW with brute force)

Reply

You must log in to post.

About this Plugin

About this Topic