WordPress.org

Forums

All In One WP Security & Firewall
Features that are labelled "Advanced" (25 posts)

  1. Tips and Tricks HQ
    Member
    Plugin Contributor

    Posted 1 year ago #

    We have a nice labeling system in this plugin for most of the features. Features that are labelled "Advanced" can break your site. Those are there for the *really advanced* users.

    Don't activate the features that are categorized as advanced unless you know what you are doing. There are plenty of basic and intermediate features that you can use and get very very good security protection/coverage.

    If you have activated an advanced feature and it broke your site then do the following:

    Step 1) Deactivate the plugin using this instruction:
    http://www.tipsandtricks-hq.com/deactivate-wordpress-plugins-without-logging-into-wp-admin-video-tutorial-4375

    Step 2) Reset your htaccess file using this instruction:
    http://www.tipsandtricks-hq.com/how-to-restore-the-htaccess-file-when-using-the-all-in-one-wp-security-plugin-5945

    You should be good after that.

  2. djantonius
    Member
    Posted 1 year ago #

    hi thx , i have acces but i can't login at another place then the ip get's blocked at that place
    thx

  3. mra13
    Member
    Plugin Author

    Posted 1 year ago #

    Do you have the login lockdown feature enabled?

  4. andresito
    Member
    Posted 1 year ago #

    I couldn´t even follow those instructions cause I was lock out from the dashboard.

    I follow the instructions you gave on the links and never could regain access to the settings area (I did regain access to the dashboard, but never to the plugins settings)

    It was my first time testing this plugin but I gave up on it...

    Maybe bad luck...

    For me...this plugin is still buggy

  5. Tips and Tricks HQ
    Member
    Plugin Contributor

    Posted 1 year ago #

    It is likely you didn't fully remove all the rules from your htaccess files.

  6. odanu
    Member
    Posted 9 months ago #

    I am extremely frustrated. I have disabled the plugin from my FTP login, I have deleted its informatiion from my htaccess, and it still redirects me from wp-login to "redirect_to=http%3A%2F%2Fwww.mysite.com%2Fwp-admin%2F&reauth=1". Meanwhile, bots are using the time I have the addon turned off to sign up as users on my site... four of them in the last hour. This is a critical situation. Any advice would be nice right about now.

  7. mbrsolution
    Member
    Plugin Contributor

    Posted 9 months ago #

    Hi @odanu did you follow the instructions above from @Tips and Tricks HQ?

    Are you sure you don't have another plugin that is redirecting your site?

  8. Dr. Ashok Koparday
    Member
    Posted 9 months ago #

    Hi Ruhul,
    Greetings!

    Thank you for your magnificient plugin, All in One WP Security and Firewall.

    UpdraftPlus Backup Restore plugin was not able to use scheduler. On deactivating 'All in One WP Security and Firewall' plugin the error message disappeared and the WordPress Scheduler was back in work.
    Error message was:

    Warning: WordPress has a number (13) of scheduled tasks which are overdue. Unless this is a development site, this probably means that the scheduler in your WordPress install is not working. Read this page for a guide to possible causes and how to fix it.

    Will you kindly tell me which particular feature of the security plugin could be breaking the scheduler? This will help me use the security plugin effectively without any problem.

    Thanks and regards,
    Dr. Ashok Koparday

  9. mbrsolution
    Member
    Plugin Contributor

    Posted 9 months ago #

    Hi @Dr. Ashok Koparday can you confirm that the manual backup works with this security plugin? I have tested a manual backup and it worked on my testing site.

    Try the following if you have them activated.

    Do not activate the following options:

    • WP Security -> Filesystem Security -> Disable Ability To Edit PHP Files:
    • WP Security -> Filesystem Security -> Prevent Access to WP Default Install Files:
  10. Dr. Ashok Koparday
    Member
    Posted 9 months ago #

    Hi Manuel,
    Greetings!

    Yes, the manual backup works with UpdraftPlus when the security plugin is active.

    I have not activated the Filesystem Security features mentioned by you.

    I have reactivated the security plugin. I shall observe for a day if the UpdraftPlus does the backup at the scheduled times and report to you.

    Thanks for your valuable assistance,
    (and the safety provided by the plugin)
    Dr. Ashok Koparday

  11. mbrsolution
    Member
    Plugin Contributor

    Posted 9 months ago #

    Hi @Dr. Ashok Koparday how are you trailing with your issue?

  12. Dr. Ashok Koparday
    Member
    Posted 9 months ago #

    Hi Manuel,
    Greetings.

    The All In One WP Security & Firewall is activated and the UpdraftPlus Backup is unimpeded.

    The All in One WP Security & Firewall is set at 185 points out of the total 460.

    The settings of both the plugins are to my satisfaction and perform well.

    Thanks for the security features you provide.
    Regards,
    Dr. Ashok Koparday

    PS
    The features of plugin are sturdy.
    I believe, however, it may be reassuring to users if with the rename login page URL you could also provide an additional password function.

  13. mbrsolution
    Member
    Plugin Contributor

    Posted 9 months ago #

    Hi Dr. Ashok Koparday in regards to the additional password function. What is your suggestion?

    Regards

  14. Dr. Ashok Koparday
    Member
    Posted 9 months ago #

    Hi Manuel,

    It is likely that the plugin gives more than adequate protection. You know best.

    My thoughts:
    # Rename Login Page and
    # Cookie Based Brute Force Prevention
    are two features that allow administrator to change the wp-login.php to another string of choice.

    I think admins may like having another string to be used like a password on this login page in addition to the usual wp password.
    Or
    it could be another feature independent of the above.
    So in the simplest way admin will see three boxes while logging.
    One for the username (this you recommend to be changed)
    Another for the usual password
    and third would be a string, which would act like an additional lock.

    Thanks for your attention,
    Best wishes,
    Ashok

  15. mbrsolution
    Member
    Plugin Contributor

    Posted 9 months ago #

    Thank you @Ashok for your suggestion. The developers will review your suggestion further.

    Kind regards

  16. Casperk
    Member
    Posted 8 months ago #

    Hi There,

    I locked myself out of my site, I followed your instructions above, and deleted the firewall part in my .htaccess file. Also I disabled all the plugins currently installed as you mentioned in the youtube videos. But I still get redirected to:

    http://www.example.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.example.com%2Fwp-admin%2F&reauth=1.

    When I go to http://www.example.com/wp-admin.

    Are there any other solutions you can think of to get me out of this?

    Kind regards,
    Casper

  17. Casperk
    Member
    Posted 8 months ago #

    I found the solution, for some reason my files were with permission 664, when I changed wp-login.php to 644 it was working like a charm. See also: http://stackoverflow.com/questions/14532520/redirect-loop-on-wp-admin-or-wp-login-php

  18. b3r2c0
    Member
    Posted 5 months ago #

    Thanks , I had already tried all kinds of deleted and deactivations of files, databases, changes in the wp -config , updated version , etc .. everything except the .htaccess that was what was causing the problem .

    Thank You !!!!!

  19. Filipe
    Member
    Posted 5 months ago #

    Hi, i'm having problems login to my admin site.
    I have manually disabled and deleted the plugin and cleaned the .htaccess file. I have no other security plugins running.

    When i install the plugin and enable it, i'm automatically out of my admin area! Yesterday night i installed the plugin and enabled all settings i had enabled on several other sites i'm running, including the admin renaming, and it was working fine. Today i went to the admin area and i couldn't, so i done those steps to disable and delete the plugin, but now i can't enable it again! When i enable the plugin, my htaccess file contains no data related with this plugin and even so i'm out of the admin area!

    The only way i can access the admin area is to disable the plugin.

    Can someone help? Thanks!

  20. mbrsolution
    Member
    Plugin Contributor

    Posted 5 months ago #

    @Filipe did you by any chance enable the Whitelist feature under the Brute Force tab?

  21. Filipe
    Member
    Posted 5 months ago #

    I believe so, does it add something to the MySQL DB?

  22. mbrsolution
    Member
    Plugin Contributor

    Posted 5 months ago #

    If you did can you confirm if the IP address you added to the Whitelist feature is static? Can you also confirm that where you are login from is using the same IP address? If not then that is probably what is causing your problem. You will have to either change the IP address or disable the Whitelist feature altogether.

  23. Filipe
    Member
    Posted 5 months ago #

    My IP is not static but its the same today it was yesterday. My problem is that i'm unable to make any configuration changes because as soon as i enable the plugin, it gets me out of wordpress admin area and i'm unable to get in again no matter what i do!
    After that the only way i can enter again is changing plugin name folder via FTP so that it gets disabled. I even tried removing and reinstalling the plugin again, but its the same problem!

  24. mbrsolution
    Member
    Plugin Contributor

    Posted 5 months ago #

    Okay Filipe try the following to totally delete the plugin and install a fresh copy.

    Follow the instructions below.

    – FTP to your host and rename this plugin’s folder or delete it.

    – FTP the .htaccess file to your computer and edit and remove all the code between and including the tags:
    # BEGIN All In One WP Security
    # END All In One WP Security

    – Log into phpMyAdmin and locate the dabase for the website you are having problems with. Go to the wordpress “options” table. Look for the row which has the option_name value of aio_wp_security_configs and delete that row.

  25. Filipe
    Member
    Posted 5 months ago #

    Hi again!

    That fixed it! The first two i had already done, but i wasn't sure the plugin saved anything on the MySQL DB, so the last option fixed it, and i am now able to acess my admin are again!

    But this is kinda strange, because i have more websites with this plugin and the same options and no problems. From one day to another it just stopped working.

    I will take a closer look at the firewall, brute force and whitelist options.

    Thanks again!!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.