GREAT PLUGIN, until…

I remember when anti-virus software started to thrive, only computers who had them installed were the ones annoyingly (if it doesn’t annoy, there’s no sense of urgency, right?) failing and rebootting when you wouldn’t upgrade to the paid version.
You’d had to go with the less retailating one, rather than the one with more features.

Weeks ago, when the new plugin became iThemes and the “update” notice started to show in my only two websites I had it installed, both websites got the .htaccess corrupted. ( i.e. attacked )

Why the attackers would be smart enough to stay un-detected while your software was installed but got so sloppy to make my website to fail RIGHT before you came up with a paid version?

It seems anti-threat products are the only ones that pass from a 5 star product to a -5 star threat RIGHT before a paid upgrade comes out.

That’s too much of a coincidence… or there’s someone hacking your own users and you are just a step behind instead of ahead?

In one of them, the error.log generated by your plugin grew up to 953MB+ (or so) and I couldn’t even inspect it because I run out of bandtwith 60% into the download process. I had to delete it, restore the .htaccess to default, and then re-activate your new plugin.

The other website wasn’t setup to create a log.file, and I didn’t have many options changing the .htaccess file, but I could see all the first letters of every line in the .htaccess file were duplicated, and the new-line removed.

E.g.: A line starting with “Rewrite…” would end up glued to the previous line, like “…[301 L]RRewrite…”

I hope you find the attackers that are targetting your users (now customers)… or that this was the last push to upgrade. Overall I still think it’s a 5-star plugin.

https://wordpress.org/plugins/better-wp-security/