Support » Plugin: Solid Security – Password, Two Factor Authentication, and Brute Force Protection » How to RESET iThemes Security plugin to fix issues

  • As many others, a few of our websites got screwed by iThemes Security “upgrade”. We had login issues where we were redirected to homepage.

    There issue is somewhere in the database, it gets screwed up with an upgrade. I did not have time trying to figure out the problem, that’s for the plugin developers. BUT, I needed to fix sites. So here’s how I fixed my sites by resetting this plugin’s database.

    This is not for the faint of hearts, it requires some technical knowledge to edit your database tables.

    BACKUP DATABASE! BACKUP DATABASE! BACKUP DATABASE!
    Use phpMyAdmin to export your database. See Google for details or
    see this article http://www.techrepublic.com/blog/smb-technologist/import-and-export-databases-using-phpmyadmin/

    INSTRUCTIONS
    1. Through FTP or cPanel file manager, go to /wp-content/plugins/
    2. Rename “better-wp-security” folder to something else like “better-wp-security2”
    3. Plugin is disabled and your admin is back working.
    4. Now, the reset. You need to access your database, ideally through phpMyAdmin interface in your control panel (cPanel).
    5. If you have many websites, locate your correct database for the website you’re working on. You can match database name to the name inside wp-config.php file.
    6. Click database name to select and load it.
    7. On the right side you will see a list of tables.
    NOTE: THIS IS A GOOD TIME TO BACKUP/EXPORT YOUR DATABASE. YOU’VE BEEN WARNED.
    8. Delete tables with “itsec” – see screenshot
    http://i.imgur.com/PHLITDW.png
    9. Go to your “options” table, click it.
    10. Sort by “option_name” by clicking the header, and making sure you got rows sorted A-Z.
    11. Find option_name rows starting with letter I.
    12. Look for “itsec” options. See screenshot.
    http://i.imgur.com/MTqTn4h.png
    13. Select all of them. If you’re at the end of the current page, make sure you delete options and check next page to make sure you get them all.
    14. Once you delete these options. Go back to FTP/File Manager.
    15. Rename folder back to it’s original name “better-wp-security”.
    16. Login to your UNBROKEN website using normal wp-login.php URL.
    17. Go to Plugins and activate this nasty plugin back.
    18. It should be fine, you HAVE TO GO THROUGH SETTINGS AGAIN and set it up to protect your WordPress. We deleted all settings!
    19. Carry on WordPressing.
    20. Still here? Go.

    It fixed our homepage redirect issue, but it may fix other issues as well that you might be experiencing. Please be careful and test.

    🙂

    https://wordpress.org/plugins/better-wp-security/

Viewing 15 replies - 16 through 30 (of 112 total)
  • Hi, Viktor:

    I haven’t touched the woocommerce site today yet, but will do “the same thing (above)” to the woocommerce site later this week. Hopfully the latest version of iThemes Security will go with Woocommerce smoothly. Will see…..

    If I find any issue(s), will come back here and look for answers. Thank you, Viktor!

    It seems it is working as Viktor says, I just renamed the better security folder in wp-contents to something else. It gave me access to domain.com/wp-admin where I could log in and get to the dashboard. I found that the iThemes Security was deactivated, I deleted the plugin and now reinstalling it again. Hope it works well.

    Thanks to Vikotr, as I tried different things changing .htaccess but didn’t succeed.

    Thread Starter Viktor Nagornyy

    (@viktorix)

    Simply re-installing and re-activating plugin will NOT delete old database entries and you might be locked out again. If that does happen again, follow the instructions to remove database entries.

    When you activate plugin and database entries are present, it simply uses them – it does NOT override them.

    I agree with Viktor, I went through this over and over again with several websites I have the Security plugin installed on and had the same problem on all the sites until I used Viktor’s instructions and cleaned out the database and started over.

    His solution works but you have to do the whole thing, rename the folder and clean out the database.

    Thanks again Viktor! I spent hours messing around with this until I found your post.

    Thread Starter Viktor Nagornyy

    (@viktorix)

    Glad I could help Lisa.

    I’ve deleted all db tables and instances and followed your instructions but I can still not get into the plugins section on the backend. Only getting Internal server error. Please… any ideas?

    Thread Starter Viktor Nagornyy

    (@viktorix)

    That error sounds like htaccess issue. Make sure you htaccess file looks like this, delete everything else.

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Yeah, I thought maybe that too but it wasn’t, I removed all except your above from my .htaccess file but still the same results.

    Same here .. htaccess fix not work on 4.0.12 .. 2 site of 2 with the blank page on the custom-login-slug

    Thread Starter Viktor Nagornyy

    (@viktorix)

    edubz, check your wp-config file for anything extra. They do add some stuff in there sometimes. Internal server error is related to hosting so you might be able to get your hosting company to provide support for that. I know they will at least tell you what’s causing it. Also, one thing you can try, rename .htaccess to htaccess.txt to disable it. See if that helps.

    silenx, did you delete database entries, made sure htaccess and wp-config files are clean/standard? When plugin is disabled, custom slug won’t work. So wp-login.php will work.

    Thank you Viktor – you have been a lifesaver 🙂

    thanx, really appriciate, last 24 hrs have been terrible for my blood preassure. my wordpress still is a bit slow, but at last i can see it (front end and back end)

    Victor, you are my hero…
    My problem was that the wp-login kept redirecting to https:// and I couldn’t find any solution. Came across your post and followed all your steps but I still couldn’t login, then you post:-

    2. Check your wp-config.php file.
    Make sure you don’t have these:

    define( ‘FORCE_SSL_LOGIN’, true );
    define( ‘FORCE_SSL_ADMIN’, true );

    If you do, delete them.

    worked – all good now, thank you so much.

    PS Loved Better WP Security – not so loving iThemes Security – will wait before reactivating plugin. Good luck to everyone having problems.

    Thread Starter Viktor Nagornyy

    (@viktorix)

    Hi tmrait, if you deleted all database entries I mention, you should be safe re-activating it. I had no issues. But you never know though.

    Viktor
    Was wondering if your method will work if I had previously used the plugin to change the database prefix from wp to something else?
    Am worried that this feature would have made changes to my wp-config file and once the database entries are erased, it may mess up my site?
    Do advise and thanks

Viewing 15 replies - 16 through 30 (of 112 total)
  • The topic ‘How to RESET iThemes Security plugin to fix issues’ is closed to new replies.