Support » Plugin: iThemes Security (formerly Better WP Security) » I Can't Login After Installing Better WP Security, Even wp-admin link Broken

Viewing 15 replies - 1 through 15 (of 21 total)
  • arjanv

    (@arjanv)

    had the same problem.
    couldn’t login anymore.
    i’ve just deleted this plugin

    I had the same problem!!

    Hi all.

    The only solution to get back in to your site is to remove your .htaccess file which has been modified by BWPS.

    I have experienced this problem with older versions but upgraded to BWPS 3.0.1 today which, again, rendered my site inaccessible.

    The .htaccess file that crashes my site (giving a http 500 error) looks like this:

    # BEGIN Better WP Security
    Options All -Indexes
    
    Order allow,deny
    Allow from all
    Deny from  
    
    <IfModule mod_rewrite.c>
    RewriteEngine On
    
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    RewriteRule ^(.*)$ - [F,L]
    
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} tag\= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
    RewriteCond %{QUERY_STRING} http\:  [NC,OR]
    RewriteCond %{QUERY_STRING} https\:  [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteRule ^(.*)$ - [F,L]
    
    # END Better WP Security

    If someone could help out to identify what causes the http 500 error I’d be happy.

    A few minutes later:

    After having deleted almost every line in the BWPS generated .htaccess file I ended up with this, and my site is still inaccessible!

    # BEGIN Better WP Security
    Options All -Indexes
    
    Order allow,deny
    Allow from all
    Deny from  
    
    <IfModule mod_rewrite.c>
    RewriteEngine On
    
    # END Better WP Security

    There has to be something seriously wrong happening when BWPS generates the .htaccess file, but I don’t know what it is…

    The updated version seems to be working fine for me. Just thought I would share that.

    Im using WP-buddypress and have same problems.
    First i try just to update plugin and my website becomes unusable then i deleted plugin and cleared all data in database so i installed fresh…still didnt worked so i decided to delete once again and returned older version of plugin wotrked seamless so i uncheck all security options and cleaned database again includin cleaning .htacces file to be old wordpress wpconfig with normall permissions and i installed plugin again and doesnt working.
    Some of server error are next:
    WP database ‘mybase._bwps_lockouts’ doesn’t exist for query INSERT INTO _bwps_lockouts (type,active,starttime,exptime,host,user) VALUES (‘2′,’1′,’1330960478′,’1330960478′,’66.249.66.174’,”) made of require, require_once, include, get_header, locate_template, load_template, require_once, wp_head, do_action, call_user_func_array, bwps_secure->check404, bwps_secure->logevent, bwps_secure->lockout

    ‘mybase._bwps_log’ doesn’t exist for query SELECT COUNT(*) FROM _bwps_log WHERE type=2 AND host=’66.249.66.174′ AND timestamp > 1330960478; made of require, require_once, include, get_header, locate_template, load_template, require_once, wp_head, do_action, call_user_func_array, bwps_secure->check404, bwps_secure->logevent

    i removed database prefix from this code but i hope that this will help making it fix.Just to mention my cleaning database have meaning that i deleted just records of site lockout and not whole table,also i noticed when i install never version and i want to untick all options there was an error becouse data in htacces file and wp-config staying nchanged for permissions and data stored while plugin was active i didnt check install file also.Can you make when i want to uninstall plugin to be all settings restored as was before installing it?in this case i must do manual.Thanks I think this is very good plugin and keep it working ppl 🙂

    This is a simple problems. It is not because of upgrade or anything else. When you implement the Better WP security, there is a button to Hide Backend Options. The Security tool changed fro, wp-admin, wp-login etc to just admin, without the wp. So you can either log in by entering your domain followed by admin or login eg.
    http://www.mydomain.com/admin or you can use the http://www.mydomain.com/wp-adminXXXX where XXXX is the secret code you were provided when you enabled the Hide Backend options: If this helped leave me a commment here on our blog. http://www.sleekwarehouse.com

    where is saved secret key? I forgot it and now can’t login

    I have the secret key but still can’t log in because I made the mistake of changing “login” “admin” and “register” with a word I can not remember and I stupidly did not write down.

    Anything I can do? Or just keep trying to use words I thought I used?

    xfalcon1 you can get it from your .htaccess file

    OK, thanks to you all I could solve it. Opened the htaccess file editor and copypasted the wp-admin line as you said. Now we now the solution if the login page gets lost again. For the rest I am very happy with the pluguin. Feel safer!

    Glad it’s working. Thanks for the followup.

    I’m not able to find the wp-admin line in .htaccess. What section is it in and what should I look for? Thanks.

    I simply can not figure out how to get in to my client’s site. I have tried every combination of /login , /admin, /login[secretcode] , /login?[secretcode] … etc. and can not get into the site.

    Should I just rename the htaccess file and start with a blank one? Very frustrating

    using /admin[secret code] isn’t working for me. still only getting “not_found”

    I’m having the same problem and can not resolve the error not_found

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘I Can't Login After Installing Better WP Security, Even wp-admin link Broken’ is closed to new replies.