Support » Plugin: iThemes Security (formerly Better WP Security) » It seems very risky to use this plugin

  • Resolved DazzelDum


    I have been really struggling with the security backups–they are very complicated. I dont understand most of the lingo. I am not sure about the right backups either.

    But this plugin seems to easily break a site. Is that right?

    So if I have a back up and the site breaks, I would have to find out how to restore and be back to step 1.

    Is there an easier plugin for security without putting my sites at risk? And easier for a newbie to figure out? Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Handoko


    Security is a risky thing.

    Yes, this Better WP Security is very risky, I warn you. You better to have some technical knowledge (like .htaccess, restoring backup, database repair, etc) if you want to use it. Sound scary right?

    Mine ever broke twice because of this plugin. Luckily I can repair it. You need at least to know how to restore your website.

    This plugin is great, I may say it is a total protection. It’s awesome if you can make it works. Believe me, I have tried lots of security plugins.

    If you still dare to use this plugin, my suggetion are:
    – Read carefully before you enable any feature
    – Don’t enable all the features, enable only what you understand
    – Start with very minim features, then enable one-by-one the others
    – Backup <—- this is the most important before you start

    Good luck. If you never try it, you’ll never know it. Even it breaks your site.

    Thank you Handoko, for your great response.

    I don’t know anything about the things you mentioned but I am trying to learn more about them.

    This sounds like a great plugin for the technical minded. But for the rest of us, if something goes wrong, we are alone. No support for free plugins.

    Thank you for validating that this is risky.
    Warm regards, Mary



    You’re not alone. Me and many nice people here are willing to help.

    Actually it’s not as risky as it sounds if you have done enough preparations:

    1. Make backup of your website.
    Find and install a backup plugin. Remember, the things you need to backup are database and files. My suggestion is to use BackUpWordPress plugin. Once you backup your website, save it to your local computer. If you have backup, you can restore your website no matter what bad things happened, the success rate is nearly 100%. It’s not hard to restore from backup, you may also ask your webhost, they usually will help you because it’s really not hard to restore a website.

    2. Save your .htaccess file.
    Can you and do you know how to use File Manager (cPanel)? You should keep a copy of .htaccess file. The easiest way to do it is to make a copy of the file and rename it, I usually name it as .htaccessBackup.

    3. Save your wp-config.php file.
    Similar to the no. 2. You should keep a copy of wp-config.php using File Manager. Copy it and rename to for example wp-configBackup.php.

    4. Don’t enable the things you don’t understand.
    Once, you install and activate this Better WP Security plugin, you should not enable anything you don’t understand. Most problems people do with this plugin, is to enable the features that’s not compatible with their website or webhost environment.

    5. Stay away with these feature, they’re may be too risky:
    Away Mode (may block yourself)
    Content Directory (may cause problem with other plugins)
    Database Backup (may not compatible with some webhosts)
    Database Prefix (may cause problem with other plugins)
    File Change Detection (may not compatible with some webhosts)
    SSL (can cause chaos if you don’t know what it is)

    6. Those above (no. 5) should be avoid, have great potential to break your website. Here below are less potential, you may try but only enable it one-by-one and leave it for some days to examine if your website still working correctly:
    Default Banned List (may block some good bots)
    Filter Request Methods (compatible problem with a few plugins)
    Filter Suspicious Query Strings (compatible problem with a few plugins)
    Prevent long URL strings (compatible problem with a few plugins)

    7. Enable only one at a time.
    Avoid to enable several features at once. You should enable only 1 and leave it for some days to see if something weird will happen.

    On most cases, even it breaks your website, it can be easily repair by copy/paste your .htaccess and wp-config.php. So you should keep a copy of them before you install this plugin. Only on very rare cases, you will need to use backup files to restore your website.

    Good luck.

    Thank you Handoko, for the time and energy you have put into this response!
    Your kindness is so appreciated! To read “you are not alone” gives me much relief.
    I will work with all of the things that you mentioned.

    I do use the backup that you mentioned, but I hope to never need it.
    Be well and thank you again! Warmest regards, Mary

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘It seems very risky to use this plugin’ is closed to new replies.