After the update (4.0.2), my wordpress site locked my out, issuing 404 errors when I went to login (even though I was logged in, WP blew through a series of 404 errors and locked me out. Clearing the errors and attempting to log in only results in more 404 errors.
Whitelisted my IP address (through the database; couldn't get in through WordPress anymore), locked me out again - 404 errors. Cleared error log (through the database, since I was locked out again), logged in, whitelisted my IP address.
Started getting Forbidden 403 errors.
Cleared htaccess, which got me into WP. Whitelist was cleared. Added in current IP address and office IP address. iThemes Security can, apparently, only whitelist one IP at a time, as it didn't save the second IP address. REsaved second IP address.
Looking at website through phone ... and it's got the 403 Forbidden error.
My RSS feed is also not working - it was working before update. Since update, it does not work.