iThemes Security (formerly Better WP Security)
iThemes Security Update Fails - 404 errors, 403 errors, forbidden, RSS fail (27 posts)

  1. shawnebell
    Posted 1 year ago #

    After the update (4.0.2), my wordpress site locked my out, issuing 404 errors when I went to login (even though I was logged in, WP blew through a series of 404 errors and locked me out. Clearing the errors and attempting to log in only results in more 404 errors.

    Whitelisted my IP address (through the database; couldn't get in through WordPress anymore), locked me out again - 404 errors. Cleared error log (through the database, since I was locked out again), logged in, whitelisted my IP address.

    Started getting Forbidden 403 errors.

    Cleared htaccess, which got me into WP. Whitelist was cleared. Added in current IP address and office IP address. iThemes Security can, apparently, only whitelist one IP at a time, as it didn't save the second IP address. REsaved second IP address.

    Looking at website through phone ... and it's got the 403 Forbidden error.

    My RSS feed is also not working - it was working before update. Since update, it does not work.


  2. btajis
    Posted 1 year ago #

    All the same here!
    I updated from BWPS and the first step was to update the database which I did and lost control of my site (403 error). My provider helped out and disabled the plugins to be able to get back in, then I started turning the plugins back one by one. Turning on iThemes Security worked but when I started doing the settings it again threw me out with 403 error.

    The guys at Hostgator are telling me that the plugin was creating too many Deny Coding in the .htaccess file and that it was blocking every IP. I have no idea what this means as I am not a techie guy, all I know is that I had to disable the plugin and I feel naked…
    Could you please look into this?

    I really like the plugin and I want to keep using it. BWPS has never given me any trouble just security and the ease of mind and I expect the same from this upgrade.

  3. madcaesar
    Posted 1 year ago #

    I'm having the same issues. Massive amounts of 404 not found. I looked at firebug and there is a problem in where iThemes Security is looking for files.

    It's looking here: https://www.mydomain.com/C:vhostsmydomain.comwp-contentpluginsbetter-wp-securitymodulesfreefile-change/js/admin-file-change-warning.js?ver=4002

    Why is it doing this? Instead of just going to: https://www.mydomain.com/wp-contentpluginsbetter-wp-securitymodulesfreefile-change/js/admin-file-change-warning.js?ver=4002

    It's adding my root directory as well: C:pubvhostsmydomain.com so it's having all kinds of problems.

  4. msshams
    Posted 1 year ago #

    the same issue happened here :(

  5. ExistentialElla
    Posted 1 year ago #

    Yup! Me too! I can't get into my own website. All I did was install the update, then I checked out the list of things to "fix." I clicked on "fix it" on a couple of items and was given an error page. Then I got an email saying I was locked out. Now I can't get back into my site!!

  6. btajis
    Posted 1 year ago #

    I wonder if anyone is ever monitoring this thread? Will ever someone answer us? Or how can we reach the developers?

  7. Bob Hollis
    Posted 1 year ago #

    Same here. I deactivated, updated, tried to reactivate and got a "page not found" error. Error then repeated on other admin pages, including Backup buddy when I attempted to restore my site. I had to go in through the server side and rename the plugin to get my site working again. But now I now longer have Better WP Security (or ithemes security).

  8. Marcelo Pedra
    Posted 1 year ago #

    Hi! the developers are aware of this. This craze begun last friday and they are working ahrd to fix it. In the meantime, do what I did: uninstall de plugin, download the last stable version from the below link and reconfigure everything as used to be:
    It's a PITA, I know, I manage dozens of sites where I couldnt upgrade the plugin. Fortunately I read the forum thread before updating and noticed something gone wrong, so I upgraded only one test site in a subdomain and didnt wreak havoc. The only solution TODAY, is to downgrade to Better WP Security 3.6.6. iThemes' version will eventually be fixed these days, but to keep things working and safe, just downgrade now!
    Best regards.

  9. mthomas80
    Posted 1 year ago #

    I was locked out too, everything was working fine until this recent update.

    I didn't find the 'fix 404 error' instructions on the iThemes site particularly helpful.

    In the end I managed to disable the wp security plugin from inside php-my-admin with the help of this article


    If you don't have cPanel just log into your hosting dashboard and look for something that says mySQL

  10. grampachiefy
    Posted 1 year ago #

    mthomas80, I tried the instructions at the link you provided, and it didn't work. Maybe my mySQL works different from theirs. I just got an error message that tells me that data file doesn't exist.

    Anyone have a helpful suggestion? I am completely locked out of my wordpress site.

  11. btajis
    Posted 1 year ago #

    Could try what I did:
    I am with HostGator, they are my hosting company. I contacted their helpline (they have a live chat) and they could disable the plugin for me, thus I could get back in...

    I am sure that most hosting companies, especially the bigger ones provide a similar helpline.

    Hope this helps.

  12. mthomas80
    Posted 1 year ago #

    If you've been using Better WP security there's a good chance it's changed your table prefix 'wp_' to something else.

    To find your table prefix, look in your wp_config folder and it'll be next to where it says;

    $table_prefix = 'wp_';

    but, instead of wp it'll have something else.

    if you modify the code from the article I posted, for example, let' say in your wp_config next to table prefix it reads, = 'rgydh_';

    instead of,
    SELECT *FROM wp_options WHERE option_name = 'active_plugins';

    you would put in,
    SELECT *FROM rgydh_options WHERE option_name = 'active_plugins';

    Unless it's a different issue you have, then I don't know.

  13. grampachiefy
    Posted 1 year ago #

    Fixed it! This was helpful: http://wordpress.org/support/topic/how-to-reset-ithemes-security-plugin-to-fix-issues?replies=2

    I just changed the name of the "better-wp-security" file though my FTP manager, and was able to enter the WP admin. Then, instead of the techie stuff in the article, I just renamed the better-wp-security file back to the original, while still logged in to WP. Then I was able to change the settings in iTheme Security.

    That leaves me with the 4.0.10 version, which is where I will stay until the issues are resolved with iTheme.

  14. mthomas80
    Posted 1 year ago #

    Thanks for posting grampachiefy. I just read that thread. Looks like I still need to delete the database entries.

    Disabling the plugin and reactivating it later isn't enough!

    This has been the most stressful day yet as a web designer!

  15. btajis
    Posted 1 year ago #

    I have updated iThemes to v 4.0.12
    Will this be a stable, reliable version?
    Do you have any info?

  16. respectyoda
    Posted 1 year ago #

    Guys, if you see a notice that says, "Sufficient permissions..." when you try to access wp-admin it's because the 'hide backend' option is checked.

    I present on a golden plate a simple solution:

    1) Go to your database using phpmyadmin.

    2) Go to the wp_options table.

    3) Search for 'itsec_hide_backend"

    4) Change 'enabled' to 'disabled'

    5) Go to wp-admin and it should work!

  17. Krzysztof78
    Posted 1 year ago #

    i have the same issue on all my sites

    ithemes security is (from update 4.0.4 to 4.0.12) totally bugged!

    last working version was 4.0.3

  18. Krzysztof78
    Posted 1 year ago #

    I'm recommending Rename wp-login.php plugin - works great

  19. btajis
    Posted 1 year ago #

    I have updated to iThemes 4.0.16 but still don't dare to activate it.
    Does anyone have any experience about it? Is it stable already?

  20. btajis
    Posted 1 year ago #

    Hi, just a quick note.
    I have updated to 4.0.19 and it seems to be stable. No lockouts, nothing.
    I haven't deleted BWS or anything, only kept updating the inactive plugin and now I dared to activate it on my subdomain. It works fine, now I will activate it on my main domain and see what will happen.

    Of course I had to do some settings but that's normal.

  21. Marcelo Pedra
    Posted 1 year ago #

    Hello friends. Today I upgraded to 4.0.19 in 5 websites where I only use the hidden login feature and some of the URL filters and the last options in the settings page, and everything looks well by now.
    If you are still scared, wait 3-4 working days more and see if new updates are released. I think the most terrible bugs were fixed by now.
    Good luck!

  22. btajis
    Posted 1 year ago #

    Yeah, it seems to be working on my main site as well!
    Seems the panic is over, let's get back to work :)

    Good luck to all!

  23. btajis
    Posted 1 year ago #

    I am having an interesting issue with this plugin since (and as a result of) the above discussed upgrade.

    I have a number of sales people in the organisation and I have vTiger as crm installed.
    Before the upgrade, everything was working nicely but since the upgrade, some of the pages in the vTiger folder have become unavailable.
    First of all, I have to login to my admin panel first, then open another tab to login to vTiger - this was not needed before, I could just login, but now, if I am not logged in to the site I can't access the vTiger login page.
    Then, once I am logged in to vTiger, there are certain pages (the crm settings) I can access because I log in to my site's admin panel as admin.

    But I have a few guys in the organisation whom I gave admin rights to the crm (vTiger) so that they can manage certain functions but I do not intend to give them admin access to the site's admin panel. Their user level is subscriber as they don't need any higher than that. But with that user level, they can not access the vTiger crm settings pages. When they try, they get a 403 error.

    I am no expert of these things at all and so I may be wrong, but from what I have read about this, it seems that the plugin made certain changes in the .htaccess file when the upgrade to iThemes came and this causes the situation.
    I do not know what those settings are or how to redo them - or if that is the problem at all - and I don't want to touch the file. I am afraid I would do even more damage.

    Does anyone know anything about how could I get through this, please?
    Much appreciated.

  24. Hoib
    Posted 1 year ago #

    Yeas, I'm dead too. Can't even get to the login page on my WAMP/localhost install without seeing:

    You don't have permission to access /wp-login.php on this server.

    Apache/2.4.9 (Win32) PHP/5.5.12 Server at volzone Port 80

    I've moved the plugin folder off. I've tweaked the wp-options > backend thing. Restarted the server a dozen times. The result is now always '403.

    What should I do now besides scrap the whole project and re-do the whole thing?


  25. esmi
    Forum Moderator
    Posted 1 year ago #

    If you require assistance then, as per the Forum Welcome, please post your own topic instead of tagging onto someone else's topic.

  26. Hoib
    Posted 1 year ago #

    Oops! OK, sorry...


  27. nicovelas
    Posted 10 months ago #

    I had the same problem in my localhost. After activating Hide Backend in iThemes I was unable tu access the wp-admin page. I edited the wp_options>itsec_hide_backend option in my database from 'enabled' to 'disabled' as suggested respectyoda and I finally was able to access the wp-admin page again.
    I also tried to set a Login slug in iThemes (like "wpaccess" for instance) and activated Hide Backend. Trying to access mi WP Desktop from:
    nothing happened. The same problem: 404 error.
    But using the following link:
    I was able to access the user and password login!! It's not perfect, but it works.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic