Support » Plugin: iThemes Security (formerly Better WP Security) » iThemes Security Update Fails – 404 errors, 403 errors, forbidden, RSS fail

  • After the update (4.0.2), my wordpress site locked my out, issuing 404 errors when I went to login (even though I was logged in, WP blew through a series of 404 errors and locked me out. Clearing the errors and attempting to log in only results in more 404 errors.

    Whitelisted my IP address (through the database; couldn’t get in through WordPress anymore), locked me out again – 404 errors. Cleared error log (through the database, since I was locked out again), logged in, whitelisted my IP address.

    Started getting Forbidden 403 errors.

    Cleared htaccess, which got me into WP. Whitelist was cleared. Added in current IP address and office IP address. iThemes Security can, apparently, only whitelist one IP at a time, as it didn’t save the second IP address. REsaved second IP address.

    Looking at website through phone … and it’s got the 403 Forbidden error.

    My RSS feed is also not working – it was working before update. Since update, it does not work.

Viewing 15 replies - 1 through 15 (of 26 total)
  • Hi,
    All the same here!
    I updated from BWPS and the first step was to update the database which I did and lost control of my site (403 error). My provider helped out and disabled the plugins to be able to get back in, then I started turning the plugins back one by one. Turning on iThemes Security worked but when I started doing the settings it again threw me out with 403 error.

    The guys at Hostgator are telling me that the plugin was creating too many Deny Coding in the .htaccess file and that it was blocking every IP. I have no idea what this means as I am not a techie guy, all I know is that I had to disable the plugin and I feel naked…
    Could you please look into this?

    I really like the plugin and I want to keep using it. BWPS has never given me any trouble just security and the ease of mind and I expect the same from this upgrade.

    I’m having the same issues. Massive amounts of 404 not found. I looked at firebug and there is a problem in where iThemes Security is looking for files.

    It’s looking here:

    Why is it doing this? Instead of just going to:

    It’s adding my root directory as well: so it’s having all kinds of problems.

    the same issue happened here 🙁

    Yup! Me too! I can’t get into my own website. All I did was install the update, then I checked out the list of things to “fix.” I clicked on “fix it” on a couple of items and was given an error page. Then I got an email saying I was locked out. Now I can’t get back into my site!!



    I wonder if anyone is ever monitoring this thread? Will ever someone answer us? Or how can we reach the developers?

    Bob Hollis


    Same here. I deactivated, updated, tried to reactivate and got a “page not found” error. Error then repeated on other admin pages, including Backup buddy when I attempted to restore my site. I had to go in through the server side and rename the plugin to get my site working again. But now I now longer have Better WP Security (or ithemes security).

    Marcelo Pedra


    Hi! the developers are aware of this. This craze begun last friday and they are working ahrd to fix it. In the meantime, do what I did: uninstall de plugin, download the last stable version from the below link and reconfigure everything as used to be:
    It’s a PITA, I know, I manage dozens of sites where I couldnt upgrade the plugin. Fortunately I read the forum thread before updating and noticed something gone wrong, so I upgraded only one test site in a subdomain and didnt wreak havoc. The only solution TODAY, is to downgrade to Better WP Security 3.6.6. iThemes’ version will eventually be fixed these days, but to keep things working and safe, just downgrade now!
    Best regards.



    I was locked out too, everything was working fine until this recent update.

    I didn’t find the ‘fix 404 error’ instructions on the iThemes site particularly helpful.

    In the end I managed to disable the wp security plugin from inside php-my-admin with the help of this article

    If you don’t have cPanel just log into your hosting dashboard and look for something that says mySQL



    mthomas80, I tried the instructions at the link you provided, and it didn’t work. Maybe my mySQL works different from theirs. I just got an error message that tells me that data file doesn’t exist.

    Anyone have a helpful suggestion? I am completely locked out of my wordpress site.



    Could try what I did:
    I am with HostGator, they are my hosting company. I contacted their helpline (they have a live chat) and they could disable the plugin for me, thus I could get back in…

    I am sure that most hosting companies, especially the bigger ones provide a similar helpline.

    Hope this helps.



    If you’ve been using Better WP security there’s a good chance it’s changed your table prefix ‘wp_’ to something else.

    To find your table prefix, look in your wp_config folder and it’ll be next to where it says;

    $table_prefix = ‘wp_’;

    but, instead of wp it’ll have something else.

    if you modify the code from the article I posted, for example, let’ say in your wp_config next to table prefix it reads, = ‘rgydh_’;

    instead of,
    SELECT *FROM wp_options WHERE option_name = ‘active_plugins’;

    you would put in,
    SELECT *FROM rgydh_options WHERE option_name = ‘active_plugins’;

    Unless it’s a different issue you have, then I don’t know.



    Fixed it! This was helpful:

    I just changed the name of the “better-wp-security” file though my FTP manager, and was able to enter the WP admin. Then, instead of the techie stuff in the article, I just renamed the better-wp-security file back to the original, while still logged in to WP. Then I was able to change the settings in iTheme Security.

    That leaves me with the 4.0.10 version, which is where I will stay until the issues are resolved with iTheme.



    Thanks for posting grampachiefy. I just read that thread. Looks like I still need to delete the database entries.

    Disabling the plugin and reactivating it later isn’t enough!

    This has been the most stressful day yet as a web designer!



    I have updated iThemes to v 4.0.12
    Will this be a stable, reliable version?
    Do you have any info?



    Guys, if you see a notice that says, “Sufficient permissions…” when you try to access wp-admin it’s because the ‘hide backend’ option is checked.

    I present on a golden plate a simple solution:

    1) Go to your database using phpmyadmin.

    2) Go to the wp_options table.

    3) Search for ‘itsec_hide_backend”

    4) Change ‘enabled’ to ‘disabled’

    5) Go to wp-admin and it should work!

Viewing 15 replies - 1 through 15 (of 26 total)
  • The topic ‘iThemes Security Update Fails – 404 errors, 403 errors, forbidden, RSS fail’ is closed to new replies.