whats your environment? do you have ssh?
the plugin you point at only lists compatibility to 3.9.2 :-/ i hate when plugins die
i’d try disabling all pluings and see if your site comes back, this assumes at least ftp access. do you have ftp if not ssh?
We are hosting our own site on a linux apache server and we have do have ssh access. I see the plugin is outdated but we need to to secure our site. The problem when moving to 4.1 with Internet explorer was resolved because we had unneeded code in our .htaccess file. Now we are just stuck with being completely locked out when we move to 4.1.1 on every browser. We have a stage server and a production server that are set up identically. Everything is fine up to 4.1.1 on the stage server but for some reason our production breaks.
can you rename the plugin folder for wp-require-auth to wp-require-auth-tmp via ssh? that should allow you to temporarily log in if it is the plugin locking you out.
are the stage and prod servers running:
-the same version of php (php -v on the commandline)
-suhosin? –> would also be displayed with php -v
-the same version of wp files and db
-the same versions of the plugins and themes?
there are some plugins like wp-require-auth that are listed as compatible, but i have never used either so i can’t vouch
let me know!
Thank you for your quick responses and being so helpful, we finally found the issue. After checking everything and making sure all configuration files matched and that the php versions matched on both servers, it ended up being that we had extra lines in our apache vhost for redirecting that were not needed and causing issues. Here is what our working vhost code looks like:
<VirtualHost *:443>
ServerAdmin serveradminemail
DocumentRoot /srv/www/htdocs/wordpress
ServerName servername
ServerPath /srv/www/htdocs/wordpress
HostnameLookups Off
ServerSignature Off
ErrorLog /var/log/apache2/secure-error_log
CustomLog /var/log/apache2/secure-access_log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS”
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
<Directory “/server/directory/wordpress/wp-content/uploads”>
AllowOverride ALL
Order deny,allow
Allow from all
Options -Indexes
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin serveradminemail
DocumentRoot /srv/www/htdocs/wordpress
Servername servername
Serverpath /srv/www/htdocs/wordpress
HostnameLookups Off
ServerSignature Off
ErrorLog /var/log/apache2/error_log
CustomLog /var/log/apache2/access_log combined
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<Directory “/server/directory/wordpress/wp-content/uploads”>
AllowOverride ALL
Order deny,allow
Allow from all
Options -Indexes
</Directory>
</VirtualHost>
We originally had the following extra lines causing our issues:
RewriteRule ^(/srv/www/htdocs/wordpress/.*) /srv/www/htdocs/wordpress$1
RedirectMatch permanent / https://server.com/
Redirect 301 / https://server.com
WE have been working on securing our site and must have been trying to many different things. Also, our vhost was a little messy still containing some defaults from the sample file that we removed. We also learned it is important that the server name matches exactly when defining multiple vhosts (for 80 and 443).
very nice find! and fix!
thanks for updating the forum!
