Support » Plugin: iThemes Security (formerly Better WP Security) » Original iThemes security settings lost after iThemes update

  • I’m using iThemes on several websites for some time now. After updating iThemes today on my own website all iThemes settings I had selected earlier were gone. I had to go through all the blocks and change all settings again.

    This causes an unnecessary security risk. And it means a lot of work for me on every website.

    Why does this happen? Why are settings not retained? Why is there now warning that original security settings are lost after the update?

    https://wordpress.org/plugins/better-wp-security/

Viewing 9 replies - 16 through 24 (of 24 total)
  • Plugin Author Gerroald

    (@gerroald)

    Hey,

    It looks like the queries got a little muddled.

    1. — Single Site – remember that the prefix could be something OTHER than wp_
    2. —
    3. DELETE FROM wp_options WHERE option_name = ‘itsec-storage’;
    4. UPDATE wp_options SET option_value=REPLACE(option_value, ‘s:5:”build”;i:4041’, ‘s:5:”build”;i:4040’) WHERE option_name = ‘itsec_data’;
    5.
    6.
    7. —
    8. — Multisite – remember that the prefix could be something OTHER than wp_
    9. —
    10. DELETE FROM wp_sitemeta WHERE meta_key = ‘itsec-storage’;
    11. UPDATE wp_sitemeta SET meta_value=REPLACE(meta_value, ‘s:5:”build”;i:4041’, ‘s:5:”build”;i:4040’) WHERE meta_key = ‘itsec_data’;

    Whoa are those emails are rolling in… I should be really pissed about having to reconfigure hundreds of websites but …well…

    Hey guys, I’m Aaron, one of the lead devs on the plugin. I’m hoping that I can address some of the concerns and maybe elicit some help in tracking down what ails you.

    First, @dwindon was right about the comment in the changelog. We did have some problems with modules not being properly activated during an update to the new version, but it was fixed prior to release (well, it was released to a subset of our Pro users, who got the update first, but the bug was never released in the Free version here on WordPress.org).

    That’s not to say there couldn’t possibly be a different, as yet unnoticed, bug that causes similar issues, but we have had tens of thousands of upgrades with this new code, and only a few people are having this problem. Unfortunately, while that’s good for the majority, it doesn’t make it easy to track down the problem. It’s possible that this is an issue with a very specific setup, a plugin conflict, or even some specific server setup. Right now, we need more information to attempt to track this down.

    If those of you who have had this problem could provide us some information, it could be really helpful:

    1. What specific modules were configured the same (including enabled or disabled when they shouldn’t be) post-upgrade?
    2. If you could send us your settings, that would be amazing. You can send them to aaron@ithemes.com or gerroald@ithemes.com. Any options with the string ‘itsec’ in the name are from this plugin, so a query like this should get them all:
      SELECT * FROM wp_options WHERE option_name LIKE '%itsec%'
      Please note that you will need to replace wp_ with your table prefix if it is non-standard. Also, if you are on a multisite install the query is different…so ask me for it if needed.
    3. If you could give us a list of plugins you use, that would be helpful as well.

    None of your old settings were removed as part of the upgrade. Running the queries that @gerroald provided earlier will remove the new settings, and trigger the upgrade to run again on the next page load. If you think there’s a reason the upgrade issue may have been a one-time issue, you can use those to simply run it again. *It will undo any changes you’ve made since the upgrade though!*

    Lastly, if we can keep this thread focused on this specific issue, it would be incredibly helpful. (@jefflloyd11, whether @dwindon is a moderator or not, those are the forum guidelines, and a moderator can and will lock this thread if it get off topic)

    Thanks for your help

    Delightful. I now have 43 websites with the security settings all screwed up, and hours of work to do. You’ve just made my day.

    Sorry Aaron, got a little aggravated. I’ll send over what I can to help…Thanks!

    @aaron D. Campbell sorry but I’m done with this plugin, did you really just remind me of the forum guidelines…funny.

    It will be easier to just delete this plugin completely across hundreds of sites and install another one (Sucuri/Wordfence or All in One Security % Firewall) rather than spend the time to fix each one.

    I’m sure in the big picture it doesn’t really matter to you, just the same I won’t be recommending it to anymore clients or colleagues.

    Hey Jeff, we’re trying very hard to help the users of our plugin, and you were making it considerably more difficult to do so. So yes, I reminded you of the forum guidelines. I wasn’t trying to be rude to you, I was trying to be helpful to the original poster and anyone suffering from the same issue.

    I do hope that you have good luck with whatever plugin you end up migrating to. I will say the the Sucuri products are particularly good; especially their Website Firewall (Sucuri Website Firewall)

    Same for me 🙁
    ‘Only’ a dozen sites to reset the settings for, but in the meantime my security has plummeted, & clients wondering why their login address (previously hidden) now doesn’t work. I’m not about to start running sql queries – fine if you do this all the timne, but the safer approach is just to go through all the settings again, and again, and again…

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    Spam removed and I’m closing this 10 month old topic. For any new questions please create a new support topic.

    https://wordpress.org/support/plugin/better-wp-security/#new-post

Viewing 9 replies - 16 through 24 (of 24 total)
  • The topic ‘Original iThemes security settings lost after iThemes update’ is closed to new replies.