Support » Plugin: iThemes Security (formerly Better WP Security) » [Plugin: Better WP Security] 3.2.5 Breaks Sites Not Installed in the Root

  • Resolved johnzeiger


    3 of my clients have WordPress integrated into a Joomla site with WordPress being installed in a sub-directory of public_html named blog. After upgrading to v3.2.5 of Better WP Security, WordPress is no loger accessible; I receive the error:

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Restoring the sites from backup then deactivating, deleting and installing Better WP Security resolved the issue

    I think I was affected like this, too, but thankfully found an easier fix.

    Updated the plugin, then immediately could not access the WP backend – error as detailed above in the original post – plus the actual website was corrupted.

    After some googling, I discovered that this plugin changes the .HTACCESS file – sure enough, I am not installed in the root directory either. So I edited out all the lines in the HTACCESS file in my WP directory, and sure enough sanity is restored !

    A simple enough fix, but a bit scary for a noobie like me. Also meant my site was down for a few hours whilst I looked for a fix, and bad timing cos the boss wanted to check on my progress this very morning !

    Best of luck with future plugin updates, but sorry to say that I have now disabled this plugin and will not be using it again.

    This was the code that I deleted – looks innocent enough, and I’ve no idea why it created the symptoms that it did – (actual IP addresses masked by me) –

    # BEGIN Better WP Security
    Order allow,deny
    Allow from all
    Deny from
    Deny from 193.153.XX.YYY
    Deny from 80.28.AAA.BB
    # END Better WP Security

    I have the same problem. When I erase the
    Deny from
    the problem is solved

    good point – I wonder if that means “deny from” everywhere ?

    Hi All,

    The deny from is indeed a bug introduced due to a formatting change in the statement designed to make it easier for users to read their .htaccess files (a number of folks indicated putting all the ips on one line wasn’t ideal as they couldn’t easily read the statement). The bug should now be fixed in 3.2.6 however I say should as, in over 20 test sites I couldn’t reproduce the problem. That said, please let me know if you encounter the issue anymore with this new release.

    I’ve just installed the version 3.2.6 and it works fine. Thanks a lot.

    I was having this problem also (not the error, but couldn’t access my site), and mine is installed in a subdirectory.
    I’ve updated the plugin to see if it will work better now.

    Did it work for you Joy?

    Yes, it is working now.

    Hey there,
    I am running a wordpress site with better wp security plugin on, it is working fine. but when I install another wordpress in sub directory of main website ie, its not working properly. I can’t access wp-admin page of my sub directory website but when I deactivate wp security plugin it works fine. I don’t want to disable the plugin.

    please help.

    I generally run my wordpress installations in a subfolder of the main domain as this adds a small layer of extra security to my sites. I’ve installed the Better WP Security plugin which has some great features but the one i’m really keen to get working is to change the login url i.e. change it from the default to something such as

    What happens is: once I change the setting in the plugin and log out, the url just throws an error and then I’m locked out completely based on accessing an unknown URL. Even deleting the lockout entry for my IP from the database doesn’t get the login url working – so basically I can’t access my site at all.

    I restored my site from a backup so I could get back in and reinstall the plugin but I’d really like to get this login masking feature working correctly – everything else works fine.

    Quick tip for anyone using chrome (or other browsers with private/incognito mode) – when you make changes in the plugin, open an incognito window to see if your site works and if you can log in. If not, close incognito and go back and reset the changes you made. This way you won’t end up being completely locked out like i was the first time.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘[Plugin: Better WP Security] 3.2.5 Breaks Sites Not Installed in the Root’ is closed to new replies.