Support » Plugin: iThemes Security (formerly Better WP Security) » Problem with NameCheap Hosting and this plugin

  • hi.

    I want to start by saying that this plugin is by far the best security plugin for wordpress. This single plugin has saved me several times already and continues to save my blogs from attack..

    A few days ago I upgraded the plugin to the latest version 3.4.6 and in doing so the .htaccess file disappeared and once I logged out of the sites I could not get back in. Which figures as the .htaccess file was gone.

    To resolve the problem required me to upload via ftp a copy of the .htaccess file and a copy of the old plugin version 3.4.4.. obviously I was lucky I had a recent backup of all the blogs on this host.

    I have 3 other host accounts and in the end the update only fell over with this particular hosting company.

    What I realized when I did another attempt today was that I also got a security email from then telling me that they had removed the .htaccess file due to possible breaches in my security.

    I contacted them and spend over 3 hours going between different people getting pushed to higher levels of support.. Eventually I got to a person who resolved the problem for me.. However it may only be temporary.

    He had to turn of the hosts server security from my account while I updated and then turn it back on..

    The reason for this is that when certain files are added to the directory folders, such as the .htaccess file, their system instantly scans the file.. As this recent update changes this file it got scanned.. And this is where the problem comes from.

    At first I was told that I would not be able to use that plugin as their servers would not permit the .htaccess file.. But I did not give up as I explained that this plugin added security to my blogs and did not take it away, so if I could not use it then they were effectively enabling my blogs to be without security… This did get their attention.. Which is why I got upgraded to the person whom temporarily turned of the hosting security for my account while I updated.

    It was established that I was indeed getting a false positive, which means their is nothing wrong with the plugin, but their system was at fault due to their tight security.

    I tried to get out of them exactly what part of the code in the .htaccess file was causing a problem and they were not forth coming, but accepted that I was not causing in breach for them.. In fact they admitted that they already provide the same security and stated that it was this that was conflicting with their security, or something like that..

    At any rate the outcome is that I still might end up with the same issues again down the road.. Which does alarm me as I suspect that any change at all to the settings in the plugin, might trigger a change to the .htaccess file, which would trigger there system to scan the file and i will be back where I started..

    But for me I only use that hosting account for 5 feeder sites that only get posts added to them as part of a network of sites and are not money sites.. So I really dont have a need to alter anything on those sites ever, unless new updates come out..

    Anyway.. if anyone has an account with Namecheap and they end up with problems of any sort with upgrading this plugin then its because of their security settings and not this plugin.. I admit that I do like their host account as it is very secure, but getting in the way of this particular plugin is not on.. So you might have to push your point if you have issues with this plugin..

    they are easy to deal with, they are accommodating, I guess if you argue with them you might not get anywhere, so use tact (which is what I did) and you will get a result..

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hi..

    I just noticed you mentioned on the other thread about getting a test account with namecheap..

    I figure this problem wont be a major thing, and its easy enough to test and test until you see what causes the failure and what doesnt.. once you figure out what triggers the failure (or the issue with their scans) you might be able to alter your code to prevent it.. Well thats what I am hoping for..

    At any rate this was the first time I have ever seen an issue with plugin, and in the end its not directly caused by it, but if you can overcome it then it would be awesome all round…

    Hi guys,

    we actually have increased server level security on our hosting servers. We use CXS to help protect our WordPress users from attacks but this does have a few .htaccess issues with the Better WP Security plugin. If you open a ticket with our helpdesk, we can help you fix this.

    Namecheap Support Team

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Problem with NameCheap Hosting and this plugin’ is closed to new replies.