WordPress.org

Forums

iThemes Security (formerly Better WP Security)
rewrite to htaccess file shut down site (8 posts)

  1. 5high
    Member
    Posted 1 year ago #

    Hi,

    I think this plugin just rewrote a bit of incomplete code to my .htaccess file which resulted in the site being unavailable (500 error). Luckily our server support team found it, removed it, and all was OK again.

    However i thought others might have the same issue, or that it may be a development issue for this plugin, so thought I'd share the details...

    at the bottom of the compromised .htaccess file it had this code:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    ewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    where you can see the extra, incompletely written rewrite rules repeated, and in the restored/corrected .htaccess file it looks like this:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    which is normal.

    Also this is not the first time that our site has crashed and it ended up being an issue with extra erroneous info being added to the .htaccess file - though I understand that some other plugins write to this file too, so it's hard to pin down where the glitch is!

    I'd be interested to hear of anyone else that's had this problem - or if there's a setting that I've done that could have causesd it?

    Cheers.

    https://wordpress.org/plugins/better-wp-security/

  2. 5high
    Member
    Posted 1 year ago #

    just to follow up, i've checked with all the other plugins I use, and none write to .htaccess apart from BWPS!

    The abnormal changes to the .thaccess file (that breaks the site) happens intermittently - either 2 x month or sometimes not for another 4 months - so it seems unlikely to be a virus? And the changes are varied - once all the wp code was totally removed; another time extra wp code was added, but only part of it (IE: incomplete code); previously we've had about 100 lines of XXXXXXXX added in the block ISP's section; and so on... so very varied!

    Overall I'm tightening up on my wp security: I've gone through our whole site and cleaned it up hugely, and secured the wp-congig and htaccess files etc so this should all help. I've also run the Securi check on the site, and run the malware checker - and all good - plus we run good local pc protection and ensure all wp and wp plugins are updated - so unlikely to find the issue there I guess.

    BUT my concern is that we've only had this issue since using the BWPS plugin.

    Any comments about these abnormal edits?

    Thanks.

  3. cjerrells
    Member
    Posted 1 year ago #

    First off, thanks to the authors for an excellent plugin!

    I've been having this problem too, using Version 3.6.3 on WP 3.7.

    The .htaccess file seems to get left half-written, so it's cut off mid-section and Apache complains it's invalid. The most recent time, the full WPBS content was there, but the standard WordPress rewrite rules and other custom content were missing.

    It seems to happen particularly when someone's been repeated IP blocked from bad logins (which I presume causes the .htaccess to be re-written more frequently).

    This is a pretty serious issue as it causes the site to be completely non-functional. I'm keen to keep using WPBS but will have to find an alternative if I can't find a solution to this problem. Any help would be appreciated!

  4. 5high
    Member
    Posted 1 year ago #

    I have to admit it's a bit of a relief to know that I'm not the only one having this issue - and I agree that it's a serious problem as it completely breaks the site, with no warnings, other than having to test it everyday - not ideal.

    I think the problem is that the BWPS plugin authors don't review this forum, as hardly any posts are commented on or resolved. Should this be a bug report instead?

  5. Duane Cilliers
    Member
    Posted 1 year ago #

    I'm experiencing the same issue, but only with one of the sites I maintain where BWS is installed. I am forced to uninstall the plugin as @5high mentioned, checking the site everyday is not ideal.

    I know there are uptime monitors, but this really shouldn't be happening. Any feedback from the plugin authors would great.

  6. 5high
    Member
    Posted 1 year ago #

    As we don't seem to be getting anywhere with this problem, and I can't find how to post a Bug report, I've re-posted it here: http://wordpress.org/support/topic/bug-in-writing-to-htaccess-file-urgent-help-please? with hopefully a heading that will ensure a review by the plugin authors...

    Otherwise I am at a loss at how to ask them to look into this serious issue :(

  7. Sarah78
    Member
    Posted 1 year ago #

    I have this problem intermittently ALL THE TIME! It's really very annoying. The authors need to get their act together and offer a bug fix or something b/c it's starting to get to the point where i'm looking for another security plugin.

  8. cjerrells
    Member
    Posted 1 year ago #

    I tried contacting iThemes via Twitter and they told me to email them. I did so (10 days ago) but haven't had a response yet. I'm still not clear on whether iThemes officially support this plugin or not...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic