Bit51 (part of the iThemes family)
Forum Replies Created
-
It only runs once every 24 hours however anything changed in the previous 24 hours should be reported at that time.
Did you move the wp-content folder?
Thanks for the followup
Are you using a search plugin to assist in search? I would assume you have 1 of 2 features conflicting: “Filter long query strings” or “Filter suspicious query strings” both in System Tweaks.
1.) everything in one-click can be reversed by disabling or uninstalling the plugin
2.) backup the database, wp-config.php and .htaccess. These are the only items the plugin would touch.
3.) Depending on how it is inserted, yes. It can’t stop everything (no plugin can) but it will do a darn good job of preventing both and helping you find what it can’t prevent
4.) That’s a tough one. The most important is make sure everything is up do date and that you remove anything you don’t need. After that, and a strong security plugin like Better WP Security, vigilance is your best defense. Nothing can stop all attacks so planning, protecting, and being able to clean quickly is the most solid strategy to keeping your site clean.
Do you have a copy of the bad .htaccess information you could email me at info [at] bit51 [dot] com?
Disable the file check feature. The multiple bug has been tested and fixed but depending on your caching setup and server memory may not work on your system (by nature not all features will or are even intended to work on every installation).
@art4life I’ve replied to you on another thread on this. Have you thought of disabling this particular feature? As the documentation states not all features should work on every site.
Are you using some sort of database caching on the site? What is the memory limit?
It sounds like it’s either caching the query that tells it to run which forces it to run multiple times or that it is crashing during the scan (the latter is almost always due to lack of memory). Judging by “Memory Used: 0MB” I’m assuming the problem is probably in the latter. Can you check PHP logs for confirmation?
Thanks anieves. That does sound like autoban. Please turn the autoban feature off for the time being (then, if it still locks folks out they’re changing something). I will work on a fix tomorrow and Saturday and will have it in the dev version ASAP.
To get in quick remove bwps_awaymode from the database (this is something new in 3.4 to make it easier to revert these changes).
Could you email me at info [at] bit51 [dot] com? This is a very heavily tested feature at a couple of universities (I’ve got it successfully locking out users on about 300 individual sites without a complaint) and I would really like to learn why it isn’t working for you.
Thanks anieves. Is this during the auto-ban sequence, when manually saving options, or at some other point?
Sorry to hear that derycka. My apologies for the frustrations it has caused you.
For what it’s worth your latest post tells me quite a bit. It appears that scanner is hitting the site so hard it is causing the plugin to try to write to .htaccess in multiple sessions at the same time. This will be fixed.
As for the ban list, it isn’t saving them multiple times from there to .htaccess as both the ban list and the .htaccess writer check for duplicates however the auto-ban does not when saving to the database. This is something else I will improve.
Simulating a load of that nature isn’t easy in a dev environment with WordPress. While it sucks I couldn’t get this working yet for ya it will be fixed for future users.
Google maps plugins are not compatible with the “Display random version number to all non-administrative users” feature under system tweaks in Better WP Security. Turning off that feature should solve the issue for you.
For that one it only adds the following lines to .htaccess:
<files readme.html> Order allow,deny Deny from all </files> <files readme.txt> Order allow,deny Deny from all </files> <files install.php> Order allow,deny Deny from all </files> <files wp-config.php> Order allow,deny Deny from all </files>The write access option means allowing the plugin to write to .htaccess and wp-config.php or having to do it yourself. (If it’s off it won’t touch them)