Bit51 (part of the iThemes family)
Forum Replies Created
-
Currently it should only accept wildcards. This translates much easier in most server situations. Did I miss a spot that still says otherwise?
That’s how it should work. We can’t completely remove wp-admin as it’s an actual folder in the WordPress core. The plugin prevents people who aren;t logged in from accessing it directly without the key variable (the gibbarish after the “?” mark) thus keeping a number of automatic bots out of it.
BizWriter… Did you turn on away mode? Going to your backend with awaymode in effect will do that. Delete the row with the name bwps_awaymode from the options table of your database to remove the awaymode restriction.
As for the lockout. Are they all due to too many login attempts or are some due to too many attempts to find a file that isn’t there?
Glad to hear it’s working and thank you for the follow-up.
Last time I used BulletProof Better WP Security did most of the same functions with .htaccess blocking and a whole lot things Bulletproof didn’t.
That said, I have heard some folks have seen incompatibilities but I cannot confirm anything with 100% certainty.
Do you know how your site was compromised? If it was at the application level, meaning through WordPress itself, then your best bet will be to turn on as much as you can and test it yourself. If it was through your host however all the security plugins for WordPress currently on the market probably won’t help you.
Only you know what works best with your configuration and what might provide extra security for someone else might bring your site to a screeching halt. This is just the nature of the game. The idea is to lock down everything you don’t need and allow only what you do need. The trick is everyone’s sites have different needs.
I hope this helps a little bit and I’ll be happy to answer any specific questions you have on the plugin.
Thanks @kyferez….
….when you deactivate the rules are removed by the plugin. Can you confirm this is happening for you (I’ve just tested it on a couple of sites and it does seem to be working). Also, as I would like to get to the bottom of this for you can you please email me the contents of your .htaccess (sanitized of course) offsite at info [at] bit51 [dot] com so that I may get a better idea of what you have going on?
Thanks for the link, and please let me know. I would be happy to provide a fix, but so far I’m in the dark as to what exactly needs fixing.
While I’m not familiar with Login Security Solution and SI CAPTCHA, I can tell you that it is designed to restore settings if you re-activate however completely uninstalling the plugin will delete all the settings, database tables, etc. In addition, registration in most cases works fine. Are you using another registration plugin? Finally, What error message are you getting after disabling your site?
Not sure yet… My hunch is, from a quick glance, that it is a conflict with hide backend. I will take a look and see what I can figure out.
HAve you tried the dev version? It should fix the problem.
It actually writes 2 lines to wp-config.php. Is your wp-config file in a non-standard location (site root or it’s parent) or has it been significantly modified to remove standard content?
The errors should now be fixed in the development version at http://downloads.wordpress.org/plugin/better-wp-security.zip and will be in the next official version in the next couple of days.
Did you turn off the option to write to core files? that option actually works by writing to wp-config.php.
Interesting. I will take a look at both. Thanks for reporting!
Hello,
Thanks for the bug report. I’ve put a patch into the dev version (http://downloads.wordpress.org/plugin/better-wp-security.zip) which should take care of the issue. Please note your situation is the only one I’ve heard this with (most likely due to you being the only one I’ve known running such a test). If you could confirm this works before I release it fully I would greatly appreciate it.