Bit51 (part of the iThemes family)
Forum Replies Created
-
Can you all try the dev version? I do believe I’ve fixed it (my bigger sites aren’t seeing duplicates anymore) but I don’t have enough sites I can accurately test the fix on to confirm it works (small traffic sites often didn’t have the problem in the first place).
Agnes,
You can try the latest version, I don’t know for certain of any issues. I do not test in the anything other than the current and beta versions however as, with a security plugin, supporting older possibly insecure installations could be counterproductive to what I am trying to accomplish with this plugin.
OK….
….Here’s the issue. WP 3.4 redirects all 404 errors (the error wp-admin/etc should throw if moved) to index.php which then sees them as the admin section thereby breaking the feature entirely.
…What would you all like to see? I could change it to show a 500 error or some other error code which would fix the issue but not really hide it as an attacker would potentially still think it’s there which would at least help it identify the site as a WordPress installation. I could try some core hacks that may cause other incompatibilites with other plugins/themes/etc, or I could do something else?
I’ll take the route recommended by the community I just want to know what you all think will serve folks best as it is even possible that many are using this feature for usability reasons rather than security reasons (I know at least a few folks in that boat).
The (.*) in front of the domain should cover all child domains however if you’re using a domain mapping plugin you may need to manually change it to use (.*) in place of the primary domain which would cover traffic looking at any domain on the site.
It isn’t really a problem. Turning it off will not make your site that much less secure if you can’t use it. My philosophy is to provide all the features I could use on any site and turn off conflicting features on sites that can’t use them. It is still better to use 9/10 features than 0/10 features. Unfortunately there are a few plugins that have issues with this feature and a couple of others. I do not plan on fixing this as I don’t see it as a problem.
Hi Page
For future, as you’ve noticed, the feature is for all users. You can manually turn it off if you’re good with the database by changing the “am_enabled” to 0 in the settings array for the plugin (I will be adding a “Quick off” option for situations such as yours in the future.
Hi Serge,
I’ll look at linking it to an ip lookup site. Thanks for the idea.
The wp-content changes two lines in wp-config.php. Make sure the ones from your test site line up with new site (you will probably have to do this manually as I do not know of a plugin or other script that will do it for you).
It wouldn’t touch your admin user unless you told it to. It simply doesn’t access the users’ table at all except if you choose to rename the admin user and that doesn’t happen automatically. Have you tried the username you put in in the “Change Admin User” page? If something did go wrong (rare, but databases could crash, memory, etc) while changing the admin user you could restore from your backup and you will be fine.
What feature, specifically, caused your site to crash? Many features (the ones that are listed as being able to cause potential problems) can disable a site if turned on when they’re not supported. Most however can be rolled-back by removing the Better WP Security section from .htaccess.
@chirmer I’ve installed this plugin on literally hundreds of sites. It does not remove the admin user however if your install runs out of memory, etc problems can arrise (as they can with any plugin). Restore your backup in that case and you will have no problem.
OK,
Found two cases where problems could occur:
1.) There has been a change in how WordPress processes the default admin slugs (wp-admin and wp-login.php) in WordPress 3.4 that is breaking the feature. I will be working on a work-around but I have to do so without the default 404 processing that I was using before which could take me a few days).
2.) Hosts with Plesk, in particular Media Temple, are using their own redirect for admin. I do believe using a slug in the settings other than ‘admin’ should fix it. Please confirm if you can.
By the way, are you using any reverse proxy services such as varnish or Cloudflare?
I’ve changed the hook on the backups (still looking into the other) in the development version. Can you please check and see if it works for you?
It’s come to my attention that the issue here might be with an incompatibility with Plesk. Can some of you please confirm for me whether you are using Plesk or not?
I’ll take a look at expanding the logs. Thanks!