dwinden
Forum Replies Created
-
If you turn on the File Change Detection feature AFTER your site got infected it will not detect the file changes.
For the File Change Detection feature to notice the site infection it needs to be turned on BEFORE infection.
You have several options.
You can restore a site backup which you know is not infected.
But you will also need to figure out which vulnerability was used to infect the site and then fix it. Otherwise the infection may return.Run your site through an online malware scanner like Sucuri SiteCheck.
It won’t remove the malware, but it will help identify which malware infected the site. And that information may help you with cleaning the site.Note malware scanners do not always detect all malware.
dwinden
I’ve added a new translation suggestion for the string ‘ taken’ to be translated as ‘ pris’ in the French translation.
Next time try it yourself at https://translate.wordpress.org/projects/wp-plugins/better-wp-securitydwinden
According to the plugin FAQ:
Will this plugin completely stop all attacks on my site?
- No. iThemes Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and good practice. This plugin makes it a little easier for you to apply both.
Make sure to use the File Change Detection feature to monitor (possibly malicious) changes to your WordPress install footprint.
dwinden
The iTSec plugin can only be installed as a network plugin by a network administrator in multi site. It cannot be installed by the site 32 administrator.
So somehow the current blog was/is at 32 while installing the iTSec plugin as the network administrator. It’s the only way to get 3 wp_32_itsec_% tables created…
Perhaps creating/deleting blogs for testing purposes causes some mixup.
Anyway renaming the 3 iTSec tables seems to resolve the issue for now.
If you agree please mark this topic as ‘resolved’.dwinden
Yes, renaming the 3 iTSec plugin tables should resolve the issue.
I consider that to be a workaround, because we still don’t know the cause of the issue. Why did the plugin create 3 wp_32_% tables ?It’s like site 32 was the current blog when the plugin was installed.
How many sites exist in the multi site env ? 32 ?dwinden
Is this a new install of the iTSec plugin (> 5.4.x) or did you update the plugin from a pre 5.4.x version to the latest release ?
dwinden
Ah great, well done.
Since you are the owner of this topic you can mark this topic as ‘resolved’ yourself. I can’t do it for you.
dwinden
Thank you for providing all that info.
It looks like there is some sort of javascript or css conflict.
Based on the info provided I’m now convinced it is not a browser/cache issue.Try and switch to the twentysixteen theme and if that does not help deactivate other plugins one by one till the iTSec plugin settings page starts showing properly.
dwinden
@TZAL
It’s going to be hard to find out what’s wrong without any additional info.
Try this. Allthough keep in mind, it is just a wild guess.
Make sure you are logged out from Admin Dashboard.
Then log into the database using phpMyAdmin.
Click on the wp_options table of your database in the left panel.
Click on the SQL tab in the right panel.
Run the following SQL query:select * from
wp_optionswhereoption_name= ‘itsec-storage’ oroption_name= ‘itsec_data’;Update the topic with the info displayed.
dwinden
Read this topic and get an answer to your question as well as to some other questions.
Furthermore take a moment and read the Introducing the New iThemes Security Dashboard article. It includes a video as well.
dwinden
You could submit a feature request to iThemes@trello but I don’t think it makes any chance to materialize.
I noticed the Google Authenticator field in the Login page of the site …
Just like the empty message with the red left border at the top of the login page …
The message is empty because you have probably enabled the Disable login error messages setting in the WordPress Tweaks module. Weird, accessing the login page should normally not display any message … could be a plugin conflict.Anyway SSL will definately strenghten the security of the site.
dwinden
Ok, so I guess your WordPress experience has been perfect for 10 years … 😉
Back on-topic.
Just checked out the site and it seems to be a non members site.
But suppose it was a members site offering a register\login link ?
It would also expose the secret login slug, right ?
Just like in the notification email.Even when the secret slug is exposed it still has a purpose.
Why ? Because it specifically helps against botnets performing AUTOMATED brute force attacks. This is the main purpose of using this feature.Anyway hiding the Dashboard login page is security by obscurity.
It doesn’t really strenghten the security of your site.Bottom line is that exposing the secret login page slug does not undermine the security of your site provided you have taken the necessary steps that do strenghten its security (like using strong passwords, 2FA etc).
dwinden