dwinden
Forum Replies Created
-
I understand the frustration this new 5.4.0 release brings.
However this topic was not created by someone else so that you can randomly dump anything you run into.
Please have look at the 5.4.0 Introduction page. Especially the Advanced settings section.
dwinden
It looks like these and more are gone after the 5.4.0 update.
I guess iThemes has intentionally removed them from the plugin.
Below a complete list of removed features:
- Temporarily Whitelist my IP (Now happens automatically for Admin users at login)
- WordPress File Permissions
- System Information
- Screen Options
- First Important Steps modal screen
Perhaps iThemes can let us know whether any of these features may return in future in a redesigned form ?
Also in the answers of the questions of the New Dashboard FAQs section there is no information about these omissions…
dwinden
Sounds like a bug since iThemes states in the New Dashboard FAQs section on this page that all old settings are migrated to the new iTSec Dashboard when updating to the 5.4.0 release.
dwinden
This has already been identified as a new nginx specific bug which was introduced in the latest plugin release (5.4.0).
If you are not using WordPress MultiSite have a look at this topic for a temporary fix.
dwinden
As reported in this topic I’m pretty sure the issue is nginx specific.
Help us help you and provide some extra info like errors etc
Anyway this topic is marked as ‘resolved’ so best thing to do is to open a seperate topic for your issue.
dwinden
I’m sorry to hear that (If it helps, I’m 99% sure it will fix the issue).
You could install a test MultiSite WordPress env and test the fix in that env before applying it online.
That said, if iThemes had tested the new release on MultiSite this issue would never have happened. Seems like this release was not tested at all on MultiSite. So there may be a lot more MultiSite issues …
dwinden
Looks like something went wrong with including the fix in your post.
Anyway thank you for attempting to provide a temporary fix which was already published and confirmed in this topic.
dwinden
Looks like a MultiSite specific bug introduced in the 5.4.0 release …
To fix it change the following lines in the wp-content/plugins/better-wp-security/core/admin-pages/init.php file:
if ( 'settings' === $page_id ) { $url = admin_url( 'admin.php?page=itsec' ); } else { $url = admin_url( 'admin.php?page=itsec-' . $this->get_page_id() ); }into:
if ( 'settings' === $page_id ) { $url = network_admin_url( 'admin.php?page=itsec' ); } else { $url = network_admin_url( 'admin.php?page=itsec-' . $this->get_page_id() ); }Untested, so try this at your own risk.
dwinden
@tim Reeves
Looks like a nginx specific bug introduced in the 5.4.0 release …
To fix it change the following line (101) in the wp-content/plugins/better-wp-security/core/modules/wordpress-tweaks/config-generators.php file:
$valid_referers = $this->get_valid_referers( 'nginx' );to:
$valid_referers = self::get_valid_referers( 'nginx' );dwinden
@gal Baras
Yes they are. And no it is not just comments. It looks like it is just comments. But it’s actually an identical quick ban with a LiteSpeed bug that prevents the actual ban lines from being included as well …
The get_prepared_modification() function from the class-itsec-lib-config-file.php file wraps any iTSec plugin .htaccess modification in BEGIN/END comments.
The start comment is:# BEGIN iThemes Security – Do not modify or remove this line
# iThemes Security Config Details: 2The end comment is:
# END iThemes Security – Do not modify or remove this line
So that means this comment line must be part of the modification:
# Quick ban IP. Will be updated on next formal rules save.
However the Quick ban modification is incomplete due to a bug in the quick_ban() function located in the class-itsec-files.php file.
The code is only checking for ITSEC_Lib::get_server() to return nginx or apache thus skipping litespeed !But this is just a side effect that is distracting us from the real issue.
To be continued … (other things to do) 😉
dwinden
Ah right, seems like the File Changes Detected entries got buried in many other log entries.
Always use the Select Filter: dropdown listbox 😉Well first of all you need to have a basic understanding of how your WordPress folder structure looks like. It’s easy:
WordPress core files are in these folders:
- / (root)
- wp-admin
- wp-content
- wp-includes
WordPress plugin files are in:
- wp-content/plugins/[plugin name]
WordPress theme files are in:
- wp-content/themes/[theme name]
So when you update the iTSec plugin the File Change Detection entry in the Logs page will report a number of Changed files (and perhaps some Removed and/or Added files) in the wp-content/plugins/better-wp-security folder.
In general if you cannot link reported file changes to a legit event in WordPress you’ll need to investigate.
It’s your WordPress site, you should know what happens to it.
Use an event logging plugin for assistance in case you miss any event.The iTSec Pro plugin includes an additional File Change Detection setting named Compare Files Online.
It compares files, for which file changes are detected, with clean online files. If the files match, the file change is remove from the File Change Detection result.
Basically helps reducing reported file changes that YOU need to verify.If the info provided above answers your question please mark this topic as ‘resolved’.
dwinden