dwinden
Forum Replies Created
-
Yes, you can.
Edit the wp-content/plugins/better-wp-security/core/modules/ban-users/lists/*.inc file that matches the web server you are using.
Add a # to comment the wget entry like this (Apache example):# RewriteCond %{HTTP_USER_AGENT} “^Wget” [NC,OR]
Finally disable the HackRepair.com’s blacklist setting and click on the Save All Settings button. Then reenable the HackRepair.com’s blacklist setting and once again click on the Save All Settings button.
That should do the trick.
Note updating the plugin will discard any changes made.
dwinden
As a workaround add the following code snippet to the functions.php file of your active theme:
add_filter( 'itsec_backup_email_subject', 'itsec_backup_email_subject' ); function itsec_backup_email_subject ( $subject) { $subject = '[' . get_option( 'siteurl' ) . '] ' . $subject; return $subject; }Tested and found to be working.
dwinden
The following PHP command is used by the iTSec plugin to determin the permissions of the WordPress root (/):
echo substr( sprintf( '%o', fileperms( ABSPATH . '/' ) ), - 4 );dwinden
Even though iThemes claims multisite support, don’t use this plugin on multisite.
Multisite is poorly implemented. It does not function properly.
Multisite bugs hardly ever get fixed by iThemes …
There is a countless number of multisite specific bugs in this plugin.
Lots and lots of incorrect links …
And what is worse is that iThemes does not seem to care.Save yourself a lot of troubles. Don’t run this plugin in multisite 😉
dwinden
On my Apache 2.4.x web server the full text of the error in the error_log was:
AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace., referer: http://www.myspecificdomain.nl/
Note at the end a specific domain is mentioned as referer.
That referer should help identify from which of the 150 domains the error originates.dwinden
No, that is not the right module. And there is only one solution.
Try this. Create a temporary list_loaded_modules.php file and add these 5 lines of code:
<?php echo '<pre>'; print_r(apache_get_modules()); echo '</pre>'; ?>Put the list_loaded_modules.php file on your server in the public html folder. Then access the script like this:
The result should look similar to this:
Array
(
[0] => core
[1] => http_core
[2] => mod_so
[3] => sapi_apache2
[4] => mod_mime
[5] => mod_rewrite
[6]
…If mod_authz_host does not exist in the list contact your hosting provider and ask them to load the mod_authz_host module in Apache.
Hopefully they will help you and make the necessary change to the Apache configuration.Use the list_loaded_modules.php script to doublecheck.
Once the mod_authz_host module is loaded in Apache don’t forget to delete the list_loaded_modules.php script from your server.
dwinden
Make sure the mod_authz_host module is loaded by the Apache web server.
According to the Apache 2.4.x online docs:
Apache’s Require directive is used during the authorization phase to ensure that a user is allowed or denied access to a resource. mod_authz_host extends the authorization types with ip, host, forward-dns and local.
If the above info helps you solve this issue please mark this topic as ‘resolved’.
dwinden
Ok, so upgrading has nothing to do with this.
The following URL takes me straight to the admin login form:
http://johncodyonline.com/wp-login.php
And the following URL takes me straight to the registration form:
http://johncodyonline.com/wp-login.php?action=register
Looks like I can register anyone I want … (didn’t actually try though).
Not sure what to think of this …The Register/Login/Lost your password? links on the bottom of the login/register forms show a URL like this:
http://johncodyonline.com/home/articles/wp-login.php?action=… etc
Where is the home/articles path coming from ?
When clicked upon all these links the result is a not_found page …Going to the standard register URL gives me a Page Not Found error.
Going to the same URL with the secret slug, I do get the registration=disabled page.What exact URLs did you use ?
dwinden
@matt Sweeney
No problem at all 😉
Hmm, odd. Make sure the Write to Files setting in the Global Settings section of the Settings page is enabled.
Also check what web server is detected in the System Information metabox,
Server Information section->Server Type field, on the iTSec plugin Dashboard page.
Most likely Apache (version?), but you never know …dwinden
If it’s a temporary lockout it will expire in (default) 15 minutes.
If it’s a permanent ban navigate to the Security/Settings menu option in WP Dashboard. Select Banned Users from the drop down listbox and remove the IP from the Ban Hosts box. Then click on the Save All Changes button.
If the above info answers your question please mark this topic as ‘resolved’.
dwinden
Could you post the exact content of the email ?
Or forward the email to [ redacted, support is not offered via email, Skype, IM etc. only in the forums ].Did you just update to the new WordPress 4.5 release ?
If so, could it be updating WordPress triggers the register email ?
(Just guessing …) Did you also update WordPress 9 months ago ?The only iTSec plugin option (as far as I know) that is related to registration is in the Hide Login Area section.
If the Membership checkbox (Anyone can register) is enabled in the WordPress General Settings page the Hide Login Area feature allows you to specify a secret register slug.One other thing. What happens when you access the standard register url:
http://www.domain.com/wp-login.php?action=register
Note if you have specified a secret login slug in the Hide Backend feature, replace wp-login.php with the secret login slug.
Since the Membership checkbox (Anyone can register) is disabled you should be redirected to:http://www.domain.com/wp-login.php?registration=disabled
dwinden
Good morning rdekruijf,
I already tried yesterday, and I just tried it again and it works fine.
It seems that there is a cookie (myauthcookie) stored in the browser when the correct captcha is submitted. As long as that cookie does not expire the secret url will give immediate access to the admin login screen.
When I manually delete the cookie from my browser, accessing the secret url takes me to the captcha screen again.
I’m testing from the Mozilla Firefox 45.0.1 browser.
Please make sure your browser is able to create/save cookies.dwinden
I’m glad to hear re-installing the plugin solved the issue.
By default the Schedule Database Backups and File Change Detection settings are disabled.
As the issue seems to be solved please mark this topic as ‘resolved’.
dwinden