dwinden
Forum Replies Created
-
Nothing to worry about.
Build Version 4040 is the version for the 3 database tables used by the 5.3.4 iTSec plugin release.
So there is an iTSec plugin version: 5.3.4
And a database tables build version to go with it: 4040The 3 iTSec plugin database tables are:
- wp_itsec_lockouts
- wp_itsec_log
- wp_itsec_temp
If this answers your question please mark this topic as ‘resolved’.
dwinden
What web server and what version of that web server are you using ?
Is the server where the website is hosted a Linux or Windows based server ?
dwinden
Ok, this website is vulnerable for automated brute force attacks because
wp-login.php and xmlrpc.php are both accessible.Enable the iTSec plugin Hide Backend feature.
Also try and disable XMLRPC (if not used) in the WordPress Tweaks section of the Settings page.That will stop most (if not all) of the automated brute force attacks.
Also update the iTSec plugin (5.2.1) to the latest release (5.3.4)
Addendum:
I just noticed that this website seems to be running on Nginx web server.
You can verify this from the iTSec plugin Dashboard page, System Information, Server Information, Server Type.
This means it does not make use of a .htaccess file.
Instead it uses an iTSec plugin specific nginx.conf file which must be included in the main nginx.conf file.
Also for changes in the iTSec plugin specific nginx.conf file to have any effect the Nginx main config file needs to be reloaded.dwinden
There is no need to change any of the default settings.
So return these (and any others) to their default values.Blacklist Threshold – 3 Lockouts
Lockout Period – 15 Minutes
Max Login Attempts Per Host – 5 Attempts
Max Login Attempts Per User – 10 AttemptsThe iTSec plugin Brute Force Protection feature may affect your sites performance (through large amounts of IPs banned in .htaccess) causing your site to drop in google rankings. Simply prevent any login attempts from happening. Whether this is feasible for your site depends on the site offering login or not and other settings.
That said it is normally the iTSec plugin 404 Detection feature that causes trouble for the googlebot.
So is this feature enabled ?The two plugin features that potentially impact site performance the most are Scheduled Database Backups and File Change Detection.
If enabled it would be best to let WP Cron handle these tasks instead of at page load/site access.
This can be achieved by defining certain constants in the wp-config.php file.Scheduled Database Backups -> ITSEC_BACKUP_CRON
File Change Detection -> ITSEC_FILE_CHECK_CRON
For example:
define('ITSEC_BACKUP_CRON', true); define('ITSEC_FILE_CHECK_CRON', true);If the iTSec plugin is causing trouble it’s often because it was not configured properly. One-Click security does not exist …
dwinden
@jonny Giddens
Allthough this particular fatal error is not specifically mentioned as fixed in the 5.3.4 Changelog I think this issue was fixed in the latest (5.3.4) release.
According to the 5.3.4 Changelog:
Bug Fix: If a cryptographically secure log file name can’t be generated, queue up log file writes until we can.
Please verify this issue is fixed in the 5.3.4 release.
If the issue turns out to be fixed please mark this topic as ‘resolved’.
dwinden
Allthough this particular fatal error is not specifically mentioned as fixed in the 5.3.4 Changelog I think this issue was fixed in the latest (5.3.4) release.
According to the 5.3.4 Changelog:
Bug Fix: If a cryptographically secure log file name can’t be generated, queue up log file writes until we can.
Please verify this issue is fixed in the 5.3.4 release.
If the issue turns out to be fixed please mark this topic as ‘resolved’.
dwinden
This bug was fixed in the latest (5.3.4) release.
According to the 5.3.4 Changelog:
Bug Fix: Updated the link to sign up for security guide download to point to a https address. This is better security and prevents warnings when submitting from a http site in some browsers.
As this issue has now been solved please take a moment and mark this topic as ‘resolved’.
dwinden
@roman Bondar
This bug was fixed in the latest (5.3.4) release.
According to the 5.3.4 Changelog:
Bug Fix: Updated the link to sign up for security guide download to point to a https address. This is better security and prevents warnings when submitting from a http site in some browsers.
As this issue has now been solved please take a moment and mark this topic as ‘resolved’.
dwinden
@john D’Orazio
This bug was fixed in the latest (5.3.4) release.
According to the 5.3.4 Changelog:
Bug Fix: Updated the link to sign up for security guide download to point to a https address. This is better security and prevents warnings when submitting from a http site in some browsers.
As this issue has now been solved please take a moment and mark this topic as ‘resolved’.
dwinden
If you require no further assistance please take a moment to mark this topic as ‘resolved’.
dwinden
Ok, thanks for letting the community know what not to ask from you.
But what do you expect from the community (or iThemes) ?
It seems your crashed website is accessible again …Anyway you could have saved you the trouble of creating a topic since the same error was already reported in a previous topic 2 days ago.
dwinden
Glad to hear you were able to find the Hide Backend email.
As this issue seems to be resolved please take a moment and mark this topic as ‘resolved’.
dwinden