dwinden
Forum Replies Created
-
When enabling the Hide Backend feature an email is send containing the new login slug. So when you forget the new login slug simply check that email …
dwinden
The best solution would be to dynamically reload the Nginx configuration upon changes. This does not even require a restart of Nginx.
Combine that with a configuration management solution and you’re back in control. The configuration management solution monitors the conf file for changes and takes a predefined action upon a detected change.Did some internet reading on reloading the Nginx configuration. There seem to be 2 methods:
kill -HUP $( cat /path/to/nginx.pid )
or
nginx -s reload
You’ll only have to figure out how to combine that action with a configuration management solution. A unix\linux system administrator should be able to help you with that.
dwinden
I’ve done a quick Nginx test to see whether my theory is correct (or not).
And I can confirm it is exactly what happens when the Nginx config is not reloaded upon a conf file change (ban host IP).I guess this topic can now be marked as ‘resolved’ 😉
dwinden
@jonny Giddens
You can rename it into anything you want.
The effect of renaming a plugin folder is that it is automatically deactivated. Rename it to something like better-wp-security_deactivated.Out of curiosity, from what iTSec plugin version did you update ?
A recent one or an older release ?You can find the full version history here.
dwinden
@jonny Giddens
Use cPanel or FTP to access your hosting env and then rename the wp-content/plugins/better-wp-security folder.
dwinden
Activate the iTSec plugin and if enabled disable the Filter Suspicious Query Strings in the URL setting in the System Tweaks section on the Settings page.
It blocks http requests with ‘request’ string in the url …
Like:
http://www.nova-web.org/novasecurity/wp-admin/admin-ajax.php?action=category_ajax_request&category=13301dwinden
Thank you. That makes things a little bit clearer.
Ok, so you have proven there is something going wrong when the iTSec plugin is activated.I have proven that the admin-ajax.php file can be accessed while using the Hide Backend secret login slug. So that is not the problem.
What happens when you activate the iTSec plugin but disable the Hide Backend setting ?
I think you will need to have a look at the code of the category_ajax_request and get_currency_ajax_request ajax callback functions. Or post the code of those php functions somewhere on the internet so I can have a look at it.
Also check the error_log for any errors.
dwinden
Ok, I see.
I think http://www.nova-web.org/novasecurity/wp-admin/admin-ajax.php works just fine as it returns 0. If the admin-ajax.php file is not accessible it would return a 404 error (page not found).
Only when using ?action=category_ajax_request or ?action=get_currency_ajax_request a 404 is returned.
However ?action=test does not return a 404 …I also did a quick admin-ajax.php test in my own env while using a secret login slug. It works just fine.
dwinden
I fail to see how this question relates to the iTSec plugin ?
Perhaps you can explain the issue a bit more.dwinden
@rush Hour Marketing Technology
No, probably not.
The database settings are probably still there.Run this SQL command from phpMyAdmin to see whether the iTSec plugin options/transients still exist in the database:
select * from wp_options where option_name like ‘%itsec%’;
iTSec plugin deactivation and delete is the easiest way to clean up the database.
dwinden
As this issue seems to be solved please take a moment and mark this topic as ‘resolved’.
dwinden