dwinden
Forum Replies Created
-
Ah, right. I knew I was missing something …
For all email accounts but 1 scroll to the bottom of such an email and click on the unsubscribe me from this list link.
If the above info answers your question please mark this topic as ‘resolved’.
dwinden
Unregardless of the result of a File Change Detection scan the iTSec plugin will always add a log entry. So this explains the empty one(s).
‘d =’ -> date in seconds
‘h =’ -> hash of fileSelect File Change History from the Select Filter: dropdown listbox at the top of the Logs. This way when you click on the Details link you will be presented with the same info but this time in an easier to interpret format.
Note this way there are also no Details links presented for File Change Detection log entries which are empty (no changes found).dwinden
Depending on how the iTSec plugin is configured it sends several types of emails. So in order to be able to answer your question we need to know what email(s) you are referring to ?
- Backup email
- File Change Detection email
- Lockout email
- Daily Security Digest email
Also note these emails are send for a reason.
dwinden
This feature is indeed not included in the current iTSec plugin release.
But all you need to do is to hook into the wp_login action.
This can also be done from the active theme functions.php file.Anyway it’s better to submit your feature request here.
Or if it already exists on iThemes Public Roadmap register and upvote it.dwinden
Generally there is an error reported in the web server error_log that helps in determining what is causing the internal server error 500.
dwinden
I’m afraid your website is an easy target for brute force attacks …
WP Dashboard login screen can be accessed using the default wp-admin slug …
User enumeration reveals user names (like ‘root’ which you should NEVER use!).I’m pretty sure your website suffered from a brute force attack …
You really need to properly configure the iTSec plugin to improve your website security …dwinden
Check the content of the wp-config.php file for this line:
define( ‘DISALLOW_FILE_EDIT’, true ); // Disable File Editor – Security > Settings > WordPress Tweaks > File Editor
If it exists disable this iTSec option by navigating to the option as documented.
dwinden
This can happen while a brute force attack is taking place on the website.
The temporary user lockout is then immediately locked out again after the user lockout expires. This way the temp user lockout behaves more like a permanent user lockout …The website is probably leaking the user names. And the brute force attack tries to brute force those users …
Prevent user leakage from your website and this is all history.
Post the website address and I’ll confirm whether the website is leaking user names.dwinden
@Agbams
Ah, glad to hear the issue is resolved.
Next time do mention you are using MultiSite in the topic 😉
The wp_sitemeta table is the wp_options table equivalent for Network plugins in MultiSite. And the iTSec plugin runs as a network plugin in MultiSite.
dwinden
If you require no further assistance please take a moment to mark this topic as ‘resolved’.
dwinden
@Agbams
Ok, the only thing I can think of is manually disabling the iTSec plugin SSL settings in the database.
So on you local machine env log into your database using phpMyAdmin and execute the following command:select * from wp_options where option_name = ‘itsec_ssl’;
Change the serialized option_value value displayed:
a:2:{s:8:”frontend”;i:1;s:5:”admin”;b:1;}
or
a:2:{s:8:”frontend”;i:2;s:5:”admin”;b:1;}
to:
a:2:{s:8:”frontend”;i:0;s:5:”admin”;b:0;}
That should do the trick.
dwinden
I understand you are worried about the database backup file size(.zip).
I think the database\backup (zip) file sizes are as can be expected based on the info provided.
If you are not convinced, extract the .zip file and check the content of the resulting .sql file.Do note it is a Database Backup only. It does not contain a backup of the WordPress\plugins\themes files etc.
dwinden
The topic creator posted the following in the linked topic:
So, I need a better zip file extractor than windows. OK
Aside from that though, the backup size is very small at 223K. When I go into cpanel and look at the SQL DB it’s 5.l M.
This backup from iThemes Security looks like it’s not much of a backup. How do I get a real backup?