dwinden
Forum Replies Created
-
Well at least the known MySQL bug got fixed in the 5.2.1 release.
As far as I know there is no official statement from iThemes claiming PHP 7.0.x compatibility for the iTSec plugin. So I guess we’ll just have to wait and see.
dwinden
The plugin deactivation SSL warning issue is fixed in the 5.2.1 version of the plugin released yesterday.
If you require no further assistance please mark this topic as ‘resolved’.
dwinden
If you require no further assistance please mark this topic as resolved.
(Bumping as you may not have received the emails triggered by my previous posts).dwinden
Ok no problem.
While you are at it also test and see whether this is still an issue in the 5.2.1 version of the iTSec plugin released yesterday.dwinden
Provide iThemes with exact steps to reproduce the issue here and no doubt they will fix the issue.
dwinden
I didn’t think so either but I just thought I better mention it.
Good luck with the fishing 😉
dwinden
FYI
The order in which the settings are displayed (and listed in the dropdown listbox) on the Settings page is back to normal after updating to the 5.2.1 version which was released yesterday.
Though sadly still no replacement for the Security Status metabox on the plugin Dashboard page.
dwinden
This message is controlled by enabling\disabling the Force Unique Nickname setting in the WordPress Tweaks section on the iTSec plugin Settings page.
However it is NOT recommended to disable this setting because it does more than meets the eye …
When creating a new WP user simply specify a first and last name.
A nickname will then automatically be composed using the specified first and last name.dwinden
Both the Brute Force PHP Notice and SSL deactivation PHP Warning are probably fixed in the iTSec plugin 5.2.1 update released yesterday.
From the 5.2.1 Changelog:
Bug Fix: Fixed warning that could occur on a failed login when Local Brute Force Detection is disabled.
Bug Fix: Fixed the cause of the following warning: call_user_func_array() expects parameter 1 to be a valid callback, class ‘ITSEC_SSL_Setup’ does not have a method ‘execute_deactivate’
dwinden
@chris Jean
As the Lead Developer for the iTSec plugin please respond to this topic.
And while you are at it why is the iTSec plugin core class changed to a singleton as of the 5.2.0 release? The answer is probably related to the other question(s) in this topic.
Thanks.
dwinden
Can you post the website URL so I can have a look at it ?
(I do realize that the iTSec plugin is probably deactivated).It would help a lot if you could log into phpMyAdmin and export
the content of the 3 wp_itsec_* tables and then provide us with that export file.
This would help in analyzing the exact cause for the host lockouts.Please note that even though I’m not an iThemes employee your data is safe with me.
dwinden
First of all the iTSec plugin 5.2.1 release seems to be working fine on either WP 4.4.1 or 4.4.2. So that means your issue is probably specific for this env.
Second of all I would recommend to fix the notices as advised in my previous post.
After reading the entire topic I think it is going to be hard to resolve this issue without access to the env.
dwinden
It’s unclear from your problem description whether you are unable to access the WP Dashboard login screen or whether you are unable to login from the WP Dashboard login screen after entering your username\password.
Anyway the iTSec plugin Hide Backend feature is working fine in WP 4.4.2 so there must be something wrong in your env.
Provide us with the website URL and we can take a quick look at it.
dwinden
Ah right, that setting would have been my next choice to disable …
There are a LOT of rules added to the .htaccess file by the HackRepair.com’s blacklist setting.
These rules are basically filtering out requests from bad User Agents and/or some known bad HTTP referrers.
You would have to identify the exact line that causes the 403 in order to get an answer to your question.
And as to why this feature only seems to affect this particular site I noticed the web server used for this site is probably LiteSpeed. Perhaps that is the differentiator.
dwinden