dwinden
Forum Replies Created
-
Ok, your symptoms are a little bit different.
And max_allowed_packets is already pretty high (64MB).Looks like there is a problem inserting (file change detection) data into the wp_options table.
WordPress tries to execute ‘SHOW FULL COLUMNS FROM wp_options’ first …
which fails for some reason.
Try and run ‘SHOW FULL COLUMNS FROM wp_options’ manually from phpMyAdmin and see what happens.What collation do the columns from this table use ? (utf8mb4_unicode_ci)
dwinden
The error probably indicates there is a plugin file missing (class-itsec-lib-utility.php). Looks like the plugin install got crippled.
Since there may be more files missing simply delete the content of the better-wp-security folder.
Then download a fresh copy of the plugin and copy a fresh set of files to the better-wp-security folder.dwinden
Not sure what is happening with the brute force notices …
But the SSL related deactivation warning is a newly introduced bug in the 5.2.0 release.
To fix it change the following line in the better-wp-security/core/modules/ssl/setup.php file:
add_action( 'itsec_modules_do_plugin_deactivation', array( $this, 'execute_deactivate' ) );into:
//add_action( 'itsec_modules_do_plugin_deactivation', array( $this, 'execute_deactivate' ) );But honestly it’s better to downgrade to the 5.1.1 release and wait for iThemes to fix all the issues introduced in the 5.2.0 release.
Skip this release and wait for the next update. Can’t give you any better advice.dwinden
@worthdesigning
Duplicate of this topic.
Next time please read through some topic titles before posting your own topic 😉
As this post answers your question please mark this topic as ‘resolved’.
dwinden
No probably the settings are not lost. Unless you deleted the plugin from the Plugins menu option in WP Dashboard.
Also note that the Security Status section on the iTSec plugin Dashboard has been removed in the 5.2.0 release.
According to the 5.2.0 Changelog:
Feature Removal: Removed the “Security Status” portion of the Security > Dashboard page. This is in preparation for a new tool that provides suggestions tailored to the site and server that Security is running on.
dwinden
Use the Hide Backend feature to prevent automated brute force attacks on the website login page (wp-login.php).
Disable (if possible) XMLRPC to prevent automated brute force attacks using XMLRPC (xmlrpc.php).If you require no more assistance please mark this topic as ‘resolved’.
dwinden
I believe your question as raised in this topic has been properly answered. If you agree please mark this topic as resolved.
If you value the Security Status feature more than anything listed as fixed or enhanced in the 5.2.0 Changelog, as a workaround simply download and install the previous (5.1.1) release.
It runs just as “smoothly” on the latest WordPress release (4.4.1) as the 5.2.0 release.dwinden
According to the 5.2.0 Changelog:
Feature Removal: Removed the “Security Status” portion of the Security > Dashboard page. This is in preparation for a new tool that provides suggestions tailored to the site and server that Security is running on.
If you value the Security Status feature more than anything listed as fixed or enhanced in the 5.2.0 Changelog, simply download and install the previous (5.1.1) release.
dwinden
Ok, so delete everything under the better-wp-security folder.
Then download the iTSec plugin from wordpress.org
Copy the fresh plugin files to the better-wp-security folder.Basically refresh all files of your installed copy of the iTSec plugin.
It seems your current installed copy of the iTSec plugin is somehow crippled\incomplete.dwinden
Log into you web hosting env or use an FTP program and log into your website server and then check for the existance of the C:\Inetpub\vhosts\alchemylife.gr\httpdocs\wp-content\plugins\better-wp-security\lib\icon-fonts\load.php file …
If you don’t know how to do the above contact your web hosting.
Note the path(s) in the error(s) indicates your website is probably hosted on a Windows platform (not linux).
dwinden
IP’s, domains and geog are irrelevant on the internet in my opinion …
Website attacks can originate from anywhere.I was focusing on getting the iTSec plugin properly configured to PREVENT any of these invalid login attempts from happening at all.
It’s nice to know the iTSec plugin is locking out those host IPs.
But it would be better when those malicious login attempts are not happening at all.
This translates into better performance for your website and less host lockout emails … and thus no worries about Amazone IPs 😉dwinden
Ok, I see.
Would still be interested to see the full content of the email notification received.
Based on the provided info so far I cannot determin whether it is a temporary host lockout or a permanent host ban occurring (yes there is a difference).
Also check whether the “Immediately ban a host that attempts to login using the “admin” username” setting is enabled in the Brute Force Protection section of the iTSec plugin Settings page.
Last but not least, have you enabled the iTSec plugin Hide Backend feature ?
dwinden