dwinden
Forum Replies Created
-
I think you should know that this is not a general iTSec plugin issue.
I’m unable to reproduce the issue so it must be a user agent specific issue for your hosting env.You could try and temporarily comment out the line that blocks empty user agents in the .htaccess file like this:
# RewriteCond %{HTTP_USER_AGENT} “^$” [NC,OR]
But this is a bit of a wild guess.
Otherwise try and determin which user agent is being detected.
To do so follow these steps:- First make sure HackRepair.com’s blacklist is disabled.
- Use FireFox with the FireBug extension installed.
- In the FireBug console click on the little arrow right next to the Net menu option. Enable it.
- Then access the robots.txt file from the FireFox browser.
- Click on the + sign right in front of the request.
Since the HackRepair.com’s blacklist is disabled this should result in the content of the virtual robots.txt file being rendered.
In the FireBug console (Net->All) a single GET request for robots.txt will be displayed.This will show you the response and request headers of the request. Look for the value of the User-Agent header in the request headers.
Good luck !
dwinden
@TZAL
All I can say is log into the database using phpMyAdmin on the next day and check the value of the show_new_dashboard_notice setting in the itsec-storage option.
The itsec-storage option should exist as well as the show_new_dashboard_notice setting in it and it should have a value of 0.
If so this should prevent the notice from displaying.Perhaps there is a database process running overnight which clears the itsec-storage option. But that’s just a wild guess …
dwinden
When I click on the link in the e-mail, I come to the WP login, wether if I’m logged in or not…
Is the iTSec plugin (Advanced) Hide Backend feature enabled ?
dwinden
Correction: Ignore everything after “Anyway note …” in my previous post.
“the plugin settings” link is correctly generated and working properly.
Apologies for the confusion.
dwinden
Simply clicking on the the plugin settings link in the Daily Security Digest email (if already logged into the WordPress Dashboard) should ideally take you there.
However the link points to the iTSec plugin Settings page:
http://www.domain.com/wp-admin/admin.php?page=itsec
while perhaps it would make sense to let it point to:
http://www.domain.com/wp-admin/admin.php?page=itsec&module=global
And in line with this the link text in the Daily Security Digest email should perhaps be changed to the plugin Global Settings
Anyway note that the current the plugin settings link as well as my suggested one will show the following message in a blank page:
This has been disabled.
if clicked upon when you are not yet logged into the WordPress Dashboard and the Hide Backend feature is enabled and the Enable Redirection setting is not enabled …
iThemes developers should have a look at the link used in pre 5.4.0 releases that simply worked …
dwinden
@internationalis
Ok, so then it must be the HackRepair.com’s blacklist.
Try and disable it and see what happens.
Note wget and empty User Agents are blocked by the HackRepair.com’s blacklist. Those are known to cause trouble in some cases.
Your Ban Lists are probably empty because I don’t see anything related in your .htaccess file.
dwinden
Thank you for your feedback.
Did you actually try to manually access the URL:
from a browser (Google Chrome or Mozilla FireFox) ?
Or are those 403s reported in Google Search Console ?
Please upload your .htaccess file after obscuring any sensitive info.
dwinden
both were in accessible.
So the URL http://www.yourdomain.com/robots.txt returns a 403 (forbidden) ?
Are you using an actual robots.txt file which exists in the root of your WordPress install ?
(The reason why I ask is because WordPress by default uses a virtual robots.txt).dwinden
Whether the iTSec plugin lines are wiped from the .htaccess file or not you can always look them up in the Advanced module Server Config Rules.
Just tested deactivating the plugin and then reactivating it. Unfortunately this no longer regenerates the .htaccess content.
dwinden
Can you present any evidence to backup your observation ?
While not being able to access the robots.txt file Googlebot etc will still be able to crawl and index your website…
dwinden
@krzysztof Dryja(Aspexi)
Please note only issues/questions about the Free iTSec plugin are supposed to be posted in this forum. Pro users should create a support ticket here.
However since Away Mode is a feature that is also available in the Free plugin release you are in luck.
You may be interested in reading this topic.
dwinden
There are plenty other ones in the wordpress.org repository.
Instead of fighting symptoms perhaps it would be better if you prevented the website from being low hanging fruit on the internet …
😉dwinden
There is a solution available on this forum but in general the iTSec plugin and MultiSite is not a good combi …
So ditching sounds like the right thing to do when using MultiSite …
dwinden