mbnocx
Forum Replies Created
-
Forum: Plugins
In reply to: [Easy HTTPS Redirection (SSL)] 403'd EverythingI followed mikeotgaar’s steps of removing .htaccess, renaming/deleting the plugin directory, and modifying some entries in the database to get back into my WP site. Seems this might still be an issue with the latest version of the plugin.
Forum: Plugins
In reply to: [Easy HTTPS Redirection (SSL)] 403'd EverythingBy the way, I already removed this code from .htaccess and I still get the 403 errors:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on [NC]</IfModule>
Forum: Plugins
In reply to: [Easy HTTPS Redirection (SSL)] 403'd EverythingI am having this exact same problem. I have the latest version of this plugin installed and after enabling the options I get a 403 error on all pages including WP-Admin. I did have WordPress HTTPS installed like the last person but I disabled that before doing anything with this. What do I need to edit in .htaccess to turn this plugin off? I have already renamed the plugin directory under wp-content and that did nothing. I am currently locked out of my site.
mbnocx: Do you have 2.9.3 now, and do you still have errors?
I am no longer having any issues. I was just concerned as to why the file was deleted but I would agree that this is not a plugin issue and could be something with my host (hopefully nothing worse).
I am good though. 🙂
In my case it definitely was not a bad download as I have had Jetpack installed for many months. The errors I was getting all pointed to the ‘class.jetpack-heartbeat.php’ file as missing, which it was. I am concerned why that file suddenly disappeared when I myself never deleted it. I will check with my host as well just in case something else is going on.
Thank you for the info.
Thanks, I am trying that now. Do you know of any way to import my settings from the previous plugin folder (which I simply renamed) to the one I am now uploading? Thanks!
Good news! The problem is fixed. 🙂
Here is what I did:
* I wrote down all of the settings that I had enabled in this plugin and then disabled the security and firewall features.
* I had already backed up the .htaccess file and removed all the references to this plugin as discussed above.
* Once I disabled the security and firewall features, I uninstalled the plugin completely.
* I then replaced the .htaccess file with the more basic one (no All In One WP Security references).I reinstalled the plugin and started re-selecting all of the features I had previously chosen. After every few screens I would test the access from both my home PC and work PC. After about half way through, the problem returned. I narrowed down the problem to one specific checkbox.
With the Rename Login Page option enabled (no other brute force options were chosen) I had the problem when I also selected Firewall > Additional Firewall Rules > Proxy Comment Posting (Forbid Proxy Comment Posting). With this feature selected and the rename option enabled I cannot login from other PC’s. As soon as I disabled this Forbid Proxy Comment Posting option the problem went away.
If anyone else is having this problem try removing the one option above and see what happens. I am curious if this solves Dennis’ (appleisle) issue as well.
OK, that was simple. I don’t know why I just didn’t look at the file. 🙂 Thanks! I will re-post back once I have tried going back.
Is there a way (of course there is but I wonder the best way) to start over with a fresh .htaccess file and then activate each of the options we want in this plugin? I only have a couple of backups of my .htaccess and they were all when having All In One WP Security installed. I can easily write down all the checkboxes I have selected, uninstall the plugin, and reinstall again. But, my guess would be that the .htaccess won’t go back to the standard. Any ideas of the best way for this? Then I can only select the rename and not touch cookie based options. Just an idea. 🙂
Today I tried an alternate Plug-in ‘Re-name wp-login.php’ and it does not fail the http://www.mysite.com/wp-admin test – result is NO ACCESS.
This is the other plugin I tried a couple of months ago that also did not work for me. I stopped using it when I could not get it to work.
Thanks for all the responses everyone. I checked the settings I have enabled and under Brute Force the only option selected is the Rename Login Page. I did at one time try the cookie based brute force option but I have since unselected that (prior to selecting the rename login page option).
@mbrsolution, I did check that tutorial which was helpful for understanding a few things I did not know. Thanks! But, even deleting all cookies, cache, and temp files on each computer I am at the same spot.
If I turn off the rename login page option I can then get to the wp-login page from any computer I am using and login. With it enabled I still can get to that page but then I get the “403 Forbidden” message on anything other than my home PC.
OK, here is the odd thing. 🙂 Maybe someone can explain why this happened.
Yesterday I get the 403 Access Denied error from two different computers, using different browsers, and also from my smartphone when going to WP-Admin. I then replaced the .htaccess file and I was able to get in.
While at home last night I renamed the new .htaccess file to .htaccess.bak and put the original file back that was there when I could not get in earlier in the day. Now I am not having any problems getting to WP-Admin even with the .htaccess file that was in place yesterday when I could not get there.
What would cause this all to happen? This has me confused. 🙂
Thank you for the feedback. In what way did you believe that I had enabled more firewall settings? I have been using this plugin for the past couple of months and aside from the initial configuration back at the beginning, the only changes I have been making the past several weeks is checking the failed login records and adding those IP’s to my blocked list.
As mentioned, there was an update to the plugin recently and although I cannot say that is what caused this, that is the only thing that has changed. I have not modified any of the firewall settings and I also have everything using the ‘basic’ features and have been since starting to use the plugin. If additional firewall settings were enabled then it was done by someone other than me (I’m the only one with access to my blog).
I will check out the links you provided so I can add back whatever is truly needed in the .htaccess file.
Thanks,
Thanks for the response mra13. Yes, this does appear to be something from this plugin.
What I mean by the cPanel note is that when I login to my cPanel at my hosting company, go to ‘Addon Domains’ and look at the domain that my WP blog is installed on, it has a redirection to the following command/file/entry (whatever this is):
/(.*)/xmlrpc\.php$I also went to cPanel, then to ‘Redirects’ and it shows that all of my domains have a 403 redirection going to this same string:
/(.*)/xmlrpc\.php$I find this exact same string in my .htaccess file which leads me to believe this is all normal behavior. Since I was not sure, and I was a bit concerned my site and/or my cPanel login were hacked, I wanted to make sure.
#AIOWPS_BASIC_HTACCESS_RULES_END #AIOWPS_PINGBACK_HTACCESS_RULES_START <IfModule mod_alias.c> RedirectMatch 403 /(.*)/xmlrpc\.php$ </IfModule>