Title: SoftBlue's Replies | WordPress.org

---

# SoftBlue

  [  ](https://wordpress.org/support/users/softblue/)

 *   [Profile](https://wordpress.org/support/users/softblue/)
 *   [Topics Started](https://wordpress.org/support/users/softblue/topics/)
 *   [Replies Created](https://wordpress.org/support/users/softblue/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/softblue/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/softblue/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/softblue/engagements/)
 *   [Favorites](https://wordpress.org/support/users/softblue/favorites/)

 Search replies:

## Forum Replies Created

Viewing 8 replies - 1 through 8 (of 8 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] After enabling Hide Backend still I am getting bad login attempt how?](https://wordpress.org/support/topic/after-enabling-hide-backend-still-i-am-getting-bad-login-attempt-how/)
 *  [SoftBlue](https://wordpress.org/support/users/softblue/)
 * (@softblue)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/after-enabling-hide-backend-still-i-am-getting-bad-login-attempt-how/#post-3328621)
 * Thanks for the fix.
 * On my site (using Chrome), the above fix seems to result in a recursion within.
   htaccess that ultimately resolves with a browser reported error. This doesn’t
   work well for me because it is where I get dumped off to after doing site updates&
   maintenance.
 * Using the following I was able to change the location to the default page for
   my site:
 * `RewriteRule .* http://mydomainname.com%{REQUEST_URL}? [R=301,L]`
 * I’m not proficient with .htaccess & regular expressions, so there must be a more
   elegant solution. Please exercise caution and use the previously mentioned precautions.
 * Hopefully this will be fixed in an upcoming release of the plugin.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] How to ban admin logins?](https://wordpress.org/support/topic/how-to-ban-admin-logins/)
 *  [SoftBlue](https://wordpress.org/support/users/softblue/)
 * (@softblue)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/how-to-ban-admin-logins/#post-3194807)
 * For those of us, and I expect we are legions, it would be nice if we could restrict
   access to admin from a list of IP addresses. I’m sure there are more pressing
   things on the agenda.
 * I seem to be getting hit by the loggedout=true hack. It appears from looking 
   at .htaccess that it should not be difficult to protect against. My problem is
   the number of sites that I will need to step through.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Install/Config Hide Backend Forbidden 403 error](https://wordpress.org/support/topic/installconfig-hide-backend-forbidden-403-error/)
 *  Thread Starter [SoftBlue](https://wordpress.org/support/users/softblue/)
 * (@softblue)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/installconfig-hide-backend-forbidden-403-error/#post-3316935)
 * **Update:**
    The reason some Secret Key strings fail is because the .htaccess
   file filters query strings for common commands and code fragments which are used
   for code injection. URL queries including SQL and some other code injection attempts
   are filtered out before reaching the Hide Backend commands. Apparently, when 
   the Secret Key string is created it is not checked to insure these are not inadvertently
   included in the Secret Key.
 * Having found the source of the problem and understanding its apparent cause has
   reafirrmed my trust in the Better WP Security plugin.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Out of memory problems with better wp security](https://wordpress.org/support/topic/out-of-memory-problems-with-better-wp-security/)
 *  [SoftBlue](https://wordpress.org/support/users/softblue/)
 * (@softblue)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/out-of-memory-problems-with-better-wp-security/#post-3252199)
 * I agree. Information access for problem solving/research is painful. I’m looking
   for other information and thought I could help some here.
 * Your memory report has a conflict. Limit in wp-config v. the maximum you report.
   Take a further look at where you are getting your numbers and try to resolve.
   Not probably what will fix your immediate problem.
 * Based on your report, there is a memory issue which needs to be addressed. It
   is installed in a lot of other systems. Keep your options open that this might
   not be the problem.
 * Try de-activating your other plugins. Something is definitely wrong. Although
   reported in WBS not conclusive as source.
 * Try turning off some of the plugin features and see if this helps.
 * The hide login option is one that I am looking at. Currently it is OK for me.
 * It is frustrating. The potential for error exists. The potential for self-inflicted
   damage exists.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Hash change on wp-config](https://wordpress.org/support/topic/hash-change-on-wp-config/)
 *  [SoftBlue](https://wordpress.org/support/users/softblue/)
 * (@softblue)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hash-change-on-wp-config/#post-3252241)
 * A file hash is a string that computed to uniquely identify the contents of a 
   file. It is used to determine if the file has been changed. When the hash computed
   through examination of the file has changed, the file has changed.
 * The plugin should report all changes. Including those you make at its direction.
 * The idea is that if it tells you something changed that you didn’t touch you 
   know you have a problem.
 * In this case, the plugin works as designed.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Better WP removal](https://wordpress.org/support/topic/better-wp-removal/)
 *  [SoftBlue](https://wordpress.org/support/users/softblue/)
 * (@softblue)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/better-wp-removal/#post-3247884)
 * I deleted my .htaccess and recreated with permalinks/save.
 * I agree this is a good plugin. It is trying to do some complicated things. I 
   expect not all possible things can be tested.
 * I’m testing the hide login and site change features. They have caused me trouble
   in the past, but seem to be working OK now.
 * In one of my tests it add further troubles with deactivate and re-activate. I
   ended up with lockout in admin pages. It seems like going with a scorched-earth
   full delete – full regression test without the plugin – then clean install is
   the way to go. That is what I’m doing with my site-by-site move to a new server.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Better WP removal](https://wordpress.org/support/topic/better-wp-removal/)
 *  [SoftBlue](https://wordpress.org/support/users/softblue/)
 * (@softblue)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/better-wp-removal/#post-3247879)
 * The problem is that when you remove the plug-in it drops a couple of carrage 
   returns onto the end of your config-wp.php file. PHP does not like this. There
   may not be ANY characters after the program terminator ( ?> ).
 * Open your config-wp.php and remove any extra invisible characters from the end
   of the file, and you should be good-to-go.
 * I have also noticed that the config-wp.php is set to read-only after plug-in 
   removal. Need to change to fix your config-wp.php file.
 * Hope this helps.
 * BTW: I like the plug-in. I removed it to facilitate moving my sites to a new 
   server.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] PLEASE Just Help Me Regain Access to Admin!](https://wordpress.org/support/topic/please-just-help-me-regain-access-to-admin/)
 *  [SoftBlue](https://wordpress.org/support/users/softblue/)
 * (@softblue)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/please-just-help-me-regain-access-to-admin/#post-3247878)
 * To recreate your .htacess file (from nothing) just go to settings/permalinks 
   and hit save.

Viewing 8 replies - 1 through 8 (of 8 total)