wp_kc
Forum Replies Created
-
I have never seen the whitelist IP addresses added to the .htaccess file in any version of BWPSecurity — even the versions that actually work. 😉
The way the plugin code works is that the whitelist is stored in the plugin’s options (in the WordPress database). When the plugin is testing the activity of a connected host to decided if it should lock out an IP address it is first checked against the whitelist. If it is in the whitelist, no action is taken. If it is not in the whitelist, then action is taken depending on how you have configured the plugin and what the activities of the connected host are. This could result in the IP address being added to the .htaccess file with a Deny directive.
But the plugin has never added the whitelist to .htaccess with an Allow directive in the past. It is unnecessary since the plugin will still have to examine the activities of each host that connects and still check the whitelist anyway.
If you can still access the admin part of a site, just deactivate and uninstall iThemes Security.
If you can’t access a site, you will have to do it manually, no removal tool will help you. You will need ftp or shell access to the site’s server so you can delete the /wp-content/plugins/better-wp-security/ folder from the site.
To go back to the pre-debacle version of Better WP Security, download this… http://downloads.wordpress.org/plugin/better-wp-security.3.6.5.zip
Unzip the file. Upload the better-wp-security folder to your site’s /wp-content/plugins/ folder. Log in to your site, enable the plugin and set it up. It might even have your old version 3.6 settings in there. Double check them.
Locked me out. The only way I could get back in was to…
* delete the plug-in folder.
* delete all itsec tables from the database.
* delete all iThemes Security entries in the .htaccess file.
* reinstall plug-in and reconfigure.Not a very friend way to update a plugin. Also… I am still see these in the 404 logs…
/wp-content/plugins/better-wp-security/lib/icon-fonts/fonts/ithemes-icons.ttf /wp-content/plugins/better-wp-security/lib/icon-fonts/fonts/ithemes-icons.woffI added that fonts folder to the 404 whitelist for now. But I could see how that could easily lock someone out in sort order.
See my post here for more information on the problems caused by the 4.0+ versions of this plugin when it comes to blocking IP addresses.
If they are using a proxy server, then the cpanel IP deny won’t help either. As far as the web server or cpanel are concerned the IP address connecting to the server is the IP address of the of the proxy server, not the IP address of the attacker.
Many proxy servers will report to the web server what the actual IP address of the user is with special headers. Better WP Security used to take advantage of this and would block connections from proxy servers that were passing through from the actual attacker.
But since version 4.0, this capability went away. The plug-in now provides less security than before. 🙁
There are two possible work-arounds.
One is to go back to version 3.6.6 of the plugin…
http://downloads.wordpress.org/plugin/better-wp-security.3.6.6.zipOr, disable all ban ip and 404 features until these bugs are fixed (which is less desirable because it opens you up to more problems).
This plugin used to handle banning people that were accessing your site through a proxy server. Now it is not. If you want this feature back, you need to install the pre-4.0 version of the plugin…
http://downloads.wordpress.org/plugin/better-wp-security.3.6.6.zip
Here is the current (as of 3/28/2014) Cloudflare whitelist is iThemes Security format (if you are using a pre-4.0 version, which is a good idea at the moment). Presented in separate code sections to get around the WordPress forums PasteBin requirements
199.27.128.* 199.27.129.* 199.27.130.* 199.27.130.* 199.27.131.* 199.27.132.* 199.27.133.* 199.27.134.* 199.27.135.*173.245.48.* 173.245.49.* 173.245.50.* 173.245.51.* 173.245.52.* 173.245.53.* 173.245.54.* 173.245.55.* 173.245.56.* 173.245.57.* 173.245.58.* 173.245.59.* 173.245.60.* 173.245.61.* 173.245.62.* 173.245.63.*103.21.244.* 103.21.245.* 103.21.246.* 103.21.247.* 103.22.200.* 103.22.201.* 103.22.202.* 103.22.203.*103.31.4.* 103.31.5.* 103.31.6.* 103.31.7.*141.101.64.* 141.101.65.* 141.101.66.* 141.101.67.* 141.101.68.* 141.101.69.* 141.101.70.* 141.101.71.* 141.101.72.* 141.101.73.* 141.101.74.* 141.101.75.* 141.101.76.* 141.101.77.* 141.101.78.* 141.101.79.*141.101.80.* 141.101.81.* 141.101.82.* 141.101.83.* 141.101.84.* 141.101.85.* 141.101.86.* 141.101.87.* 141.101.88.* 141.101.89.*141.101.90.* 141.101.91.* 141.101.92.* 141.101.93.* 141.101.94.* 141.101.95.* 141.101.96.* 141.101.97.* 141.101.98.* 141.101.99.* 141.101.100.* 141.101.101.* 141.101.102.* 141.101.103.* 141.101.104.* 141.101.105.* 141.101.106.* 141.101.107.* 141.101.108.* 141.101.109.*141.101.110.* 141.101.111.* 141.101.112.* 141.101.113.* 141.101.114.* 141.101.115.* 141.101.116.* 141.101.117.* 141.101.118.* 141.101.119.* 141.101.120.* 141.101.121.* 141.101.122.* 141.101.123.* 141.101.124.* 141.101.125.* 141.101.126.* 141.101.127.*108.162.192.* 108.162.193.* 108.162.194.* 108.162.195.* 108.162.196.* 108.162.197.* 108.162.198.* 108.162.199.* 108.162.200.* 108.162.201.* 108.162.202.* 108.162.203.* 108.162.204.* 108.162.205.* 108.162.206.* 108.162.207.* 108.162.208.* 108.162.209.* 108.162.210.* 108.162.211.* 108.162.212.* 108.162.213.* 108.162.214.* 108.162.215.* 108.162.216.* 108.162.217.* 108.162.218.* 108.162.219.* 108.162.220.* 108.162.221.* 108.162.222.* 108.162.223.* 108.162.224.* 108.162.225.* 108.162.226.* 108.162.227.* 108.162.228.* 108.162.229.* 108.162.230.*108.162.231.* 108.162.232.* 108.162.233.* 108.162.234.* 108.162.235.* 108.162.236.* 108.162.237.* 108.162.238.* 108.162.239.* 108.162.240.* 108.162.241.* 108.162.242.* 108.162.243.* 108.162.244.* 108.162.245.* 108.162.246.* 108.162.247.* 108.162.248.* 108.162.249.* 108.162.250.* 108.162.251.* 108.162.252.* 108.162.253.* 108.162.254.* 108.162.255.*190.93.240.* 190.93.241.* 190.93.242.* 190.93.243.* 190.93.244.* 190.93.245.* 190.93.246.* 190.93.247.* 190.93.248.* 190.93.249.* 190.93.250.* 190.93.251.* 190.93.252.* 190.93.253.* 190.93.254.* 190.93.255.*188.114.96.* 188.114.97.* 188.114.98.* 188.114.99.* 188.114.100.* 188.114.101.* 188.114.102.* 188.114.103.* 188.114.104.* 188.114.105.* 188.114.106.* 188.114.107.* 188.114.108.* 188.114.109.* 188.114.110.* 188.114.111.*197.234.240.* 197.234.241.* 197.234.242.* 197.234.243.*198.41.128.* 198.41.129.* 198.41.130.* 198.41.131.* 198.41.132.* 198.41.133.* 198.41.134.* 198.41.135.* 198.41.136.* 198.41.137.* 198.41.138.* 198.41.139.* 198.41.140.* 198.41.141.* 198.41.142.* 198.41.143.* 198.41.144.* 198.41.145.* 198.41.146.* 198.41.147.* 198.41.148.* 198.41.149.* 198.41.150.* 198.41.151.* 198.41.152.* 198.41.153.* 198.41.154.* 198.41.155.* 198.41.156.* 198.41.157.* 198.41.158.* 198.41.159.* 198.41.160.* 198.41.161.* 198.41.162.* 198.41.163.* 198.41.164.* 198.41.165.* 198.41.166.* 198.41.167.* 198.41.168.* 198.41.169.*198.41.170.* 198.41.171.* 198.41.172.* 198.41.173.* 198.41.174.* 198.41.175.* 198.41.176.* 198.41.177.* 198.41.178.* 198.41.179.* 198.41.180.* 198.41.181.* 198.41.182.* 198.41.183.* 198.41.184.* 198.41.185.* 198.41.186.* 198.41.187.* 198.41.188.* 198.41.189.* 198.41.190.* 198.41.191.* 198.41.192.* 198.41.193.* 198.41.194.* 198.41.195.* 198.41.196.* 198.41.197.* 198.41.198.* 198.41.199.* 198.41.200.* 198.41.201.* 198.41.202.* 198.41.203.* 198.41.204.* 198.41.205.* 198.41.206.* 198.41.207.* 198.41.208.* 198.41.209.*198.41.210.* 198.41.211.* 198.41.212.* 198.41.213.* 198.41.214.* 198.41.215.* 198.41.216.* 198.41.217.* 198.41.218.* 198.41.219.* 198.41.220.* 198.41.221.* 198.41.222.* 198.41.223.* 198.41.224.* 198.41.225.* 198.41.226.* 198.41.227.* 198.41.228.* 198.41.229.*198.41.230.* 198.41.231.* 198.41.232.* 198.41.233.* 198.41.234.* 198.41.235.* 198.41.236.* 198.41.237.* 198.41.238.* 198.41.239.* 198.41.240.* 198.41.241.* 198.41.242.* 198.41.243.* 198.41.244.* 198.41.245.* 198.41.246.* 198.41.247.* 198.41.248.* 198.41.249.* 198.41.250.* 198.41.251.* 198.41.252.* 198.41.253.* 198.41.254.* 198.41.255.*162.158.*.* 162.159.*.*Sad to see this plug-in go into the crapper. Being picked up by iThemes looks like it is going to be the death of it.
It is obvious that heavy emphasis has been placed on changing the look of the plug-in and zero emphasis on fixing old bugs, while create a whole host of new ones. New releases every day that seem to be poorly tested, if at all.
I highly recommend everyone go back to the 3.6.3 release until iThemes gets their act together…if ever…
https://github.com/ithemes/iThemes-Security/releases/tag/3.6.3
I think that HackRepair list is of very limited value. Any hacker worth their salt would make sure to set the user agent to something normal looking before accessing your web site.
In fact, I do this myself to my own web sites. I use a real cron job to handle WordPress’ scheduled tasklist. After installing BWPS I noticed the cron job wasn’t working. It turns out that WGET is one of the user agents in the HackRepair list.
So I simply used the user-agent option of wget and it started working again… like this….
wget --user-agent="Mozilla/5.0" http://www.mydomain.com/wp-cron.php?doing_wp_cronPretty sure most hackers would do the same, and the evidence of that is all over my log files.
Forum: Plugins
In reply to: [Facebook Album Sync] Images no longer showing in WP3.6 (and how to fix it)Hi m_mangold,
I was going to say the arrow animation is pretty cool and ask you how you did that! 😉
It’s not happening on any of the web sites that I use the fixed plugin on. So my guess is that you have either some javascript or HTML5 CSS animation installed on your site somewhere that is causing the animation. Try disabling other plugins one at a time until the animation goes away.
If that doesn’t get rid of the animation, try switching to a different WP theme temporarily. If that gets rid of the animation, then it is probably something in the javascript or CSS files on your theme that is causing it.
Personally, I think the animation looks pretty cool and I would just leave it. 🙂
Forum: Plugins
In reply to: [Facebook Album Sync] lightbox does not work.Forum: Plugins
In reply to: [Photospace Gallery] Can't access options pageI had this same problem and finally tracked it down to a conflict with the Better WP Security plug-in. If you use that plug-in, you need to disable the “Turn off file editor in WordPress Back-end” in the Tweaks tab.
If you aren’t using that plug-in, search your wp-config.php file for something like this…
define( 'DISALLOW_FILE_EDIT', true );If you find anything like that, you need to comment it out.
If you are concerned about security, you can turn file editing on long enough to set the Photospace Options, then turn it back off again.
I have no idea why Photospace breaks when this security feature is turned on.
Forum: Plugins
In reply to: [Facebook Album Sync] Albums and images not loadingSome possibilities…
* Your albums and images on Facebook need to have the security set so they are visible by Everyone.
* If you are trying to show albums from a FB Fan Page, you need to make sure there is no age restriction set on the fan page settings.
* You need to turn off any script blockers or ad blockers that might be preventing your web browser from accessing Facebook when you are trying to view a FB album through your web site.
* This plugin stopped working with version 3.6 of WordPress. See my post here for how to fix it.
Forum: Plugins
In reply to: [Facebook Album Sync] Problem with display imagesCheck this post.