[Plugin: Better WP Security] 403 error at logout

Hi Sally,

That’s actually been an issue on and off for a while. Currently, with WP 3.4 it’s come back with the fix I needed to make to make hide backend work at all. I do know about it though and I do hope to have a complete fix for it in the next release (probably a week or two as I don’t want to start rapid-fire releases again).

Thanks for the quick reply! So glad to know that it’s a known thing. Appreciate your hard work and the next release.

Thanks Sally!

It’s also the same problem when you log in?
I’ve a 403 and then I need to remove manually the redirect url and then everything is fine, buy annoying for the users.
Any news about a patch and a release date?

Dom

Is there a solution or work around for this–even temporary? It’s causing issues with a membership site I have. I would like to keep using the plugin because I think it’s great overall, but getting a 403 error on log out just looks bad and reflects poorly on my business.

This has been marked as “resolved” but it is not , I also experienec it.

Is there a MOD who can change it back to unresolved?

We won’t change it. It will have been marked as resolved by the original poster or the plugin’s developer.

I am confused why esmi is responding for bit51 (it is their plugin).

If it is true that the issue will not be corrected, that is pretty bad. I recommend this plugin to a lot of my clients and on many blogs that I write for. This error is not insignificant. It should be corrected.

There is a solution–commenting out or removing the offending lines in the .htaccess file–but there should be a better resolution.

Looks like I will have to stop recommending this plugin until it is fixed.

Is there a MOD who can change it back to unresolved?

I am a moderator.

@esmi : ok thanks , i will contact the dev to set it to unresolved

Hello,

Sorry, I must have hit “resolved” instead of email me. As this isn’t the first time I’ve done this near the end of a lot of responses I’ll just do it outside of posts.

As for the fix, if I don’t have to spend much more time meeting with the doc this week I should have something by the weekend.

Any news about the fix/patch?

Dom

I have same problem. Persons having this error should also check to see if their registration page is available to new users. Both the logout and registration page are inaccessible when security is active. deactivate and they both work fine. So until there is a fix I guess this very useful tool will have to stay deactivated.

I get this same problem on the sites where I use this plugin. Log-out only. But wondering if it has something to do with a particular combination of settings.

At first I saw this only on one site today when I installed the plugin and configured it for the first time. Didn’t see it on the other site where I’ve used this for a while. But when I compared the settings and saved a revised setting for the older site it too resulted in 403 logout errors. When I went back and changed that one setting back, it didn’t fix anything. So maybe the process of updating the plugin and then saving a new setting triggers this under current version of WP? Not sure what the combo of settings would be if any but also a thought….

It doesn’t look like they are going to fix this issue. They’ve promised for some time now, but they never do it.

Anyway, you can resolve this by going to Security –> System Tweaks. Under “Server Tweaks” (the first section on the page) uncheck “Filter Suspicious Query Strings” and that should take care of it.

The redirection string was causing an issue. Shouldn’t be considered suspicious, but it is. If the plugin is ever updated, you will want to reenable this.

Hope that helps people.