How to RESET iThemes Security plugin to fix issues

Seems like having one or more WordPress websites without a security plugin is as smart as being online without antivirus software. Also seems like iThemes didn’t help it’s public image with its acquisition of WP Better Security.

“OK.. deleting this shitty plugin. Whoever reads this thread – BE WARNED!!!!! it is bugged as hell.”

“I am simply disappointed that they launched such a shitty product without, apparently any testing.. “

“So, everything is worse than before and I’m not sure how that happened.”

“Since I don’t trust this plugin anymore,….”

Others disagree….

“I’ve read several comments about dropping iThemes security plugin due to related problems. iThemes has a great product free of charge and works exceptionally well IMO. It’s worth taking a moment and troubleshooting the basics like what I’ve outlined and moving onto the more advanced stuff mentioned here as well.”

This forum topic has run into 3 pages already. Obviously, Viktor has been very helpful, but what’s next? Beyond iThemes Security, what other security plugin are worth considering? Any feedback on this?

Are the site owners or managers poorly affected by the switch to iThemes only a tiny fraction of all WP Better Security users? Or were there thousands affected? Probably hard to know.

Are many now seeking alternatives – who prefer not to use iThemes Security? There’s over 2,200 security plugins for WordPress, but the star ratings for the vast majority are based on very few votes, in some cases zero votes???

Is it fair to say iThemes Security should or should not be trusted or used? How risky is using iThemes Security? Is comparing any of the top rated WP security plugins like comparing apples and oranges?

Any feedback how to get sites back with security plugins considered as reliable as WP Better Security?

If the only problem you need to fix involves the improvements to the Hide Backend feature, you can go into your database and delete the itsec hide backend row to re-enable your wp-admin login URL.

That’s really the only feature that has been futzy for me, and as long as I check the new “theme compatibility mode” box, I don’t really have issues! But once in a while a client updates the plugin and gets locked out of their dashboard, so removing that itsec hide backend row in the DB allows me to get in there and reconfigure it myself.

I have used ithemes security with out any issues it does state that if you rename the content folder it can cause issues to already fully operational sites

This facility was also in the WP Better Security plugin anyway!!!

I am just looking to find out where i edit the files so on each new site i create the wp-content file is already edited

Regards

Juggy

I just want to thank Viktor for all his imput in helping people through this problem. If only there were more like you in the world Viktor.

Having said that it seems to me that this plugin is now not worth the effort. I was a strong supporter of it as Better WP Security, but it seems that the new owners are more interested in selling other products of fthe back of it.

Basically since the “Upgrade” or rewrite it no longer works and there is no support for it unless you pay. How can we possibly have faith in a product that so badly messes up.

I cannot see myself going through ten or more sites, fiddling about in the database and backend and still not really understanding why there is a problem and what has caused the issue.

I’m off to try other solutions stating with Wordfence. Anyone got any experience of that or other alternatives?

You’re welcome Lepussaliens, if I could only clone myself ??

Checkout:
– bulletproof security
– all in one wp security
– wp simple firewall

But do test before taking them live on the main website, they can cause issues. unfortunately, that’s the nature of the security beast. it tends to bite painfully sometimes.

This crap is killing me. I was in love w/ BWS a couple months ago when i found it. just in time to install it on 10 sites before it turned into completely useless – there’s no way to use it after it does this! It even continues hiding the login page after deactivation. I did the instructinos @ the beginning.
A NOTE FOR ITHEMES: WHEN YOU SCREW UP, CLAIM IT & PROVIDE SUPPORT LIKE ANY GOOD LOCAL TECHIE. FOR PETES SAKE. I WENT FROM IN LOVE TO DESPISING. I ALSO LOVE HOW THEY MADE 1 POST ABOUT IT (WHICH WAS INCOHERENT, IE THEY SAID TO VISIT YOUR WP-ADMIN URL (WHICH DOESN’T EXIST)). and then they closed the post & went silent about it. Jeez.

Viktor, hoping you might be able to advise:
I followed your steps at the beginning of this forum, and after just 1 and 2, I am getting “Error establishing a database connection” when I try to go to my admin in step 3.

So far, I have: backed up my database through phpMyadmin (had to reset the password to get logged in, but was successful with this), downloaded a copy of the site files as a backup via FTP, and then began with steps 1 and 2, renaming the better-wp-security folder to better-wp-security2 via FTP.

Any suggestions? This is a client’s site and while I’m fairly familiar with how to do the steps you outlined, I’m no expert and have no idea what went wrong… Thank you!

Perhaps unwisely, I continued through the steps, wondering if that Database Error was supposed to happen around step 3 and I was worrying over nothing. I walked through the rest in phpMyadmin and got to the end, and I still get the same Database Error when I try to log in to the normal wp-login.php admin login.

Any advice appreciated. Thank you!

Sorry for the numerous posts; I figured it out – forgot to update wp-config when I had to change the database password. I’m finally back in my admin and fingers crossed, things look to be okay so far!

johnsinsight do you still have issues with your sites or were you able to fix it? Might want to check htaccess file.

leigh, glad you were able to figure out your issue.

Viktor, thx!
I’m not able to fix. I only did the walkthrough @ the beginning of this post. I’ve only messed w/ phpmyadmin a few times but quite sure I did it correctly. If there are further directions, I’ve not done them…

Viktor: thanks a lot for those very useful instructions.
So far, I managed to solve the issues before they’ve gone too far.

Now I want to completely uninstall this thing. What procedure would you recommend for uninstalling without leaving screwed settings behind? Just deactivate and delete or anything else before that?

johnsinsight, if you deleted tables and options correctly, the last 2 places to check for issues would be htaccess and wp-config files. more likely htaccess file, so make sure your htaccess file is set to default:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Delete everything else.

John, deleting tables and options will remove all settings for the plugin. then deleting plugin folder, making sure htaccess does not have anything extra, and wp-config does not have extras as well. That should be complete uninstall.

Thanks!

For everyone who has had enough of the iThemes Security plugin!! Read the following (i’ll be brief):
In 2010 after a nasty break in on my server and losing 50+ site to a hacker I looked for an alternative to my hosting provided security package. I found a series of videos about securing my WP sites through a affiliate link. It was cheap (under $20.00 USD) and the info was solid. Better WP Security was one of the main plugins referenced in the tutorials and since implementing all the info I have not had a breach since (and my sites are still secure at this time). I have not shared this info before because I did not want anyone knowing what I do to secure my sites.

Today that series updated it’s info and I repurchased access for yet less than $20. The tutorials and info is completely new and it does not contain BWPS any longer. As a matter of fact the entire security suite of tools referenced is different. I have had great luck with the supplied info in locking down my sites from the last package.

Now I have just wasted several weeks trying to get iThemes Security to work without locking my clients and I out for the stupidest of sh*t. The whitelist obviously doesn’t work and the 404’s I’m getting from the log file don’t even exist (referenced URL’s with 404’s load perfectly fine so it’s a false positive from the new plugin)

I have listed a link on my personal website [link moderated] (at bottom of home page) that is an affiliate link for this info. Consider a small portion of your purchase a tip to me for turning you on to a solution that’s less than $150.00 or more a year. If you would rather not show any appreciation for my small bit of help, strip the affiliate link or just look up the product by it’s name on JVZoo.

My clients sites don’t get hacked because of the info I got from these guys. I’m sure a lot of you can appreciate a low cost solution that doesn’t involve “any corporations” blantant attempt to cash in on a security scare.