Please ignore the @wpbeveiligen suggestions\recommendations.
Follow these instructions to reset the iTSec Plugin.
Add the following line in the wp-config.php file:
define('ITSEC_DEVELOPMENT', true);
Make sure to add the line BEFORE this line:
/* That’s all, stop editing! Happy blogging. */
This may be a good moment to create a database backup. You decide …
Login WP Dashboard and deactivate the iTSec plugin. This will ensure all iTSec plugin database stuff and changes to .htaccess\wp-config.php files are removed.
Check your WP root .htaccess file and make sure there are no iTSec plugin entries left. Manually remove anything left related to the iTSec plugin.
Next, as a precaution, create a copy of the wp-content/plugins/ithemes-security-pro/core/class-itsec-files.php file. Edit the class-itsec-files.php file. Change this line:
if ( is_error( $result ) ) {
to:
if ( is_wp_error( $result ) ) {
This will fix a bug related to Quick ban which was introduced in the iTSec plugin 4.8 release.
Now reactivate the iTSec plugin.
(At this point you could remove the ‘ITSEC_DEVELOPMENT’ line from the wp-config.php file).
Click on the blue Secure Your Site Now button.
In the Important First Steps screen click on the following buttons:
– Make a backup
– Allow File Updates
– One-Click Secure
Close or Dismiss the Important First Steps screen.
Click on the Settings tab.
In the Global Settings section click on the “Add my current IP to Whitelist” button.
In the Banned Users section enable the Ban Users checkbox.
In the Brute Force Protection section enable the Automatically ban “admin” user checkbox.
Finally click on any “Save All Changes” button.
From this moment on monitor the .htaccess file for proper iTSec plugin entries.
If the brute force attack stopped by now, perform a test yourself.
From any computer, not the one with the whitelisted ip address, try to login as admin user. This should trigger a quick ban and proper entries should display in the .htaccess file.
dwinden