I Can't Login After Installing Better WP Security, Even wp-admin link Broken

had the same problem.
couldn’t login anymore.
i’ve just deleted this plugin

I had the same problem!!

Hi all.

The only solution to get back in to your site is to remove your .htaccess file which has been modified by BWPS.

I have experienced this problem with older versions but upgraded to BWPS 3.0.1 today which, again, rendered my site inaccessible.

The .htaccess file that crashes my site (giving a http 500 error) looks like this:

# BEGIN Better WP Security
Options All -Indexes

Order allow,deny
Allow from all
Deny from  

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]

RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]

# END Better WP Security

If someone could help out to identify what causes the http 500 error I’d be happy.

A few minutes later:

After having deleted almost every line in the BWPS generated .htaccess file I ended up with this, and my site is still inaccessible!

# BEGIN Better WP Security
Options All -Indexes

Order allow,deny
Allow from all
Deny from  

<IfModule mod_rewrite.c>
RewriteEngine On

# END Better WP Security

There has to be something seriously wrong happening when BWPS generates the .htaccess file, but I don’t know what it is…

The updated version seems to be working fine for me. Just thought I would share that.

Im using WP-buddypress and have same problems.
First i try just to update plugin and my website becomes unusable then i deleted plugin and cleared all data in database so i installed fresh…still didnt worked so i decided to delete once again and returned older version of plugin wotrked seamless so i uncheck all security options and cleaned database again includin cleaning .htacces file to be old wordpress wpconfig with normall permissions and i installed plugin again and doesnt working.
Some of server error are next:
WP database ‘mybase._bwps_lockouts’ doesn’t exist for query INSERT INTO _bwps_lockouts (type,active,starttime,exptime,host,user) VALUES (‘2′,’1′,’1330960478′,’1330960478′,’66.249.66.174’,”) made of require, require_once, include, get_header, locate_template, load_template, require_once, wp_head, do_action, call_user_func_array, bwps_secure->check404, bwps_secure->logevent, bwps_secure->lockout

‘mybase._bwps_log’ doesn’t exist for query SELECT COUNT(*) FROM _bwps_log WHERE type=2 AND host=’66.249.66.174′ AND timestamp > 1330960478; made of require, require_once, include, get_header, locate_template, load_template, require_once, wp_head, do_action, call_user_func_array, bwps_secure->check404, bwps_secure->logevent

i removed database prefix from this code but i hope that this will help making it fix.Just to mention my cleaning database have meaning that i deleted just records of site lockout and not whole table,also i noticed when i install never version and i want to untick all options there was an error becouse data in htacces file and wp-config staying nchanged for permissions and data stored while plugin was active i didnt check install file also.Can you make when i want to uninstall plugin to be all settings restored as was before installing it?in this case i must do manual.Thanks I think this is very good plugin and keep it working ppl ??

This is a simple problems. It is not because of upgrade or anything else. When you implement the Better WP security, there is a button to Hide Backend Options. The Security tool changed fro, wp-admin, wp-login etc to just admin, without the wp. So you can either log in by entering your domain followed by admin or login eg.
https://www.mydomain.com/admin or you can use the https://www.mydomain.com/wp-adminXXXX where XXXX is the secret code you were provided when you enabled the Hide Backend options: If this helped leave me a commment here on our blog. https://www.sleekwarehouse.com

where is saved secret key? I forgot it and now can’t login

I have the secret key but still can’t log in because I made the mistake of changing “login” “admin” and “register” with a word I can not remember and I stupidly did not write down.

Anything I can do? Or just keep trying to use words I thought I used?

xfalcon1 you can get it from your .htaccess file

OK, thanks to you all I could solve it. Opened the htaccess file editor and copypasted the wp-admin line as you said. Now we now the solution if the login page gets lost again. For the rest I am very happy with the pluguin. Feel safer!

Glad it’s working. Thanks for the followup.

I’m not able to find the wp-admin line in .htaccess. What section is it in and what should I look for? Thanks.

I simply can not figure out how to get in to my client’s site. I have tried every combination of /login , /admin, /login[secretcode] , /login?[secretcode] … etc. and can not get into the site.

Should I just rename the htaccess file and start with a blank one? Very frustrating

using /admin[secret code] isn’t working for me. still only getting “not_found”

I’m having the same problem and can not resolve the error not_found