obscured the login webpage

I “obscured” my login and admin webpage.

I wish people wouldn’t do that, it really only provides a false sense of security and can lead to this…

I forgot the new address, so that I cannot enter my administration site now.

I could not find your specific problem in this plugin’s FAQ. Have you tried contacting the author via his website?

https://bit51.com/support/

I tried, but you need to pay 40$ and I was expecting to solve the problem without that.

Finally, I managed to solve the problem. I just erased the plugin. It took a time to refresh to the old login page, though. Well, I supposed it was that … ‘Cause I didn’t do anything else and the problem got solved!

Thanks for your support.

Ivan Matellanes Fresnadillo.

ivanyez, Did you just delete the plugin folder via FTP? I’m having the same problem with one of my sites.

Hello (shawn00m & others):

I had the same problem. I could have caused it myself (in the MySQL back-end) or something else happened. I use KeePass to keep complicated passwords and the login URL and I just got 404 – no login page.

So I opened the htaccess file in the root directory of my site with a text editor (on-line or FTP – makes no difference).
IF you enabled blacklisting you may have many URLs at the top of that file. E.g.
# BEGIN Better WP Security
# Begin HackRepair.com Blacklist
RewriteEngine on
# Abuse Agent Blocking
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]

etc. – scroll down to the end.

LOOK FOR
RewriteRule ^open/?$ /wp-login.php?RandomString4urSite [R,L]

In your browser PASTE:
https://www.yourdomain.tld/wp-login.php?RandomString4urSite

You should be at your WP login-screen

Hope you had the same problem and this fixed it …
You just saved $40 in support (plus my $40 = nice dinner)

wishing you success with your fix …

Greets, Emstatay

Hi there,

I just erased the plugin via FTP and, it worked. However, nor after one or two days after erasing the folder could I actually enter the default login page. If you are in a hurry, you may use the tip that Emstatay said. I have not try this second tip, but it actually looks like it will be working fine.

Ivanyez

Hi there,

I just erased the plugin via FTP and, it worked. However, nor after one or two days after erasing the folder could I actually enter the default login page. If you are in a hurry, you may use the tip that Emstatay said. I have not try this second tip, but it actually looks like it will be working fine.

Ivanyez

Most plugins can be (temporary) disabled by deleting or renaming the plugin folder. You can use File Manager (cPanel) or FTP. This trick also works on this Better WP Security. But sometimes it may not work if you have enabled certain settings in the plugin.

In some cases, you may need to consider to completely remove this plugin. Here is how to do it:

1. Backup your website
It is a good idea to make a full backup (database and files) before continue to the next steps. If you’re lazy, it is enough just keep a copy of .htaccess file.

2. Modify the .htaccess file
Save the .htaccess file to your local computer. Open and edit the file using text editor (Notepad if you’re using Windows, or Text Editor if you’re using Ubuntu). Find the text “# BEGIN Better WP Security” and “ END Better WP Security” in the file. Delete all the lines between the #BEGIN… and #END… (which just mentioned), save it and upload it back to your website.

3. Delete the plugin folder
You can use File Manager or FTP to manually delete the plugin folder. Normally it is located at:
public_html/wp-content/plugins/better-wp-security

4. Delete some data in the database
You can use phpMyAdmin (cPanel) to search and delete the data left by this plugin. Use this SQL command to search the record

SELECT *
FROM 'wp_options'
WHERE option_name LIKE '%bwps%'

The results are the records with option_name:
– bit51_bwps_data
– bit51_bwps
– bwps_file_log

This plugin broke my sites several times. Usually if this plugin breaks your site, it means you have enabled certain feature that is not compatible with the other plugins you’re using or your webhost environment.

Using the steps above I can bring my site normal again. It will remove the plugin and its settings so it will be safe to reinstall the plugin and you can reconfigure the settings.

But if want to 100% remove it and revert all the things changed by this plugin, you also need to edit the wp-config.php file and wp-content folder. Here has the information provided directly by the author:
https://bit51.com/what-is-changed-by-better-wp-security/

Hello Handoko:

why the need to remove and leave other entries in your DB?
Use the above instructions to login to your site – then REMOVE the plugin from within WP if you really do not want it. CLEAN REMOVAL!

Yes, I admit that I got myself logged out. However looking at the log of my site and the high number of:
a) attempted logins with admin (and other combinations)
b) attempted page loads of default WP page names with scripts
I WILL LEAVE the modifications made by this plugin for a while because I think there are ACTUAL attempts to get into my site which have been reduced to nothing but a 404 record! So the trouble of getting back in – I confider it a MINOR problem compared to the number of login attempt.

Therefore, please note that my suggestions above simply allow you “back-in” to your site and you may decide what to do with the plugin [orderly removal possible!]

nothing more … greets … Tatay