[Plugin: Better WP Security] 3.2.5 Breaks Sites Not Installed in the Root

Restoring the sites from backup then deactivating, deleting and installing Better WP Security resolved the issue

I think I was affected like this, too, but thankfully found an easier fix.

Updated the plugin, then immediately could not access the WP backend – error as detailed above in the original post – plus the actual website was corrupted.

After some googling, I discovered that this plugin changes the .HTACCESS file – sure enough, I am not installed in the root directory either. So I edited out all the lines in the HTACCESS file in my WP directory, and sure enough sanity is restored !

A simple enough fix, but a bit scary for a noobie like me. Also meant my site was down for a few hours whilst I looked for a fix, and bad timing cos the boss wanted to check on my progress this very morning !

Best of luck with future plugin updates, but sorry to say that I have now disabled this plugin and will not be using it again.

This was the code that I deleted – looks innocent enough, and I’ve no idea why it created the symptoms that it did – (actual IP addresses masked by me) –

# BEGIN Better WP Security
Order allow,deny
Allow from all
Deny from
Deny from 193.153.XX.YYY
Deny from 80.28.AAA.BB

# END Better WP Security

I have the same problem. When I erase the
Deny from
the problem is solved

good point – I wonder if that means “deny from” everywhere ?

Hi All,

The deny from is indeed a bug introduced due to a formatting change in the statement designed to make it easier for users to read their .htaccess files (a number of folks indicated putting all the ips on one line wasn’t ideal as they couldn’t easily read the statement). The bug should now be fixed in 3.2.6 however I say should as, in over 20 test sites I couldn’t reproduce the problem. That said, please let me know if you encounter the issue anymore with this new release.

I’ve just installed the version 3.2.6 and it works fine. Thanks a lot.

I was having this problem also (not the error, but couldn’t access my site), and mine is installed in a subdirectory.
I’ve updated the plugin to see if it will work better now.

Did it work for you Joy?

Yes, it is working now.

Hey there,
I am running a wordpress site with better wp security plugin on studentsstep.com, it is working fine. but when I install another wordpress in sub directory of main website ie studentsstep.com/jobs, its not working properly. I can’t access wp-admin page of my sub directory website but when I deactivate wp security plugin it works fine. I don’t want to disable the plugin.

please help.

I generally run my wordpress installations in a subfolder of the main domain as this adds a small layer of extra security to my sites. I’ve installed the Better WP Security plugin which has some great features but the one i’m really keen to get working is to change the login url i.e. change it from the default https://www.mysite.co.uk/subfolder/wp-login.php to something such as https://www.mysite.co.uk/subfolder/blog-access

What happens is: once I change the setting in the plugin and log out, the https://www.mysite.co.uk/subfolder/blog-access url just throws an error and then I’m locked out completely based on accessing an unknown URL. Even deleting the lockout entry for my IP from the database doesn’t get the login url working – so basically I can’t access my site at all.

I restored my site from a backup so I could get back in and reinstall the plugin but I’d really like to get this login masking feature working correctly – everything else works fine.

Quick tip for anyone using chrome (or other browsers with private/incognito mode) – when you make changes in the plugin, open an incognito window to see if your site works and if you can log in. If not, close incognito and go back and reset the changes you made. This way you won’t end up being completely locked out like i was the first time.