MikeHarrison

Solved, but not by reconfiguring any theme options or the theme itself, but by installing the “Disable Comments” plugin.

Many, many thanks, WPyogi!

Fantastic! I can’t thank you enough, not only for the information and the links, but that you were able (and willing) to help me so quickly!

One final question; unrelated to my situation: a very good friend who is an established (and excellent) graphic designer is considering learning WordPress so that she can also offer website creation to her clients. However, like me, she is a solo entrepreneur, busy keeping a business going.

How would you describe the WordPress learning curve; is it something that people – like myself, with no prior coding experience – can fairly easily master?

Many thanks for your speedy responses, WPyogi. It is very much appreciated!

By copying my existing site into a sub-directory, would I need to create a new admin account so as to avoid login confusion between the existing site and the new one?

Thanks, WPyogi!

Please forgive my ignorance. While I’m able to administer my site as it was set up by someone else, I do not know how to do what you suggest. With the latest update of WordPress, the themes I have are: twentytwelve, twentythirteen, twentyfourteen and twentyfifteen. Apparently, the earlier themes were deleted during the update.

Thanks.

I have never checked with my host about whether or not they are unlocking my .htaccess file because I was never aware of a potential lock/unlock problem prior to today. But I can tell you that when I log in to my dashboard every morning and check Security Status, the permissions on the root folder .htaccess file are set to 404.

My root folder htaccess file is – and has been – locked, according to the little blue square that says ON immediately to the right of the Turn On AutoLock button. And I see the instruction that reads: “Use the Lock and Unlock buttons below to Lock or Unlock your root .htaccess file for editing.” However, thus far, anytime I’ve had to update my ip address, I’ve never first unlocked the file. Yet, upon saving the updated ip address, the change was accepted and there was never anything that told me otherwise.

A month ago, when my ISP changed my ip address without my knowing it, I tried to log in and the login page went into a redirect loop. That’s what made me realize my ip address must’ve changed. And, when I confirmed that it had, I was able to do what was necessary (temporarily disabled BPS) to log into my dashboard, update and save the custom code, after which I was able to log in conventionally again. So we know, at that time, nothing seemed amiss.

Just to confirm, the brute force login protection code I am using was copied from the first post on this page: https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/ The instructions on where to paste the code came from the same page: “If you have BPS or BPS Pro installed this custom .htaccess code goes in the CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here text box.”

I just discovered that simply turning the Security Logging function on or off will cause the root folder .htaccess file permissions to revert to 0644.

My current plugins (which are all kept up-to-date; updated as soon as a new version is released):

– Akismet
– All In One Webmaster
– Bulletproof Security
– cforms
– Platinum SEO Pack
– Redirection
– SI Captcha Anti-Spam
– Theme Check
– zbPlayer (for playing mp3 audio files)

I think I’ve addressed everything you said in your last post. And, again, my apologies for the confusion and my sincere thanks for helping me sort this out.

Yes, thanks, I’m aware that ISPs will change ip addresses. And, yes, AutoLock is turned on.

But, as I said, I had updated my root htaccess custom code when my ip address changed about a month ago. That’s why I became concerned that the custom code – when checked yesterday – showed the previous ip address. We need to find out how this happened so it can be prevented from happening again, no?

For example, if I had forgotten to have BPS back-up the htaccess file(s) after making that code change a month ago, is it possible that the backup file was somehow made the active file? I ask this because if the ip address in the custom code is wrong, I am theoretically not supposed to be able to even gain access to the login page.

Yet, that was not the case yesterday, when the ip address was not correct and I was still able to log in.

Regarding the instructions, thank you for spelling out those three steps. But shouldn’t a backup be made after making changes to custom code? And, at what point after making a change to the custom code do the root folder htaccess file permissions revert to 644? Do they revert immediately after making the code change, or do they revert after clicking the AutoMagic buttons, or after activating Bulletproof Mode? I’m asking this so, rather than having to update the permissions to 404 several times, I make the update once. Please clarify the instructions to include this.

Thanks! I really appreciate your help.

Many thanks!

Many thanks! I appreciate the work behind BPS and your help.

I THINK I’ve solved this.

I may be back ??

SOLVED!

Yes, at one time I had been using Better WP Security, as well, but your BPS made it unnecessary, so I no longer use it. BPS is the only security plugin I use now.

I followed your advice and was able to gain access. Very glad you mentioned Custom Code. We had added some code to prevent brute force logins by allowing access only to the first three quadrants of what had been my ip address. My ip address changed in the last day or two and the Custom Code worked by denying me access to the login page.

I updated the code and now all is well.

Many thanks for your quick and helpful response!

I have what I suspect may be a very small number of plugins (9) compared to what other admins might have. My website is a very simple and basic one, whereas others are undoubtedly more complex.

But BPS has made it so that I have no need for any other security plugins.

Here’s a case where less is more. ??

Yes, I see those buttons, and AutoLock is ON. Also, everything on the Security Status page is green with checkmarks, and all permissions are correct, as recommended.

I made another donation to your work. BPS has taken the stress out of my website administration, and I appreciate it.

Ah! I wrote my last post as you were posting your last one.

UPDATE: Solved.

I can’t thank you enough for your help… and patience. This was my error.

As I mentioned above, I thought I may have forgotten to create the secure.htaccess file after I had created the default.htaccess file. So before adding the skip/bypass rules you provided, I decided to go back and create the secure.htaccess file. I then re-activated the security modes and, after doing so, the missing images appeared.

Again, my sincerest apologies for having wasted your time. I do appreciate the help!

Many thanks!