MikeHarrison

As a small business owner, I’m trying to administer my own site as best I can. As the site’s been hacked a couple of times (thankfully not severely… yet), I’m trying out various security plugins.

I had Better WP Security in place when another hacking took place. I wasn’t able to use all of its features a conflict developed between it and my theme, so I then added BulletProof Security. The two plugins haven’t caused a problem yet, but if Better WP Security wants to be writing to my root.htaccess, and I’ve just changed permissions, there will undoubtedly be a problem.

Do you think I can safely stop using Better WP Security and stick with your BulletProof Security?

Thanks for your quick reply!

Someone must’ve gotten into my root .htaccess file, but I don’t know why whatever was changed affected only some images and not all of them, nor any other content.

After just now replacing the root .htaccess with a copy of the one in the BPS backup folder, everything is back to normal. And, at the time I discovered the issue, I had not yet changed permissions on the files and folders as you recommend (including the root .htaccess), but I just did now, and everything looks fine.

Is changing permissions the same as locking a file?

Thanks again.

Thanks, Graham.

Is it because POST is being used that they’re also able to gain access despite being during the AWAY time?

FIXED!

There must have been something wrong with the database I was using. I found one that was newer (automatically created and sent to me by the Better WP Security plugin). I copied that to the _db_backup folder in the root directory, then logged into my hosting account with my ISP and performed a database restore.

Thank you –?immensely – for taking the time to help me. I appreciate it VERY much!

I have a complete copy of the entire site – including the database backup folder – on my computer (the backup was made just days ago), and just copied it back to the server. After doing that, the site now displays /wp-admin/install.php, claiming there’s no content. But there is. Files on the server looks are just as they were before the hacking.

I am using the theme ‘PerfectPixel.’ I downloaded it from the author and have been using it for three years.

But since posting this request I’ve discovered that the plugin Better WP Security caused the theme name to disappear from the menu.

When I disabled Better WP Security, the theme name returned to the menu. I was hoping to delete this request for assistance, but could not find out how.

Thank you for responding!

@andrew Bartel…

That insistent Russian ip address is receiving ‘403’ errors, but yesterday alone, it made 1,014 attempts to access the login page.

Your thoughts?

Thanks!

Thanks, songdogtech…

Yes, I’ve had a long block of Russian ip addresses (plus Korea and China) in my htaccess file for a while, and I had just added more from the site you linked to a few minutes ago.

I appreciate your help!

Thanks, esmi…

I began using that method over a year ago. I still use it and it still works for the most part but, apparently, there is a way determined hackers can get around that. Even though I have denied (many) specific ip addresses with .htaccess, some of them still show up on my server logs.

That’s what is frustrating to me.

Most of my bothersome ip addresses are in Russia and, to a somewhat lesser degree, China. And one ip in particular is becoming quite insistent.

What do you mean by going into apache administration and dropping the ban hammer?

Thanks, Andrew! For quite some time already I’ve had Limit Login Attempts in place, I do not use ‘Admin’ as the user name, and my login password is extremely strong, too. So maybe I’m just overly concerned unnecessarily.

Yesterday, for example, one ip address (according to server stats) logged 23 hours. You probably have lots more experience than I do, so if you don’t feel that much server time or a few hundred page requests from the same ip is a problem, then I won’t worry about it.

Thanks again. I appreciate the feedback.

Thanks. Yes, I’ve read those tutorials and even put their suggested code(s) into my .htaccess file, but they don’t seem to work. I have deny orders for specific ip addresses, yet those same address still show up in server logs.

Thanks, Andrew!

Andrea, I’m sorry we got off on the wrong foot. Really, I am. But the fact is, when I made my initial post here, reporting that the plug in did not work for me, I did so by merely stating facts. There was no attitude. I was not accusatory. YOU, however, responded with attitude, accusing me of not reading the instructions when, in fact, I had. Believe me, I tried to find a way to report this issue to you privately, but could find none. Now, please understand, as I write this, there is no attitude. I am simply explaining facts.

Anyone reading my first post can see that I needed help understanding the instructions, because I asked:

1. Whether some time had to pass after configuring before the plugin would work.
2. Whether there any browsers the plugin is incompatible with.
3. Whether I needed to allow popups for the challenge to appear.

I did, indeed, read all of the instructions, and at no point did they instruct me to tick a checkbox. They did, however say (or at least suggest) that the bookmarklet would be created and installed automatically, and that it would appear in place of or prior to my login screen. So, after following the instructions and this did not happen, what else was I supposed to think? If other users took it upon themselves to tick the checkbox, they made that decision on their own.

I’m fully cognizant of that fact that software is written by people all over the world and, at times, there will be some confusion due to language translation issues. The text at the configuration checkbox reads: ‘Send on next update.’ When I read that, I ask myself “Send what?” “On the next update of what?” I don’t know what that phrase means and, as there was no specific reference to it in the instructions, I felt it safer not to tick the checkbox. All too often, when someone selects an option they are not instructed to, something quite unexpected can – and often does – happen.

The fact that I didn’t know what a bookmarklet is is really irrelevant, as the instructions lead users to believe everything happens automatically. I know what a bookmark is; but bookmarklet was new to me. Most drivers have no clue what the alternator under their vehicle’s hood is or does, yet they have no trouble operating the vehicle. Yet, if the vehicle at some point breaks down because of an issue with the alternator, the driver is then at a loss.

When someone offers a product or service, it is not expected that users must search other or old forums to find information that was left out. When we go into a retail store and buy an appliance, we are accustomed to having all of the installation and operating instructions included with the unit. This is – at least in the U.S. – as common an expectation as the sun coming up in the morning. Over a long period of time, I have had no trouble installing and operating most other software. But there have been times when instructions were not clear, which required contacting the author.

We both had an issue with impatience here. I tend to write in detail to explain myself fully as. too often, people can misread the intention or emotion from text. So, again, my sincerest apologies that we got off on the wrong foot. Let’s both have a better day today.

Okay, because it seems the instructions are somewhat lacking in thoroughness, I decided to try something.

The instructions do state that the bookmarklet is automatically generated. But it is not stated how it is executed.

When I go to login.php, no challenge – or any sort of button or link to execute it automatically appears. I had to manually copy the bookmarklet link from the configuration page, and manually add it to my bookmarks folder, and then also manually retrieve and execute the bookmarklet.

ONLY THEN does the plugin work as you say it should.

I’ll wait for some kind of response from you. If I get none, then I won’t be using your plugin because, if this is the kind of support you provide (not to mention the smug attitude), I can do better elsewhere. And I will recommend that others do the same.