pronl

Today iThemes released a 5.8.1 plugin update which fixes the email attachment issue (and nothing else).

Today iThemes released a 5.8.1 plugin update which fixes the email attachment issue (and nothing else).

@vitskuu

Could you provide a link to the site so we can have a look at it ?

• This reply was modified 7 years, 12 months ago by pronl.
• This reply was modified 7 years, 12 months ago by pronl.

@zielniok

Thank you for pointing that out.
It was just a copy/paste from the readme.txt.
Apparently the link is incorrect in the readme.txt …
More work for iThemes … ??

The only thing that was changed in the 4.8.0 better-wp-security.php file is
the plugin version (4.7.1 -> 4.8.0).

The apply_filters() command it appears to be failing on (line 16) has always been in this file …

The apply_filters() function is a native WordPress function and is defined in the wp-includes/plugin.php file.

Are there no other symptoms on these systems apart from the fatal errors ?

This is probably a bug introduced in the 4.8.0 release which needs
to be fixed in the next release. Even though not mentioned in the 4.8.0 Changelog
there were certainly some changes made to the send Database Backup email code …
For anyone interested in these changes, check this out.

Additionally, according to the FAQ section in the readme.txt:

= Where can I get help if something goes wrong? =
* Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help.

Free support may be available with the help of the community in the www.remarpro.com support forums (Note: this is community-provided support. iThemes does not monitor the www.remarpro.com support forums).

Special attention for the bold piece of text in the quote above …

• This reply was modified 7 years, 12 months ago by pronl.

Try and create a test script like this:

<?php
echo 'Directory ?: '. is_dir( '/var/www/vhosts/system/{domain}/statistics' );
?>

… where {domain} should be substituted with the actual domain name.
Save the script in the /var/www/vhosts/{domain}/httpdocs folder.

Then run the script from your browser and if you get the warning:

PHP Warning: is_dir(): open_basedir restriction in effect.

You simply don’t have access to that folder. So if you can somehow resolve that
I think you should be ok.

@craigheyworth

Nope he is not correct.

… now that ithemes has restricted their free plugin features …

And you are not correct as well. Sad to see another post with incorrect information.
EVERY feature that was in the pre 5.4.0 (UI makeover) release is still available in the current release. Apart from the new UI the only thing iThemes did was add placeholders for the PRO modules to the FREE plugin. PRO modules you were previously probably unaware of…
Instead of being vague ( … definitely others.) please name a feature that is no longer available in the current FREE plugin … You’ll find there isn’t any.

When you post information please make sure it’s correct.
Oh and this may be news for you. There isn’t any security plugin that will prevent your site from being hacked. The biggest security risk is the human factor …

Also its @mpfefferle not @mpfefferie …

@margjordan

Site URL ?

It’s a very long URL …

If enabled disable the Filter Long URL Strings setting in the System Tweaks module and then try again …

There have been 2 fixes and 1 enhancement to the Strong Password Enforcement feature in the latest 5.7.1 release. According to the 5.7.1 Changelog:

Bug Fix: Improved how Strong Password Enforcement works on password resets to improve compatibility with various plugins.
Bug Fix: Improved the logic for determining whether a user should have Strong Password Enforcement applied. This covers situations where the user may have a custom role, a customized default role, or added capabilities beyond their role.
Enhancement: Strong Password Enforcement now uses a PHP port of zxcvbn to ensure that a strong password was selected.

I think it is the enhancement to the Strong Password Enforcement feature that is causing your issue.

As a workaround you could deactivate and then delete the 5.7.1 plugin release. Then reinstall the older 5.7.0 plugin release. Or simply disable the Strong Password Enforcement feature in the 5.7.1 release.

If you are interested in how zxcvbn exactly contributes to stronger passwords read this.

@makumo

Yep, it’s probably not in the permanent whitelist (Global Settings -> Lockout White List).
However there is a second (temporary) whitelist which is maintained automatically when you login as an Administrator. Unfortunately there is nothing in the plugin admin ui that shows this. You’ll need to dig into the database to see it.

According to the 5.4.0 Changelog:

Enhancement: New automatic temp whitelisting of IPs for users that manage iThemes Security settings.

• This reply was modified 8 years ago by pronl.

Click on the Details link of the “Host or User Lockout” entry in the Logs page.

That’s where you’ll find your answer.

@panatapattu

No problem.
Are there any errors in the Apache error_log ?

At this stage I think you are hitting a Windows platform specific bug.
Any chance you can test this issue on a Linux based server ?

@panatapattu

Thank you for providing that info.
Still interested to hear whether you are using a Windows based server (instead of linux).

So are you saying the issue started with the current 5.7.1 release while it has been working fine in release 5.7.0 or older ?

“former version” is a bit vague …