PureWeb

Forum Replies Created

Viewing 5 replies - 1 through 5 (of 5 total)

  • I have the same issue, very annoying – My site seems to attract lots of hackers and I’m anxious to get the live traffic running again! Please look at the date-time reporting as it’s broken right now . . .

    So you’re saying when iThemes Security blocks itself from writing to the .htaccess file? I have the allow iThemes function checked, yet when I select “Enable ban users” function, added 100 or so IP addresses and hit save changes – NONE of those IP addresses are entered into the .Htaccess file. and if I navigate away from the settings page and then back, the “Enable Ban Users” checkbox is unchecked on it’s own.

    Developer – You do realize this issue is about a broken part of your plugin, right? this used to work just fine back when it was BWPS . . . .

    Are you going to fix these issues? iThemes Security is either NOT allowing itself to write to the ..htaccess file, or the Ban users function is broken, or both.

    The “Enable HackRepair.com’s blacklist feature” seems to be able to write to the .htaccess file – it’s not supposed to be either “Enable HackRepair.com’s blacklist feature” OR “Enable ban users” – is it? they should both be able to be checked, and both should write to the .htaccess file, right?

    Some help is needed to fix your plugin . . . please.

    Thread Starter PureWeb

    (@pureweb)

    No Reply to this issue. Today I did a wipe on my site, fresh install of wordpress, updated WP to current version, added WordFence, Akismet and Itheme security. Again got Akismet activated and then put the settings into iTheme Security. Again when I changed the wp-content folder name using the advanced settings checkbox and saved changes – now EVERY attempt to navigate ANYWHERE on the iThemes Scurity Dashboard only gets me the “You do not have permission to access …” period. Even tried logging out, only to find I can’t get the login page to show up! I can use my browsers back button to get back to the settings page, but can not navigate to any other itheme page. If I go to the site Dashboard – then under plugins I find the message “you don’t have any plugins installed”! PLEASE _ DEVELOPER _ HELP WITH THIS ISSUE – YOUR PLUGGIN BREAKS A NEW INSTALLED WEBSITE! WHY? and WHY no answer for a month now?

    Basically, because iTS does not lock the .htaccess or wp-config.php files and currently leaves them open for the public to view – even when the “protect core files” option is checked.

    I thought this section inside the iThemes Security section of the .htaccess protects those files. Is that incorrect, and the public can get around these rules in the .htaccess file?

    # BEGIN Tweaks
    # Rules to block access to WordPress specific files
    <files .htaccess>
    Order allow,deny
    Deny from all
    </files>
    <files readme.html>
    Order allow,deny
    Deny from all
    </files>
    <files readme.txt>
    Order allow,deny
    Deny from all
    </files>
    <files install.php>
    Order allow,deny
    Deny from all
    </files>
    <files wp-config.php>
    Order allow,deny
    Deny from all
    </files>

    # Rules to disable XML-RPC
    <files xmlrpc.php>
    Order allow,deny
    Deny from all
    </files>

    # Rules to disable directory browsing
    Options -Indexes

    <IfModule mod_rewrite.c>
    ………………
    ……………” etc.

    I’ve also seen this today. I have five domains set up the same, and decided to change some of the settings (SAME changes for each of the domains) after updating the iThemes Security plugin on all of them.

    All changes went fine on three of the five domains, but one of the domains kept giving the same message others are seeing “Unable to write to your .htaccess or nginx.conf file” and would not make the changes I selected. After trying to make them 5 or 6 times, the message stopped appearing, and the changes finally “took”!

    I made one more change after that, and I now have these messages displaying on my iThemes Security “Settings” page at the top:

    Unable to release a lock on your .htaccess or nginx.conf file. If the problem persists contact support.

    Unable to release a lock on your wp-config.php file. If the problem persists contact support.

    even though the changes WERE made!

    On the fifth domain, the first time I tried to make a change of the setting “Disable PHP in Uploads” (to true) I got “Are you sure you want to do this?” and the change was NOT made – I tried changing it again and it “Took” on my second attempt – Very Strange Behavior on both the domains that were acting like the plugin didn’t want to let me make changes – and then let me after repeated attempts and without ANY other changes in between attempts!

    So (even though I have checked the box labeled:
    Allow iThemes Security to write to wp-config.php and .htaccess.)-

    Where there used to be a list of rewrite rules on my dashboard for each of these domains (before the change/update from BWPS to iThemes Security), there is now only the notices:

    Rewrite Rules
    There are no rules to write.

    wp-config.php Rewrite Rules
    There are no rules to write.

    which makes no sense – since there ARE still rewrite rules listed in the .htaccess file and a whole section that starts with “Begin iThemes Security” and includes a section “#Begin Hide Backend” with a rule to change the login slug- which is followed by “#End Hide Backend” but not the other hide backend rule BWPS had to hide the wp-admin folder . . .?

    I suspect this omission has to do with compatability – for other plugins that need access to the wp-admin folder – but aren’t those hackers out there adept at hacking thru the wp-admin to gain access to our sites?

Viewing 5 replies - 1 through 5 (of 5 total)