How to RESET iThemes Security plugin to fix issues

  • As many others, a few of our websites got screwed by iThemes Security “upgrade”. We had login issues where we were redirected to homepage.

    There issue is somewhere in the database, it gets screwed up with an upgrade. I did not have time trying to figure out the problem, that’s for the plugin developers. BUT, I needed to fix sites. So here’s how I fixed my sites by resetting this plugin’s database.

    This is not for the faint of hearts, it requires some technical knowledge to edit your database tables.

    BACKUP DATABASE! BACKUP DATABASE! BACKUP DATABASE!
    Use phpMyAdmin to export your database. See Google for details or
    see this article https://www.techrepublic.com/blog/smb-technologist/import-and-export-databases-using-phpmyadmin/

    INSTRUCTIONS
    1. Through FTP or cPanel file manager, go to /wp-content/plugins/
    2. Rename “better-wp-security” folder to something else like “better-wp-security2”
    3. Plugin is disabled and your admin is back working.
    4. Now, the reset. You need to access your database, ideally through phpMyAdmin interface in your control panel (cPanel).
    5. If you have many websites, locate your correct database for the website you’re working on. You can match database name to the name inside wp-config.php file.
    6. Click database name to select and load it.
    7. On the right side you will see a list of tables.
    NOTE: THIS IS A GOOD TIME TO BACKUP/EXPORT YOUR DATABASE. YOU’VE BEEN WARNED.
    8. Delete tables with “itsec” – see screenshot
    https://i.imgur.com/PHLITDW.png
    9. Go to your “options” table, click it.
    10. Sort by “option_name” by clicking the header, and making sure you got rows sorted A-Z.
    11. Find option_name rows starting with letter I.
    12. Look for “itsec” options. See screenshot.
    https://i.imgur.com/MTqTn4h.png
    13. Select all of them. If you’re at the end of the current page, make sure you delete options and check next page to make sure you get them all.
    14. Once you delete these options. Go back to FTP/File Manager.
    15. Rename folder back to it’s original name “better-wp-security”.
    16. Login to your UNBROKEN website using normal wp-login.php URL.
    17. Go to Plugins and activate this nasty plugin back.
    18. It should be fine, you HAVE TO GO THROUGH SETTINGS AGAIN and set it up to protect your WordPress. We deleted all settings!
    19. Carry on WordPressing.
    20. Still here? Go.

    It fixed our homepage redirect issue, but it may fix other issues as well that you might be experiencing. Please be careful and test.

    ??

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 15 replies - 31 through 45 (of 112 total)
  • Thread Starter Viktor Nagornyy

    (@viktorix)

    Hi akjk,
    yes it will work. We are removing plugin specific entries, but prefix change is a database wide change. Even if you deactivate plugin, it will remain.

    Please make sure you do not change this line in wp-config.php file, since this is how WP identifies database tables:

    /* MySQL database table prefix. */
$table_prefix = 'wp_';

    Important: wp_ is the default prefix, security plugin changes it for security to something random. So whatever you have there now, DON’T TOUCH IT.

    I ran into the same problem this morning, specifically with the hide backend option.

    After reading through and seeing there was a “reset” required, I disabled that option. The setting remained in my .htaccess of course, but with the option disabled (.htaccess unchanged) I was able to login at my hidden URL. Upon enabling that setting once more it works as expected.

    Hope this is helpful. Simple fix for me.

    Viktor, i deleted the DB table as you suggest in the tutorial ( i step by step follow your guide ) , but nothing change even in 4.0.16 :-\ … my opinion on this plugin it’s not the better now .. before the 4.0 it was a good plugin …

    Thanks Viktor. Also from your experience so far, once you delete the database and do a fresh install, will everything work fine or is it only the hide backend feature that works fine?

    Thread Starter Viktor Nagornyy

    (@viktorix)

    In my testing, everything worked after fresh plugin activate.

    I have deleted the DB.

    I have checked htaccess.

    I have checked wp-config file.

    I have done everything step by step – still cannot login after the plugin is reactivated.

    I have newest WP with WooCommerce and now I am also quite angry…

    What DO I HAVE TO DO to log into my admin, as I am still getting “Page Not Found”

    EDIT: Well… It seems that there is no other way but to delete once and for all…

    Thread Starter Viktor Nagornyy

    (@viktorix)

    When you reactivate plugin, what URL gives you “page not found”?
    Are you trying to visit /wp-login.php or /custom-login URL?

    I am trying both and both url give me the same result.

    If I am changing the name of the plugin using my FTP then I am able to log in to the admin panel and play with the plugin. However, THERE IS NO section or place within the “HIDE LOGIN AREA” to change wp-admin.

    OK.. deleting this shitty plugin. Whoever reads this thread – BE WARNED!!!!! it is bugged as hell

    Thread Starter Viktor Nagornyy

    (@viktorix)

    Before reactivating plugin, did you upgrade it to latest version? That’s the only thing I can think of in addition to the above information.

    Lots of additional work, but you could try deactivating other plugins to find out if there’s a conflict with iThemes plugin.

    Yes, I have updated it and I have even done clean install. The result is the same.

    I am not going to disable 20 of other plugins of course as this is not worth my time.

    I am simply disappointed that they launched such a shitty product without, apparently any testing..

    My wpconfig was being forced to HTTPS on deactivating the plugin.

    Took a while to find it – was just changing domain names etc. Got there in the end ??

    Hey Victor,

    Good to see you’re helping so many people with your fix. Also good to see there’s someone who knows how to fix things available to help. There’s too few folks like you…

    “I just renamed the better security folder in wp-contents to something else.”

    “I am changing the name of the plugin using my FTP then I am able to log in to the admin panel and play with the plugin. “

    I’ve seen the steps above recommended several times – renaming the better security folder via FTP.

    I followed that advice 3 days ago, but my WP admin login page does not return as it seems to for others. I can’t access the WP dashboard to deactivate or uninstall anything.

    In my case, I clicked on the “update” button for iThemes Security. I waited for about 20 minutes for the upgrade to finish, but all I saw was the tab saying “connecting”. Eventually, I got a message saying the process was disconnected, although the wired online connection was not disconnected.

    So I decided the update wasn’t working. I then went to the plugins listing and hit “deactivate” for the iThemes Security. There was no warning to not deactivate.

    Once again, the tab title said “connecting” for about 10 full minutes, but it never indicated deactivation was complete. In the midst of these circumstances, everything vanished and I could no longer access the login screen. That’s how it remains.

    I asked my technical resource people to implement your step by step instructions. They’re not that familiar with WordPress, more with hosting. They said they can’t follow your instructions since the admin is not back working as mentioned in step 3. They are clueless how to solve this and suggested I ask about it.

    INSTRUCTIONS
    1. Through FTP or cPanel file manager, go to /wp-content/plugins/
    2. Rename “better-wp-security” folder to something else like “better-wp-security2”
    3. Plugin is disabled and your admin is back working.

    >>>>> your admin is back working. <<< This result is not happening.

    Thanks again, LVV

    Thread Starter Viktor Nagornyy

    (@viktorix)

    Hi LVV,
    Happy to help.

    First, you technically don’t need to rename plugin inside plugins folder to delete database tables and options. Since your tech guys know more about hosting, they shouldn’t have any issues with step 4 – 13 using phpmyadmin interface. See if deleting those works.

    Second, check htaccess file to make sure its only default code:

    # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

    Those are the 2 primary issues I’ve seen people have.

    Unfortunately, though I appreciate having them, the suggestiions here aren’t working for me either.

    I renamed the Better WP Security folder. Still could not get into Admin.
    Then, I deleted everything but the default WordPress stuff in the .htaccess file. I also went into the database and deleted the ithemes tables.

    But still, I cannot get into the site. All I see upon entering my login information is a blank white screen, just as before. I can’t view anything in the admin area.

    Any further suggestions would be really appreciated! Thanks so much.

    Thread Starter Viktor Nagornyy

    (@viktorix)

    quantaweb, is your frontend working fine? only admin returns blank screen?

Viewing 15 replies - 31 through 45 (of 112 total)
  • The topic ‘How to RESET iThemes Security plugin to fix issues’ is closed to new replies.