How to RESET iThemes Security plugin to fix issues

Hi Viktor,
Yes, the front end is OK. But I can’t get to anything in admin, past the login screen.

Hmm hard to say. Few options I would do:

1. check your /wp-admin/ folder for htaccess file, delete if there.
2. i would enable debugging to check error logs to see if you can pinpoint the problem using error codes.
https://codex.www.ads-software.com/Debugging_in_WordPress
3. check you folder and file permissions just in case.

Last resort would be disabling plugins to see if there’s a conflict of some sort.

Hi Viktor,

Thanks for your help! There was an .htaccess file in the /wp-admin/ folder, and I deleted it. No joy…

There was nothing about debugging in the config file. So after reading the page you recommended, I added it. But there is no error log shown in the blog’s directory; is there somewhere else I should be looking?

Everything is now set to 644 permissions. Is that as it should be?

I disabled all the plugins except for the contact form and the backup plugin, Updraft Plus.

But now, on the login screen I have a long list of errors! But I don’t know what went wrong.

Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.) in /home/katiepfe/public_html/blog/wp-includes/functions.php on line 3049

Notice: add_custom_background is deprecated since version 3.4! Use add_theme_support( ‘custom-background’, $args ) instead. in /home/katiepfe/public_html/blog/wp-includes/functions.php on line 2908

Warning: Cannot modify header information – headers already sent by (output started at /home/katiepfe/public_html/blog/wp-includes/functions.php:3049) in /home/katiepfe/public_html/blog/wp-login.php on line 415

Warning: Cannot modify header information – headers already sent by (output started at /home/katiepfe/public_html/blog/wp-includes/functions.php:3049) in /home/katiepfe/public_html/blog/wp-login.php on line 427

So, everything is worse than before and I’m not sure how that happened.

Is it possible to reinstall WordPress on a working website, and do you think that would help? Or, can I hire you to look at it?

I didn’t build this website but it belongs to one of my web hosting clients and I am desperate to get it fixed.

Thanks again.
all best,
Denise

I forgot to add, this is what I added to the wp-config file:

define(‘WP_DEBUG’, true);
define(‘WP_DEBUG_LOG’, true);

I hope that’s correct? But maybe it’s what’s causing the new errors?

The errors are now showing up on the front end, too…

It looks more scary than it is. When you enable it, the errors are displayed. So do add this in addition to stop them from showing:

define('WP_DEBUG_DISPLAY', false);

If you have a backup of your WP, since you had a backup plugin, than it might be best to recover from a previous backup before it was broken. That would be your best bet.

As for permissions, recommended is 755 for folders and 644 for files.
https://codex.www.ads-software.com/Changing_File_Permissions

debug.log file will be inside wp-content folder. Use above line of code, you simply turn off errors from screen and put them into this log file.

Hi Viktor,

Thanks so much! I turned off the debug display. Whew! ??

Thanks for telling me where to find the debug log. It says much the same thing as what was on the page, though I’m not sure how to interpret that.

My folders are 755 and files are 644 so that’s OK.

I could restore an old backup, but would need to figure out how to do it without having access to the backup plugin in Admin…but somehow it must be possible. I’ll investigate.

Thanks again!
all best,
Denise

Did the error occur during upgrade of this plugin?
Somestimes blank screen can be caused by errors in the functions.php file, but you would have to edit that to make that error/mistake.

I didn’t mention this, but did you check your wp-config for any extra lines of code that don’t belong there?

Hi Viktor,

Yes, it happened immediately after upgrading the plugin. I didn’t do anything else, and didn’t edit functions.php

I don’t think there’s anything in wp-config that doesn’t belong there. Oddly, there actually seems to be less there than other WordPress sites usually have. (But her WP installation & theme are several years old but WP has been regularly updated). Wp-config hasn’t been edited at all (except to add the debugging lines).

Puzzling…

Following up on my post @ post link I want to share the final resolve.

We have a network with a few hundred sites and it was a headache dealing with this issue at first. Then I was able to proceed with admin after applying the resolve mentioned in my original post. However an hour or so later I returned to find support inquiry regarding clients unable to login (we have a no-index login link on all our sites hidden bottom right corner of screen for clients). Sure enough it wasn’t working, again.

Anyway, I went ahead and looked through my .htaccess and the iThemes settings, made sure the hide backend login was disabled and noticed we had some new updates. One such update was for iThemes.

After I updated to the latest release (at the time 4.0.16), then re-enabled the backend option, it worked as expected.

I just updated to 4.0.19 and all is good.

I’m posting this to be helpful to anyone who might experience similar issues as discussed here. It may not be a hassle at all to resolve a problem you may be having. I’ve read several comments about dropping iThemes security plugin due to related problems. iThemes has a great product free of charge and works exceptionally well IMO. It’s worth taking a moment and troubleshooting the basics like what I’ve outlined and moving onto the more advanced stuff mentioned here as well.

My $0.2

Hi, I had a similar problem with a client’s site. After being warned about the ithemes upgrade locking users out, they deactivated the plugin. The result of this was not being able to login. The login url in the browser changed to https://urladr. The following code was put into wp-config.php

define( ‘FORCE_SSL_LOGIN’, true );
define( ‘FORCE_SSL_ADMIN’, true );
define( ‘DISALLOW_FILE_EDIT’, true );

Deleting or commenting out this code solved the problem.

Cheers

Hi, Viktor.
Thanks for your post, but it does not work for me sadly. I guess that is why I did two things wrong before I found your article.

1. I deleted better-wp-security plugin via FTP when the issue was happened.
2. Rename-wp-login was installed/activated on my website.

So I still can not access my admin account even thought I followed your instruction. Do you have any idea about this issue?
What if I create new database and move my website to there? Do you think that would work?

Hi Viktor,

I did everything you suggested and now I am able to log in. Thanks for that.

Since I don’t trust this plugin anymore, do you know the best way to uninstall it and leave wordpress as before the installation?

From your step by step instructions here:
https://www.ads-software.com/support/topic/how-to-reset-ithemes-security-plugin-to-fix-issues?replies=34

“3. Plugin is disabled and your admin is back working.
4. Now, the reset. You need to access your database, ideally through phpMyAdmin interface in your control panel (cPanel).”

“Since your tech guys know more about hosting, they shouldn’t have any issues with step 4 – 13 using phpmyadmin interface. “

Feedback from tech people is how do they perform step 4 if the admin is not back working?

Good to see some people are getting their websites back. Following this discussion, however, producing tons of anxiety. Seems the risk of making mistakes very high.

If your advice is “you have the wrong tech people” – since they’re web tech people, not WordPress tech people, then do I need to start paying unknown fees to get this fixed?

If that’s true, seems it might just be better – and quicker – to just rebuild from scratch. I can imagine all the qualified people who can help with this have all already been hired and are as busy as can be.

For me, at this point, this website is totally lost.

I’ve already invested thousands of dollars and hundreds of hours. It was at the very last testing stages before being published. This couldn’t have happened at a worse time.

Reminds me of Wall Street where everyone gets screwed but the fat cats. Another shining example of how the latest technology improves our lives, right?

Victor, is it safe to assume you’re not on staff with iThemes? If so, to your knowledge, is anyone at iThemes helping as much as you are? And if not, why not? Thanks again. LVV

LearningViaVideo,

Have you checked your wp-config.php file for:

define( ‘FORCE_SSL_LOGIN’, true );
define( ‘FORCE_SSL_ADMIN’, true );
define( ‘DISALLOW_FILE_EDIT’, true );

If you find them – remove the lines and resave.

You can edit wp-config.php via FTP or your cPanel account, it is usually in the folder containing the WP install, but may be one directory level up.

gawakamy, as I understood, you have another plugin installed that renames wp-login. Unfortunately, I don’t know what that plugin does. It’s possible that can be causing issues too. Moving to a new database might not fix the issue, if its a database issue.
—
maikelekiam, once you delete database entries, make sure wp-config and htaccess files do not have anything extra, you can delete “better-wp-security” folder and that should be complete uninstallation.
—
LVV, you’re correct – I neither work nor affiliated with iThemes – besides being a customer. At ProjectArmy, we work with small business owners to take this exact headache out of running a business. Let’s face it, operational website is a profitable website. I decided to provide basic support after dealing with this issue on all of our clients’ websites, and realized that people like you will be royally screwed with this version of the plugin.

Unfortunately, I can only speculate why iThemes team did not offer much support on this forum – and I prefer not to speculate. Official support will come from someone who is listed as an author of this plugin, hence they will have green label indicating that it is an official response.

Next, your tech guys are lacking basic hosting knowledge if they are asking about step 4. Step 4 has nothing to do with WP. You have to use your control panel (possibly cPanel) to access phpMyAdmin. You might have some different hosting than common cPanel hosting. In that case, they need to access your WordPress database through your specific control panel, or remotely using something like HeidiSQL app. Zero WP knowledge is required to perform this step. This step is exactly what makes it possible to fix this issue when you DO NOT have access to your WP. I hope that makes sense. Note, my instructions contain this bit:

BACKUP DATABASE! BACKUP DATABASE! BACKUP DATABASE!
Use phpMyAdmin to export your database. See Google for details or
see this article https://www.techrepublic.com/blog/smb-technologist/import-and-export-databases-using-phpmyadmin/

That is how you use phpMyAdmin. If they can do that, they can do step 4.

Your hosting provider can even help you get to that area. If you can tell me who your hosting provider is, I can tell you how to get to your database – in most cases.