[Plugin: Better WP Security] Upgraded WP to 3.4.2 – Locked out with 403 error

That makes two of us locked out. Don’t push that update button . . . .

Thanks.

That makes three of us locked out. with 404 error message.
I spoke with Godaddy support and they don’t have any fixes.

Please help

blog/wp-admin/upgrade.php?_wp_http_referer=%2Fblog%2Fwp-admin%2F

Hi, I received the same error as well, I have been trying to recover back to 3.4.1 but no luck, even tried to copy and overwrite wp-admin,wp-content and wp-includes along with all other root files. I even have the wp-config.php setup correctly. I do not see the upgrade listed on the Godaddy site which leads me to believe they haven’t finished testing on their end? I am stuck and now contemplating uninstalling wp and saving my database files, then restoring over the new wp installation. I am not allowing my registered users to access the console or even create a new post. Please HELP

Hi all I figured it out. Please download the https://www.ads-software.com/download/ the zip file of wordpress 3.4.2. Extract the files out of the zip to a folder on your computer. Connect to your site via and FTP program. Copy over these FOLDERS: WP-ADMIN, WP-INCLUDES, WP-CONTENT (but not your themes folder or plugins, leave these exactly as you have them now, do not overwrite with the 3.4.2 extracted data) and all the files in the root of the extracted folder for 3.4.2 they are floating files. Let it overwrite what you have already and you will be ok. It worked for me just now!

Mario, thank you so much! I worked for me too; you’re a lifesaver!

That did not work for me.

It worked for me.

Thanks!!!!!!!!!!!!!!!!!!!!!

Glad I could help out ??

San4x make sure you copy all the files over even the “floaters” it should work. if Not move your plugins out via FTP keep the themes only folder.

Couldn’t get it to work on two of my sites; thanks, anyway.

Both sites are still working; but although WordPress “sees” me log in, I get 404 errors when i click on any of the admin links. It appears wordpress no longer wants to go to wp-admin anything.

This is on top of WordPress 3.4.1’s antics, which destroyed the display area for the navigation menu in all of my themes – and in all WordPress themes – and I lost my WSIWYG editor. To mitigate the problem on a third site, I just converted it to Drupal 7. The two sites that had survived 3.4.1’s coding changes have now died, for this administrator, with 3.4.2. The admin bar has been lost and also all access to wp-admin.

Guess I’m alone in my opinion that the last 2 versions weren’t ready for prime time.

Hi

Same thing happened to me and Marios suggestion didn’t work. I’d removed the plugin via FTP but nope.

It was editing the .htaccess which got me back in again, I removed all Better WP Security references (but left the HackRepair section in that blocks bad IPs) and now I’m back in.

Even before this happened it was sending me notifications that it had locked out certain hosts (a lot of the times it was my IP!) and one was a legitimate user who sent me a message via contact form. I wonder where she was going to get so many 404s? So I had to switch the 404 detection thing off in case it was locking out legit users. And now the ultimate lockout! Grrr.

I’ve got a few sites and trying to remember a changed admin is a pain so I figure just changing the db prefix, admin id, and having a strong password should be enough. Get the plugin to remove meta data and stuff and then deactivate it. Or if leaving it in don’t change the admin logins. Just keep regular db backups, that should be enough to keep you secure.

Good luck!

Is a fix coming for this issue, I noticed the same problem, once I clicked update, it just hung on a blank page.

I eventually had to deactivate the plugin in order to update to the latest version of wordpress.

in my case, the fix was to get rid of every .htaccess file, which includes the wp-admin and wp-includes folders. Just renaming them to something like “.htaccess.txt” or “htaccess.txt” are unacceptable. Just delete them.

Sadly, what this means is that it doesn’t appear to be possible to use any .htaccess files we have traditionally used to protect folder access from hackers within the WordPress tree structure on your server. The ONLY htaccess file that appears acceptable is at the root of the WordPress install.

Even so, you may have to change the preferred presentation of permalinks in that .htaccss file at the installation root to keep it from choking your server. You can see what works by looking for “core” files via FTP. An example of a name for such file is: core.12345. These “core” files, if left undeleted, will chew up some serious server space. “Core” files are also accompanied by “error_log.” Delete those, too. (Either that, or contact your server people. It just depends on your level of knowledge.)

Note, too that .htaccess files located in places other than the installation root will also throw off your themes – including WordPress themes 2010 and 2011.

One final note: As www.ads-software.com says, before doing any update/upgrade, do these things FIRST: Back up your database and deactivate ALL plug-ins. Only then should you update/upgrade. You don’t have to, but I also backup my home directory using CPanel.

Mario you have the great solution it was working good.
and Robguyy i think your why look reasonable too so i will try your way in my other site and if it work i will compere between them to see what is the best to do for my others Sites.

Thanks for the solution ??