White screens – Admin and lockouts

I am also getting same errors….with this plugin

many time my site shows white screen… sometime it shows white screen for indefinite time.

I am seeing something similar with version 4.4.6 installed. If I click around around the website, every so often it serves up a blank page with no source code. This is occurring, seemingly randomly, on the front-end as well as administration side. I have not been able to pin down any related errors in the server logs, nor determine any pattern. Unlike the original poster, I am not having any lockout issues.

Lockout hasn’t occurred again for ages so hopefully that’s resolved in 4.4.6.

Still getting those white screens occasionally though.

Hey All,

For the occasional white screens, could you try checking your server logs when this is happening for errors? My guess is you’re temporarily running out of resources when some process is running. You can also ask your host to increase your PHP memory and max execution time and see if that helps.

Thanks,

Gerroald

Hi Gerroald,

Thanks for the response.

I manage my own cloud server and can confirm it’s not resources/PHP errors.

A refresh of the page and then it returns to normal, nothing in any logs at all.

Thanks,

David

Hey Gerroald,

I have VPS with 8GB ram. I have already increased PHP memory and execution time for site for theme to work out properly. When I configured this plugin white screen problem started

I finally received some errors that may be related.

PHP Warning: Cannot modify header information – headers already sent by (output started at ../wp-content/themes/…/header.inc:4) in ../wp-includes/pluggable.php on line 952

PHP Warning: Cannot modify header information – headers already sent by (output started at ../wp-content/themes/…/header.inc:4) in ../wp-content/plugins/better-wp-security/core/class-itsec-lockout.php on line 322

The line referenced is a call to wp-blog-header.php.

However, on another site experiencing this issue the line referenced in the error was the opening <html> tag.

I’m having a similar problem. Installed the plugin yesterday, everything was fine. Could edit everything. Today I try to log in and only gets the menu-items of the backend at the left. The content shows for a split second and is then unavailable. Now I can’t do anything wtih my site. Really need some help!! If it helps to go for a pro version, that also ok with me. I need support.

I’m back in by change the name of .htaccess in the root. But do I still have ithemes protection? At the settings part everything looks the same like yesterday, but my .htaccess has changed, offcourse. It’s now just a standard htaccess as it comes from wordpress.

In the defect htaccess I have the following code: I have changed dirs and url to xxxx, so that isn’t a fault.

# BEGIN iThemes Security
	# BEGIN Hide Backend
			# Rules to hide the dashboard
			RewriteRule ^/xxxx/xxxxxx/?$ /xxxx/wp-login.php [QSA,L]

	# END Hide Backend
	# BEGIN Tweaks
		# Rules to block access to WordPress specific files
		<files .htaccess>
			Order allow,deny
			Deny from all
		</files>
		<files readme.html>
			Order allow,deny
			Deny from all
		</files>
		<files readme.txt>
			Order allow,deny
			Deny from all
		</files>
		<files install.php>
			Order allow,deny
			Deny from all
		</files>
		<files wp-config.php>
			Order allow,deny
			Deny from all
		</files>

		# Rules to disable XML-RPC
		<files xmlrpc.php>
			Order allow,deny
			Deny from all
		</files>

		# Rules to disable directory browsing
		Options -Indexes

		<IfModule mod_rewrite.c>
			RewriteEngine On

			# Rules to protect wp-includes
			RewriteRule ^wp-admin/includes/ - [F]
			RewriteRule !^wp-includes/ - [S=3]
			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
			RewriteRule ^wp-includes/theme-compat/ - [F]

			# Rules to prevent php execution in uploads
			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]

			# Rules to block unneeded HTTP methods
			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
			RewriteRule ^(.*)$ - [F]

			# Rules to block suspicious URIs
			RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
			RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
			RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
			RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
			RewriteCond %{QUERY_STRING} http\:  [NC,OR]
			RewriteCond %{QUERY_STRING} https\:  [NC,OR]
			RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
			RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
			RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
			RewriteCond %{QUERY_STRING} !^loggedout=true
			RewriteCond %{QUERY_STRING} !^action=jetpack-sso
			RewriteCond %{QUERY_STRING} !^action=rp
			RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
			RewriteCond %{HTTP_REFERER} !^https://maps\.googleapis\.com(.*)$
			RewriteRule ^(.*)$ - [F]

			# Rules to block foreign characters in URLs
			RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
			RewriteRule ^(.*)$ - [F]

			# Rules to help reduce spam
			RewriteCond %{REQUEST_METHOD} POST
			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
			RewriteCond %{HTTP_REFERER} !^(.*)xxxxxx.nl.*
			RewriteCond %{HTTP_REFERER} !^https://jetpack\.wordpress\.com/jetpack-comment/ [OR]
			RewriteCond %{HTTP_USER_AGENT} ^$
			RewriteRule ^(.*)$ - [F]
		</IfModule>
	# END Tweaks
# END iThemes Security

Can anyone tell me what I have to change before I put it back? I think it’s important to get the full protection from ithemes to do so.