Matthew

@ate-up-with-motor Keep your eyes open for future updates; I think you will enjoy one particular release.

Glad to hear, Mike. Thanks for the update.

Hey there Mike,

You can temporarily add the below WordPress constant to the wp-config.php file with FTP access to help you get logged in.

define( 'ITSEC_DISABLE_MODULES', true );

By the context, it sounds like a bug with the Passwordless Login module. Once you are logged in try the below:

Try changing the Passwordless Login Flow from Method First to Username First, saving, and then switching back.

After saving this, remove the above WordPress constant, clear your browser cache and see if that helped.

I use both the free and pro version of iThemes Security and have not seen any issues with WP core version 5.9, albeit I’m more of a WordPress supporter than a site owner but dabble in the latter.

If the site is customized I would recommend restoring the site to https://localwp.com/ to see if you run into any issue.

Hope this helps!

That’s pretty curious. What error message or error code are you seeing when attempting to exclude the path?

What are the most recent changes?

@barnabas1 I think the solution would be to use Application Passwords but this is something that I haven’t used myself.

Let me know if you give this a try and how it works for y’all.

Hello @evilgazz,

Could you try re-installing the iThemes Security plugin to see if that resolves the Default Recipients[user_list] must contain at least 1 item issue?

Sorry for the delay in getting back to you.

Hmmm, I’m a user of both iThemes Security Free and iThemes Security Pro and don’t know a way to do this.

Are you getting a specific error message or error code?

First things, first, make sure you enable WordPress Debugging.

The below defines would need to be added to the wp-config.php file above /* That's all, stop editing! Happy publishing. */. An (s)FTP client or File Manager of some sort would be needed to edit the wp-config.php file. If you are unsure where to find these you will need to contact the hosting provider or look through their documentation.

define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );

The WordPress debug.log can be found in the /wp-content directory. You can find out more about WordPress debugging and logging with the official WordPress Org Codex. https://codex.www.ads-software.com/WP_DEBUG

You can also include define( 'WP_DEBUG_DISPLAY', false ); to keep errors and warnings from disabling on the front-end of the site.

The next thing you would want to do is check the site/server PHP error logs. If you are unsure where to find these, do not hesitate to contact the host or review their documentation.

Have you tried reverting any recent changes that had been made?

Could you provide further information on what you are wanting to exclude it from?

More than likely you’ll need to review the iThemes Security Logging settings over in Security > Settings > Configure > Global Settings.

The directory you’ve mentioned is for Backups, Logging and MaxMind.

If it is the logging, I have my retention limit set to 8 days and I use both database and file logging; but your retention limit desire may be different.

Let me know if this helps!

It looks like the site is being hosted on SiteGround. I’m pretty sure they have a must-use caching plugin.

The below link may help you find/work with it https://www.siteground.com/tutorials/wordpress/sg-optimizer/

Beyond performing the previously mentioned WordPress troubleshooting I would suggest to you to reach out to the hosting provider for help in troubleshooting the 504 server-side. They should be able to help identify the cause of the 504.

Good luck!

As the previous poster mentioned you can disable the plugin via FTP by locating the plugin within /wp-content/plugins/ and renaming it. You can check the below article for further help or reach out to the hosting provider.

https://www.ads-software.com/support/article/faq-troubleshooting/#how-to-deactivate-all-plugins-when-not-able-to-access-the-administrative-menus

That’s a command-line tool that should be able to be used in pretty much any terminal.
https://www.geeksforgeeks.org/curl-command-in-linux-with-examples/

-s, --silent
              Silent or quiet mode. Don't show progress meter or error messages.  Makes Curl mute. It will still output the data you ask for, potentially even to the terminal/stdout unless you redirect it.

-I, --head
              (HTTP FTP FILE) Fetch the headers only!

-L, --location
              (HTTP) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code), this option will make curl redo the request on the new place. If used
              together with -i, --include or -I, --head, headers from all requested pages will be shown.