dwinden

@jeffhaleword

According to the iTSec plugin 5.6.1 Changelog:

Compatibility Fix: Changed name of the $HTTP_RAW_POST_DATA variable to avoid erroneously tripping PHP 7 compatibility checks.

Also the better-wp-security/core/content/system.php file does no longer exist.

It appears like you have not updated to the latest iTSec plugin release ??
Which release are you currently using ?

dwinden

@stencek

I didn’t say updating will help solve the 404s issue ??

But in general there is no point in trying to solve an issue in ancient software.
Update first then worry about the issue(s) if its still there.

But at least we now know that after updating (another site) the 404s issue is still
there.

Have a look at the iTSec plugin Logs page. Select “404 Errors Found” and then click on the value displayed in the Location (first) column. Perhaps the info in the Referrer field helps.

dwinden

@stencek

That website seems to be using the iTSec plugin 4.4.23 version which was released on the 6th of Nov 2014.

And the WordPress release is 3.4.2 ? Seriously that’s like ancient …

If true you’ve got bigger problems to worry about.

Note because of the ancient WordPress release used, there are probably NO iTSec plugin updates automatically being offered. The current iTSec plugin release is 5.6.1
It requires WordPress 4.1 or higher.

U P D A T E WordPress ASAP !

dwinden

@jannnnnneke

I didn’t make any changes yesterday to my site. I only updated some plugins and I think also WordPress.

So you made some changes … ??

6 of the 7 files listed are included in the latest WordPress release (4.6.1) List of Files Revised.
WordPress 4.6.1 was released on 7 Sept.

The missing entry (wp-content/wflogs/config.php) seems to belong to the WordFence plugin which was last updated 2 weeks ago.

So looks like your file changes can easily be explained …

dwinden

@forallatlantis

It’s valid html.
Is it causing any problems ?

Anyway this is not an iTSec plugin issue.
The link is hardcoded in the theme.
If you want to get rid of it remove it from the header.php file of the active theme.

dwinden

@marties

Go test before posting.

That said you will probably need some insiders info on WordPress Nicknames to get it right.

Stay safe and have a good day ??

dwinden

@marties

There are different ways to deal with user enumeration.
The iTSec plugin does not totally disable user enumeration.

But it does provide 2 options in the WordPress Tweaks module which
are related to user enumeration:

• Force Unique Nickname
• Disable Extra User Archives

dwinden

@themadguru

Trello is where iThemes has parked their public roadmap for the iThemes Security Pro plugin.
The Security page on iThemes’s website includes a link to the public roadmap on Trello.
(Scroll down to the More Pro Features Coming Soon section).
Trello is used for tracking feature requests and allows you to upvote existing requests (including yours).

Furthermore according to the FAQ section in the iTSec plugin readme.txt file:

= Where can I get help if something goes wrong? =
* Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help.

Free support may be available with the help of the community in the www.ads-software.com support forums (Note: this is community-provided support. iThemes does not monitor the www.ads-software.com support forums).

Note on the “iThemes does not monitor the www.ads-software.com support forums” part:
This is not entirely true. iThemes occasionally responds to topics but barely follows up.
Mostly when a new version is released and people report issues they will respond.
Otherwise their presence in this forum is minimal to non existant.

dwinden

@themadguru

Upvote this feature request on Trello.

dwinden

That’s a totally different issue with a root cause which is specific for your env.

dwinden

@mat_

How does such an email exactly look like ?

What web server is your site using ?

Is the site behind a proxy ?

Without additional info it’s going to be difficult to help you.

dwinden

• This reply was modified 8 years, 2 months ago by dwinden.

@gorhorbatov

According to the 5.5.0 Changelog:

Enhancement: The WordPress Tweaks feature now uses the “Disable File Editor” setting by default on new installations.

“Disable File Editor” setting is located here:

Безопасность > Настройки > Подстройки WordPress > Редактор файлов

dwinden

@josé

Disable the Database Backups module.

dwinden

@ivanomio & @josé

Check your web server error_log for any errors.

Oh and what web server and what version of that web server are you using ?

dwinden

@dcoplan

Wicked video ??

Looks like there is something in your .htaccess file that is blocking your new-login-slug (which by the way is one of the most creative ones I’ve seen so far).

So we can try and figure out the blocking rule in the .htaccess file or use a backdoor (or do both).

dwinden