Russell Cardwell

In my experience, no. I’ve been using WordFence for several years and it does not appear to identify scrapers. You can block them manually if you know their ip addresses. Constantly trying to update your blacklist with addresses that change constantly is takes too much time.

I found it easier to use Blackhole for Bad Bots. It creates a honeypot trap in your robots.txt file. Any crawlers that ignore the robots.txt rules will follow the link and be permanently banned.

It comes with a built-in whitelist for legitamate bots. And you can edit it to allow other bots in. You can also add or remove from the ban list.

Since I’ve been using it, it has trapped many scrapers that routinely got past WordFence. Wordfence does great with general hardenening and security, but alone it isn’t enough.

You guys are both spectacular in resolving this issue overnight. ????

The error message about ImageMagick stopped showing up after a couple of hours. I downloaded a report from phpinfo() for my site that showed ImageMagick to be present and active. Not sure what was causing that error.

But the fatal error of EWWW which conflicts with WPSSO remains. The error only affects the dashboard, which fails completely. The front-end is unaffected.

Updates for both WPSSO and EWWW were posted at about the same time, and it was in the process of updating plugins that the error first occurred.

More than 2 weeks. No response from iThemes. Despite ‘Enable Ban Lists’ being turned off, ithemes continues to write the same bad code to the .htaccess file, taking the site down on a regular basis.

I installed this because a hacker took my site down about a year ago. But the hacker never did as much damage as iThemes Security.

Looking for a more competent security solution.

I dsabled Ban Lists, and that worked for a while. But even with that feature disabled, iThemes Security is still writing ipv6 addresses to the .htaccess file, resulting in 500 errors.

It does not happen multiple times per day now, but it still brings down my site frequently. For the poster above who wants to know what ‘bad code’ looks like, this code crashes the site routinely:

# BEGIN iThemes Security - Do not modify or remove this line
# iThemes Security Config Details: 2
# Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^2001:41d0:2:8ac5:0:0:0:0$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^2001:41d0:2:8ac5:0:0:0:0$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^2001:41d0:2:8ac5:0:0:0:0$" DenyAccess
<IfModule mod_authz_core.c>
	<RequireAll>
		Require all granted
		Require not env DenyAccess
		Require not ip 2001:41d0:2:8ac5:0:0:0:0
	</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
	Order allow,deny
	Deny from env=DenyAccess
	Deny from 2001:41d0:2:8ac5:0:0:0:0
	Allow from all
</IfModule>
# END iThemes Security - Do not modify or remove this line

Like I said previously, writing ipv6 addresses to the .htaccess file crashes the site resulting in 500 errors every time. Turning off ‘Enable Ban Lists’ slows, but does not stop iThemes Security from writing this code. I have to manually edit the .htaccess file to remove it several times a week.

Is the solution to block iThemes Security from writing to the .htaccess file? Wouldn’t that affect a lot of other features?

Or is the solution to delete iThemes Security, since their solution seems to be at least as bad as the problem?

There appears to be no support, and no information on their site or elsewhere that suggessts a solution. Any ideas?

I fixed it by fiddling with the site for several hours.

I suspect that a plugin called Nextgen Gallery Media Library Addon was the culprit. NextGen Gallery has been updated several times and the Media Library Addon has not been updated in a year. It may no longer be compatible. I deleted that plugin.

But I also deleted several inactive plugins, updated everything that offered updates, emptied caches several times, including the caches on CloudFlare and MaxCDN, and reinstalled WordPress except for the wp-content folder.

I had to rename the Photocrati theme folder numerous times to hid and unhide it and figured out a number of backdoor methods to access the guts of the site when the normal ways don’t work.

Ultimately, I’m rather glad i did not have any “instant gratification” help. It took several hours of rooting around under the hood, but that’s the way I’ve learned most everything I know about everything, really. If there’s not a marked trail, make one.