Fixing Better WP Security Lockouts

WordPress LogoI’ve noticed a trend lately. Nearly every support request I receive for any of the software I develop involves someone getting locked out of their website after installing Better WP Security. As such, to date we have managed to fix every issue which typically result from a host lockout due to too many 404 errors being hit in the “intrusion detection” part of the plugin. Here’s how to fix it:

Confirm the lockout is due to “intrusion detection”

First we need to make sure that intrusion detection really is causing the problem and not something else. Open up your database and find the table xxxxxx_BWPS_lockouts (where xxxxxx is your table prefix). In this table look for your IP address. If it is there this is probably the problem.

Clear the lockout

Delete the record with your IP address from the xxxxxx_BWPS_lockouts table and see if you have access to your site again. Note that in some cases you may be receiving so many 404 errors that you may immediately be locked out again. If this is the case check again for your IP address and move on to the next step.

Find out what is causing the 404 errors and fix each error

Open the table xxxxxx_BWPS_d404. In this table find the entries with your IP address (probably near the bottom of the file) and see what files they are pointing to. Each line represents a file that your site is pointing to (not within Better WP Security) but  does not actually exist. You will need to manually fix these errors 1 by 1 to prevent lockouts from reoccurring.

Once you fix the errors you should no longer have any problems accessing your site and you’ll have the added benefit of having fixed them for Google and other search engines which may penalize you for too many errors.

About Chris Wiegman

Chris is a developer for iThemes where he works on the iThemes Security and iThemes Security Pro WordPress plugins. In past roles he has served as a teacher, blogger, manager and even an airline captain. He resides in Austin, TX with his wife Joy and their four-legged children.

Find Chris on Facebook, , LinkedIn, and Twitter.

Comments

  1. hi,
    i installed bwps 2.5 ten days ago and it worked well. but i can not log into my blog from yesterday evening, it redirects to the 404 page. i logged in yesterday afternoon and i changed nothing during this period.
    i just checked the database according to your post. the results of lockouts and d404 are empty.
    so whats the problem?
    thanks.

  2. I installed Better WP Security 2.18. After a few changed settings within the plugin, my site shows only a blank page. It is also not possible to login. I deleted the plugin via FTP, but there’s still a blank page. What to do?

  3. The same with Tina happened to me. When I write
    mysite.gr/wp-admin it rewrites the URL to
    mysite.gr/?redirect_to=http%3A%2F%2Fmysitei.gr%2Fwp-admin%2F&reauth=1

  4. I changed the wp prefix and now for some reason I cannot log-in to my site!
    Any idea what I can try to get the problem resolved?

  5. Hi Chris,

    The problem wasn’t with the plugin. My password manager was playing up.

    Sorry to inconvenience you. Everything is working fine now.
    Nice plug-in!!

    Thanks

    Terry

  6. My own IP ADDRESS is blocked. I can’t change .htacess file because, I am banned. I tried these instructions but they did not work. Is there any way to unblock myself without accessing .htaccess?
    Helen

  7. Hi
    I changed my wp-content folder name with this plugin

    but I want to change it again to wp-content because my new theme doesn’t work
    with it

    how can I do that ?
    tnx

Comments are closed.