Also getting this problem.
I fixed the lock out, by deleting the bullet proof security plugins .htaccess file, then deleting in uploads the ithemes security plugin, then have to reconfigure everything again in the .htaccess file
worked for a few hours then back again. also tried increasing php memory in wp-config and php.ini but this did not help.
I’m getting the same problem on a multisite set-up, so every time it brings down the whole network. Not very happy. And it’s not the first time either
I’ve spent a couple of hours trying to get to the bottom of the problem, but no luck
@anybody
Generally there is an error reported in the web server error_log that helps in determining what is causing the internal server error 500.
dwinden
ok all i can figure from the error_log is that this plugin is causing the error
@obertscloud
Please post the content of your .htaccess file while having this problem.
And also let us know what Apache web server version you are using.
dwinden
I no longer have the .htaccess content that caused the error, but by a process of elimination, I narrowed it down to banning ip addresses in the hack repair section.
I have now stopped ithemes security from updating my htaccess file
@jfheath
It would be interesting to know what Apache web server version you are using.
Do you remember whether you had IP addresses listed as banned in IPv4 and\or IPv6 format ?
IPv4 = xxx.xxx.xxx.xxx(/xx)
IPv6 = xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx(/xxx)
Anything between () is optional.
If your issue is solely caused by the IP addresses listed in the Ban Hosts setting you can prevent any IP address being added automatically to this setting by disabling the Blacklist Repeat Offender setting in the Global Settings section.
This would also allow you to enable the Write to Files setting again without a chance of the issue reoccurring.
There seems to be another topic where iThemes is investigating this issue.
dwinden
Server version: Apache/2.2.15 (Unix).
I can’t recall seeing the IP address entries in the htaccess files, but in the settings they appeared to be normal
@jfheath
Where normal = IPv4 ?
For every ip address listed in the Ban Users setting the following lines are normally added to the .htaccess file:
# Ban Hosts - Security > Settings > Banned Users
SetEnvIF REMOTE_ADDR "^196\.163\.172\.21$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^196\.163\.172\.21$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^196\.163\.172\.21$" DenyAccess
<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not env DenyAccess
Require not ip 196.163.172.21
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
Deny from env=DenyAccess
Deny from 196.163.172.21
</IfModule>
The above example is an IPv4 address example which I expect to work just fine. However it seems there is an issue with IPv6 support in combination with Apache 2.2.x
IPv6 support was added to the plugin in the latest 5.3.0 release. So if your issue started after updating from 5.2.1 to 5.3.0 there is a good chance the IPv6 support is causing you trouble.
Unfortunately there is not much info in the other topic as iThemes decided to switch to email communication while investigating this issue …
dwinden
hmm now 500 server errors happening on all my wordpress sites with this plugin, once disabled it goes away.. i use 1and1 as host, and everything is up to date
