Jonah1968
Forum Replies Created
-
Update.
Just when I thought it couldn’t get any worse.
I have a primary domain hosted with Bluehost. This is just one of the domains that encountered issues with this plugin when it wouldn’t recognise my username and password and locked me out.
The issue was temporarily resolved by Bluehost who deactivated the plugin allowing me to gain access to the site.
I didn’t reactivate it.
Other issues with the plugin on sites hosted at Hostgator have caused multiple lockouts and 403 errors. Again, temporarily resolved by Hostgator.
Both hosting providers pointed at the plugin as being the issue and it overloading or changing the .htaccess files and causing issues.
No response here so far that is anywhere near a resolution.
How many functions do I need to turn off before this plugin works without causing issues?
Today I added a further domain through Bluehost via the addon domain function.
Then attempted to install wordpress onto that domain but it wouldn’t install. It gave an error message stating that there was issues with my .htaccess file and recognition of the URL.
Bluehost looked at it, gained me access that enabled me to install wordpress and stated that the .htaccess file was overloaded by security information. Tech support had to rename and create another .htaccess file to get access then advised not to use this plugin due to the data it stores and the changes it makes.
My primary domain on Bluehost was the only domain on Bluehost until today. It is thin and clean, doesn’t even have a theme installed yet, has two plugins (Akismet and Yoast SEO) and a coming soon page yet my .htaccess file was overloaded and causing all sorts of issues.
Also getting sick and tired of the messages from wmt of failed crawl attempts also. I can only assume that this is due to the Fake Googlebot setting also not be able to recognise the real Googlebot. Yet to be resolved.
All in all, not a great few weeks and hence tomorrow I will start the process of clearing this plugin from multiple sites and getting all .htaccess file cleaned up or replaced.
Given that my original post asked for any known issues and having not had a suitable response, I am left to assume that there are indeed issues with his plugin.
I would suggest that this plugin comes with some clear warnings and is unsuitable for anyone who is new or who is looking for a security solution that doesn’t actually create more issues that it is supposed to resolve.
I appreciate your response but it doesn’t clarify or relate to any of the settings that i have in place for the Firewall. Are these right/wrong?
A the moment i have issues with multiple sites that stop once this plugin is deactivated. This is a little concerning given that every site is in its infancy, clean with no content and a few basic plugins activated. I want to avoid any further issues once these sites are actually up and running. Hence trying to iron out these issues.
Perhaps this plugin isn’t the one for me or for those who are not techy enough. I have yet to determine this through the support avaiable.
I’m not sure about your other issues,
That is a little annoying. Lockouts and not recognising the username or password is clearly an issue and looking like it is caused somehow by the plugin.
Hosting providers stated that the plugin was overloading the .htaccess file with data. Surely you can determine a better solution from that?
I recommend that you try testing to see if any of the firewall rules are causing this by disabling each one and testing each time to see which is causing this. If/When you find the rule causing the 403, just leave that one disabled.
All well and good for a single site but time consuming and none productive for multiple sites, particularly for none techies who really upon the simplicity of a plugin to the job.
Re the issue i raised with the crawling and the robots.txt. Can you clarify if this setting ‘Block fake Googlebots’ can positively identify the real Googlebot? The guidance and instructions on the page for this setting are a little ambiguous as the wording is confusing. I am getting repeated messages from Google WMT that they cant crawl. Yet turning off that function allows them to crawl…..but now potentially also allows fake bots to do the same. Seems to be a pointless function if that is the case.
Hi wpSolutions
I have 3 sites that have been affected with something over the last 2 days. These site are new with no content and few plugins. Just a coming soon page.
The plugin was stable for weeks but I can’t be sure but the only major change that I made for these sites was to go through the process of adding and verifying these with Google Analytics and Bing. Obviously adding the Analytics tracking code to the coming soon page etc. Would/could this have any bearing on the lockout issues I faced?
I subsequently issues accessing the site in one way or another. Either not recognising the username or password created, despite not having any issues with these usernames or passwords previously or returning a 403 Forbidden error before even getting to the admin login page.
I use two different Hosting services and each of these was required to deactivate the plugin and gain me access via the traditional wp-admin route.
Both stated that the plugin was the issue and one stated that it was overloading the .htaccess file with data?
To answer your question on what settings where in place for the Firewall and Brute Force, here they are.
Under the Firewall Tab in the dashboard I have the following settings:-
Basic Firewall Rules – All options are checked
Additional Firewall Protection – Trace and Track and Proxy Comment are checked
5G Blacklist Firewall Rules – This is checked
Internet Bots – This is checked (Could this be blocking the Googlebot and explain the ‘Robot.txt errors I am getting?)
Prevent Hotlinks – This is checked
404 Detection – This is checked
Custom Rules – Nothing placed here
Under the Brute Force Tab in the dashboard I have the following settings:-
Rename login Page – I used this originally but this was automatically reconfigured when I selected the Cookie Based Function.
Cookie Based Brute Force Prevention – This is checked and a secret word used that changes the admin login url
Login Captcha – All options are checked
Login Whitelist – Not used and left blank
Honey Pot – This option is checked
What would be your suggestion because I would like to keep this plugin.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Constant Lockdown EventsThanks, will enable the Pingback function too.
Resolved
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Constant Lockdown EventsHi, thanks for the prompt response.
Under the ‘Brute Force’ heading I had enabled;-
Renamed Login Page Settings
Login Captcha
Honey PotI had not enabled the ‘Cookie Based Brute Force Function’ because I had already enabled the ‘Rename Login Page’ function.
I have now enabled the ‘Cookie Based Brute Force Function’ which has automatically disabled the ‘Rename Login Page’ function.
Seems that the ‘Rename Login Page’ function is a redundant function given that it didn’t do what it was supposed to do given that whoever was attempting to login was able to access the wp-login page regardless of me renaming that page.
Forum: Plugins
In reply to: [HMS Testimonials] Duplicating testimonials & date settingsHi Jeff,
You are quick, thanks again. Yep it helps.
Re the “a. [hms_testimonials] – This will insert the testimonials on your page without rotation.
b. [hms_testimonials_rotating] – Same as the widget you are using but used on a page or post”……..I will get onto that. thanksRe the date format:- I have sorted this but to explain in a little more detail where my confusion was.
Dashboard > Testimonials > Settings > 6. Date Format > I changed this to d/m/y > Save
Add New > I then Input client name/written testimonial etc >
Then, for example, I wanted to input the date required as being 29th January 2014 = 29/01/2014 UK.
However, when I use the *pop up calendar to do that it fills the box below with 01/29/2014 USA format*
Yet the correct date format does show (d/m/y) on the actual testimonial.
It is the *area* above with the calendar box that caused me the confusion.
Although it is clear to me now, I suppose what I was asking was for you to simplify that area so that as soon as the format is changed at ‘6. Date Format’, then the calendar is automatically reconfigured too.
Cheers Jeff. Give me a diesel engine and hydraulics and I’m your man but give me anything to do with websites and code etc then I’m a fish outa water………….but learning every day.
Thanks again.
Jonah