9 Comments


  1. Yeah I would have left out “PURCHASE SUPPORT BY BUYING ITHEMES SECURITY PRO”
    Not that they intentionally broke it to get people to buy pro support but if I didn’t know and trust iThemes that would leave a bad taste in my mouth. Someone not familiar with them may start going all tinfoil-hat on them.

    As someone who pays for a number of ithemes products (backupbuddy, stash etc) I’m fairly confident they’ll have this taken care of soon. They have some of the best support in the business

    Reply

  2. Similar thing happened when the Quick Cache plugin guys brought out a pro version, but I was fortunate enough to see that there had been problems and didn’t upgrade until the problems had been sorted.

    Quick Cache problems were sorted pretty quickly but lots of low score and negative comments had been posted by then – damage done and the plugin rating fell like a stone.

    “…because the amount of users and environments using the stable version are far greater than the number participating in the beta period.”

    That makes sense and with a plugin as complicated as ” iThemes Security” testing must be pretty complex, but if your site is the one that’s broken… you don’t see things in such a clear light.

    I don’t use this plugin but thanks for the heads up Jeff and I’m sure that this one will get a good conversation going in the comments.

    Reply

  3. The version 4 rollout is a bit of a disappointment. A few good features have been added. However, the hide backend feature breaks front-end ajax functionality which was fixed back in version 3.0.10. That affects WooCommerce, numerous Event calendars and likely hundreds of other plugins in the WordPress.org repository based on a simple search of “ajax”. The ability to manually clear log files has also been removed, requiring users to resort to other means to clear the itsec_log table. We’re indifferent on the changes to the interface, but can understand why some people don’t like it that all settings are on one tab.

    We think Chris Weigman’s work on this plugin is generally terrific and expect the issues we’ve identified along with those identified by others will get resolved quickly, but we’re sticking with version 3.6.5 for now.

    Reply

  4. I think owner of better wp security wants to sell their product. As it previous versions better wp security was free of cost, we don’t have to purchase it for pro version. But after updating better wp security to iThemes, owner has also added pro version. Why for pro version?

    Reply

  5. I’ve used Better WP Security for a long time. I’ve loved it. Had no issue with iThemes buying it except…

    The Hide backend issue cost me a lot of time to fix on all my sites. It’s not so easy to turn it off if you can’t login in the first place. Thank the heavens for FTP.

    The ability to manually remove log files I don’t understand at all and would like to see it restored.

    And don’t forget to check the box if you use InfiniteWP, that’s a new one.

    For now I’ve decided to downgrade.

    Reply

  6. https://wordpress.org/support/view/plugin-reviews/better-wp-security/page/1
    Even uninstalling the plugin doesn’t fix the issue, you have to dig into .htaccess and wp-config.php files to remove the lines of code the plugin left.
    =====================
    The only way back in to my site is to disable the plugin via FTP. If I want to try to edit settings on the plugin, I have to delete it and re-install it, which only works temporarily. Then, after a few hours, the site locks down again.
    =====================
    To fix it you need to delete (or rename) your .htaccess file (then put in a blank one and make sure you update your permalinks once you’re back in your admin panel), then delete (or rename) the entire iThemes crap plugin. Only then will you be able to access your admin panel.
    =====================
    The only way to gain access to your dashboard is to disable (rename) the plugin via ftp.
    =====================
    This was an excellent plugin until the developers decided to change the name. Then many experienced issues with it. I experienced one of the worst issues that can happen to someone who’s not a programmer: I was totally locked out of my website and I had to fix it on my own. That’s because no matter how much I tried communicating with them they never gave me an answer. If they want profit by selling tech support they should turn the plugin premium, not riddle it wih issues so people are forced to buy their support.

    I recommend that you don’t install this plugin if you can avoid it.
    =====================
    Nuked my admin area. Little did I know it was this plugin that did it, till I ended up removing my installation, reinstalling, restoring from a DB backup, and then installing this plugin again. Even a visit to the dev’s website didn’t reveal anything that would’ve tipped me off. It took visiting the forums here before I put 2+2 together, renamed the plugin directory, and finally regained access.
    =====================
    Clients updating their sites as advised found themselves locked out of admin even without having changed the wp-admin login url in Hide Backend.

    I had to delete the plugin via ftp and also (thanks to a forum post) the folder wp-content/uploads/ithemes-security; run WP-Cleanup; re-install the pre-iThemes version of the plugin, activate, deactivate and uninstall it; then install and activate the latest iThemes version 4.0.5 on every site….

    This used to be a 5* plugin. I use iThemes BackupBuddy all the time (Developer) and recommend it. I was looking to invest in the developer edition of iThemes Security Pro but this has seriously put me off.

    I can’t believe this issue did not flag in testing given the number of people affected by the update issue.
    =====================
    Good Lord, people. Don’t you ever test your plugins before announcing an upgrade?

    Locked out of my own site because your plugin failed? Now only the hackers can get in. Nice.

    Not trusting you with my security again.
    =====================
    It’s not the first time I’ve been locked out of my admin area by ‘Better’ WP Security. But it is the last. I’ve finally got back in and the first thing I did was delete your plugin.
    =====================
    It’s unfortunate that I did not read the reviews of the update to the “NEW” iThemes Security v4.x from Better WP Security 3.x. I would have avoided the headache and time invested back leveling the plugin.

    It’s obvious iThemes wants the new 4.x plugin to ride on the success of the BWS 3.x plugin even though they say it’s a total rewrite, a bit misleading to not let the new plugin develop it’s own reputation. I rate this new plugin a 0 despite the lowest rating available of 1.
    =====================

    Reply

  7. Yes, I’ve been locked out twice in the last three days and not only that, but the WHOLE site goes down. I looked to see if it was just me or the whole site on a different browser, and yes, seeing the same blank screen on both.

    I have email notifications enabled and with each crash got an email that a host at xyz IP address was locked out due to too many attempts to access a file that does not exist. The xyz IP address is mine! I wonder if there’s something regular running, like a cache emptying, that triggers this.

    Anyway, I would hardly dismissed this as something happening a few users. Nonsense. This is serious. And if you try to contact them, you get a snippy email directing you to the forum, which is only available for posting to people who buy the “premium”.

    Any recommendations for a GOOD security plugin?

    Reply
  8. v1ktorix

    The bigger problem wasn’t really the actual plugin breaking websites, but the huge lack of support in the forum. Only in the last few days iThemes support account showed up to answer some threads, leaving others untouched.

    Yes, it is a free plugin and people use it at their own risk and support isn’t guaranteed – but there’s a certain ethical responsibility to users of your plugin that carries your company’s name and has a commercial support to help resolve issues you created with a new version. Even if you overlook the ethics, look at the PR storm this has caused.

    Reply

  9. Up until May 18th, I would get about 3 alerts per day indicating that my hosting provider (IP xx.xx.xx.xx) was locked out of my website for too many attempts to access a file that does not exist.

    Furthermore, the plugin blocks Googlebot, MSNbot, Yahoobot… essentially it causes your organic rank to plummet.

    After reading, I can see this is a major bug in iThemes Security.

    Now, I’m getting locked out of my own site about 3-4 times per day, with an inability to access it using my login ID.

    The impression I get is that iThemes placed into circulation an pre-alpha release of this product, charged for the premium product, used the money generated to turn it into a beta product, and so on and so forth.

    You don’t release plugins that cause this much grief to people. It should have been tested for 6 months prior to release with real blog sites. When you invent a new drug, do you test it out on human babies before doing preclinical tox and testing on animals?

    So what do you get with the paid version, Xanax, or perhaps a steel shovel to render yourself unconscious until it’s all over?

    This plugin has potential, however the way it was introduced is inexcusable.

    Reply

Leave a Reply