Uber Login Logo Better WP Security iThemes Security

[b-cat]

I’m using a plugin called Uber Login Logo, which is a very lightweight plugin that drops my site logo into the standard WP login page, and does nothing else. It was working fine until very recently. Seems to have stopped working after the latest BPS upgrade.

Why do I think the conflict is with BPS? I’m using BPS, and Better WP Security (now “iThemes Security” or “ITS”).

When I activate and save settings in iThemes Security, BPS tells me that it is no longer protecting the site (so there is a conflict between BPS and ITS, but that’s another issue). However, the Uber Login Logo DOES work when ITS is running and when BPS says BPS is not working. When I reactivate the BPS secure.htaccess files for the Root and wp-admin folders, and when BPS indicates that BPS is once again protecting the site, the Uber Login Logo no longer works, and the old WordPress “W” logo appears instead of our site logo.

Any ideas on what BPS settings (or other plugins’ settings) I can change to allow Uber Login Logo to continue working? At present, only iThemes Security appears to be compatible with Uber.  Thanks for any suggestions!

[AITpro Admin]

First off all bets are off if you are using the better wp security plugin.  Are you aware of all the serious problems that are occuring in better wp security in the last 2 versions?  What is recommended is that you either delete better wp security from your website or delete the version you have installed and install an older version of better wp security – at least 2 versions older.  It is quite possible that better wp security now also breaks BPS as well as all the other things it breaks – better wp security is a disaster of epic proportions – recommendation – nuke better wp security.

Ok so what I need for you to do is either permanently delete better wp security or just rename the better wp security plugin folder for troubleshooting.

I need for you to delete the root .htaccess file and wp-admin file in case better wp security damaged/corrupted them.
Click the Activate BulletProof Modes buttons again to create new good BPS .htaccess files.
At this point test Uber Login Logo.
If the problem is still occuring then I need you to go to your Security Log page and post the Security log entry for whatever is being blocked in Uber Login Logo.
I will then post the whitelist rule that you need. Or if the problem is solved by getting rid of better wp security then you have your solution – nuke wp better security.

[AITpro Admin]

Uber Login Logo has been downloaded and tested with BPS Pro and there are no problems or conflicts between the 2 plugins.  Both plugins are compatible and working correctly together.  The problem is being caused by better wp security.  It is recommended that you delete better wp security or install an older version of better wp security.

[AITpro Admin]

At this point we have made a decision to create some of the features that better wp security has in BPS and BPS Pro so that folks will not have to install the better wp security plugin at all.  This will save us a lot of wasted time and money having to deal with that junk plugin.

[b-cat]

Thanks for the replies and info above. I have rolled back Better WP Security to version 3.6.6 and turned off a bunch of options, and now the prior conflict with Uber Login Logo has gone away. So that seems to have fixed it! Thanks. Apparently the new “iThemes” version of Better WP Security has some problems.

Not being a super-hacker, I wouldn’t know which plugins are “junk” and which ones are not. I did like some of the functionality that Better WP Security offered (or appeared to offer).

I liked the simple user interface for pasting IP addresses to ban or whitelist users IP addresses.

I also like the feature to “Hide” the backend by changing the login URL. I know this feature has been criticized as bogus elsewhere, but it is not a bogus option if you have NO public links on your site anywhere that link to the login. Our site is publicly viewable, but we don’t want random site visitors registering and logging in. So, we also don’t want thousands of spambots pinging our wp-login.php. Since our login URL is now a private and hidden URL, we get ZERO spambots trying to login, and no one can see our wp-login.php file or any other login file unless they know the direct URL, which we can change at any time if we find the login address has been compromised (which it never has since “hiding” it).

It’s a useful feature, but obviously it isn’t useful for sites that want random users setting up accounts and logging in.

[AITpro Admin]

Apparently the new “iThemes” version of Better WP Security has some problems

That is an understatement.  Have you seen what is going on in the better wp security support forum?  People are enraged.  This is going to severely impact the better wp security plugin’s future.  Trust is completely gone and it will take a long time to gain that trust back.

Regarding the hide backend thing.  If you want a working solution we created one here that actually really works (Simple Query String Login page protection):   http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/ We will add this as an automated feature in the next BPS and BPS Pro versions.

FYI – BPS Pro JTC Anti-Spam / Anti-Hacker already accomplishes what the Simple Query String Login page protection does and it does not interfere with sites that want to allow registrations, user logins, etc – seamless and effective.  😉

[Author]

Posts