More from this category
DELETING ALL IN ONE SECURITY::
All In One WP Security And Firewall Troubleshooting
All In One WP Security And Firewall Troubleshooting post helps you resolve some of the most common errors you run into and provides some troubleshooting tips.
All In One WP Security And Firewall Troubleshooting
This is a list of common questions asked in wordpress.org support forum. I have created this list to help you troubleshoot some of the most common issues you might run into. If you can’t find an answer to your issue please click the following link All In One WP Security And Firewall Support and create a support ticket. Someone will assist you as soon as possible.
Important: In some cases you might need extra support. Hiring our premium services can help you further. Click on the following link Premium Support For All In One WP Security Plugin.
Site Was Hacked
Even though a lot of effort has gone into developing this plugin to protect your site, sites might still get hacked. In that case the following URLs will help you. These are instructions provided by WordPress org support staff.
Aside from the above two links you should also carry out the following to clean your site. ( Steps provided by wpsolutions)
- Using cpanel file manager delete your wp-admin and wp-includes directories and then upload new versions from a fresh zip file of your WordPress core version.
- Delete all plugins and re-install fresh new versions. Also do not use old zip files you have on your computer or server. Always get new plugins directly from wordpress.org or from the developer who wrote them. (Same goes for your theme)
- Also go through your root directory and replace all wp core files with new versions and delete any unknown files. Check your wp-config.php file for any suspicious code.
- Go through all other wp directories such as uploads etc…and check to see if any suspicious php files are there. (eg, uploads directories should mostly have media files and not php files)
- Examine all of your server directories which reside outside of your WordPress installation and look for php files.
The above should help you get your site up and running and clean from any viruses.
Delete or Deactivate Plugin Solutions
Q1 What happens if I deactivate the plugin will I loose all my settings?
Answer: No, you will not lose any settings upon deactivating AIOWPS – meaning you won’t need to re-configure the plugin again after you activate it again.
The plugin has built into it the intelligence to remove the security .htaccess rules when you deactivate it but it will still remember these settings when you re-activate the plugin, and as pointed out above, it will give you the choice to re-insert these rules back into the .htaccess file.
( Solution quoted by wpsolutions)
When you re-enable the plugin you will see the following message. Say yes to re-insert the rules you previously had set up in the plugin.
Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?
==================================
Q2 How do I completely delete the plugin from the site?
Answer: Follow the instructions below.
– FTP to your host and delete the plugin’s folder. Although this is normally carried out when you deactivate and delete the plugin as the website administrator.
– FTP the .htaccess file from your site to your computer and edit and remove all the code between and including the following tags: Make sure you upload the .htaccess file back into the same location you downloaded the file from via FTP.
# BEGIN All In One WP Security
# END All In One WP Security
– Log into phpMyAdmin and locate the database for the website you are working on. Look for any table entry with the following name aiowps and delete those tables. There should be 6 tables associated with this plugin, in addition to the options settings. There will also be other entries for transients and plugin version etc. The following is a list of tables and entries found in the database.
Note: You might like to check the following URL Remove All In One WP Security Database Tables to learn how to search for the plugins tables in your database.
| aiowps_events |
| aiowps_failed_logins |
| aiowps_global_meta |
| aiowps_login_activity |
| aiowps_login_lockdown |
| aiowps_permanent_block |
| commentmeta |
| comments |
-There are other aiowps settings saved in the WordPress “options” table, under the option name “aio_wp_security_configs”. You should also delete the “aio_wp_security_configs” row in the options table.
The above steps will deactivate and delete the plugin from your site. It will also completely remove the plugin’s tables from your database. This allows you to install and activate a fresh copy of the plugin again in your site.
Remove All In One WP Security Database Tables
Remove All In One WP Security Database Tables shows you how to search for the plugins tables in the corresponding database for your site.
Last Updated: February 16, 2020
Latest News: Updated the documentation.
These instructions shows you how to remove all tables and database entries with the name aiowps and or aio using phpMyAdmin.
These steps are important if you are having issues with our plugin and or you can’t log into your site anymore. These steps will totally remove aionwps entries from your sites database. This will allow you to reinstall a fresh new copy of the plugin and allow you to start all over setting up the plugin.
Requirements:
- Access to your server’s phpMyAdmin. (Note: If you don’t have access or you don’t feel comfortable using phpMyAdmin, click the following link Remove AIOWPS From WP Database Tables And Options.)
- (Alternative) You might only want to reset the plugin. If that is the case, click the following link How To Reset AIOWPS Plugin.
Remove All In One WP Security Database Tables
Important: Before you begin, create a database backup of your site. Just in case something goes wrong.
Step 1 ) These steps assume you have already deactivated and deleted the plugin from your site and removed all entries include the following tags from your .htaccess file. And now you want to make sure all tables are removed from your database.
# BEGIN All In One WP Security
# END All In One WP Security
However, if can’t log into your site to deactivate and delete the plugin, you will need to access to your site via FTP or cPanel file manager.
(Note: You can use this plugin wp-file-manager, if you don’t have access to your server and can log into your site. You can also use an FTP software like filezilla.)
Log Into Your Server
Step 2 ) Log into your server and run phpMyAdmin. Located the database for the site in question as illustrated below. In this example the database in question is word492.
Note: You might have more than one database running in your server. So make sure you select the correct database.
Step 3 ) When I click on word492 database, I can start searching for the plugins tables. In the following image, you can see straight away some plugin’s tables that are safe to delete with WordPress default database prefix wp_.
Note: WordPress default database prefix is wp_. In your site your database prefix might be different.
Tables Safe To Delete
- aiowps_events
- aiowps_failed_logins
- aiowps_global_meta
- aiowps_login_activity
- aiowps_login_lockdown
- aiowps_permanent_block
For the following two tables you need further investigation. In other words, don’t delete them. You need to search inside of them for any entries related to aiowps.
Investigate These Tables Further
| commentmeta |
| comments |
phpMyAdmin Search Options
Step 4 ) The following image shows you how to search your database for any entries that have the following word aiowps. Please make sure you carry out the following steps.
Searching Steps:
- Enter the following word aiowps in the field as illustrated in the image below.
- Under Find: select at lease one of the words. I find this to be the best option in this case.
- Under Inside tables: Select Select all. Make sure all tables are selected in the database.
- Finally click on Go button to begin the search.
phpMyAdmin Search Criteria Displayed
Step 5 ) The following image shows you 5 entries found in the following table wp_options. Click on Browse link to view all the entries found.
Note: In your case the search might show more than 5 entries found.
Step 6 ) The following image shows you the 5 entries found. If the options name have the following name values aio or aiowps, then you can safely delete them. Otherwise you need to edit and search for any entries with a the following values name aio or aiowps.
The following image shows you the Edit link you need to click on to begin searching. In this tutorial, the following option_name needed to be searched.
Search Inside
- _site_transient_update_plugins
- _transient_plugin_slugs
- aio_wp_security_configs
- aiowpsec_db_version
- You might also find the following entry aiowps_temp_configs, not showing in the image below.
- cron = For cron jobs, you might want to use one of the following plugins Manage WordPress Cron Jobs to delete the cron job from your site. This is much safer than working in phpMyAdmin.
Note: If you find more entries in options, please let me know and I will add them to the list above.
I hope the above tutorial helps you remove all aiowps entries from your database.
Click on the following link Troubleshooting to continue configuring the plugins settings.
If you have any questions please let me know. I will be updating this post from time to time. So keep coming back for the latest.
Enjoy.
All In One WP Security & Firewall Plugin Tutorial List
==================================
Q3 What if you want access to your site and only reset the plugin. Follow the instructions below.
Answer: Check the following tutorial How To Reset AIOWPS Plugin.
Conflict With Plugins
Q1 There is a conflict with LoginPress plugin.
Answer: There was a problem in the following file “wp-security-wp-loaded-task.php line # 60”. It was causing issues. The solution was to add the following code in the theme’s functions.php file.
==================================
Q2 There is a conflict with Theme My Login plugin.
Answer: The Theme My Login developer reached out and provided a solution. Please check the following support thread for a solution.
Conflict With Themes
Q1 If you ever have a redirect issue when someone gets locked out because of spamming. Try the following solution. You can read more about the issue from the following forum post.
Solution 1: Can you try adding the following code to your theme’s functions.php file:
[code] add_action(‘aiowps_wp_loaded_tasks_end’, ‘remove_aiowps_loaded_actions’); function remove_aiowps_loaded_actions($AIOWPSecurity_WP_Loaded_Tasks){ remove_action( ‘login_init’, array( $AIOWPSecurity_WP_Loaded_Tasks, ‘aiowps_login_init’ )); } [/code] – – – – – –
Translation Solutions
Q1 What are the correct file name for your translated files?
Answer: Always name your .mo and .po files correctly. See the following Spanish Language Example:
- all-in-one-wp-security-and-firewall-es_ES.po
- all-in-one-wp-security-and-firewall-es_ES.mo
Make sure you add the files in the correct folder “all-in-one-wp-security/languages/” folder.
Note: The plugin languages are now coming from the following URL plugin translation page. So if you wish to translate the plugin into your language please click on the above link.
Windows IIS Solutions
Q1 Does it work with IIS servers?
Solution One: All features except those involving .htaccess rules should work ok in an IIS server.
AIOWPS currently only supports Apache-type servers for the features which need to write .htaccess directives – eg, Firewall features, Blacklist feature etc
Q2 How do I set up Pingback Protection: under Firewall -> Basic Firewall Rules when hosted on a Windows Server IIS (IIS 7.5 & Plesk 11)?
Solution One: Below is the IIS equivalent to the apache .htaccess rules for denying access to xmlrpc.php. ( Solution quoted by wpsolutions)
Log File Solutions
Q1 My log files are getting too big, how do I fix this?
Answer One: Just turn off the debug setting and no more logs will be produced. (Go to WP Security -> Settings -> General Settings tab.)
==================================
Q2 I am getting repeated lockout notifications yet both logs are empty?
Solution: The lockouts won’t be shown in the log files. They are displayed in the Dashboard -> Locked IP Addresses tab.
Also regarding log files, make sure that you have debug enabled – go to Settings and scroll to bottom of page and check the “Enable Debug” box and save debug settings.
(Solution provided by wpsolutions.)
WordPress Multi-site Solutions
Q1 I have a WordPress Multi-site (WPMS) install. I do not see some of the menus of this plugin on my sub-sites. Why is that?
Answer: For multi-site installations there is a single .htaccess file which applies to all your sub-sites. So some of the security features only need to be enabled on your MAIN site. The sub-sites won’t show you the menus for these features. You can configure those settings from the main site of your WPMS install. For example the Firewall rules menu is only accessible from the main site. (Tips and Tricks Solution)
==================================
Q2 How do I set up Brute Force feature in a WordPress Multi-site (WPMS) set up?
Answer: Click on the following URL securing WordPress multisite with AIOWPS plugin.
Nginx Solutions
Q1 Changing login url breaks lost password url in Nginx. How do I fix this issue?
Answer: Someone in the forum provided a solution to this problem. Please click on the following URL Changing login url breaks lost password url.
==================================
Q2 How can I disable xmlrpc via the firewall rules in Nginx servers?
Answer: Check the following support thread in the forum.
==================================
Q3 Are the following features compatible with Nginx servers?
Both features are listed under the “Brute Force” tab.
- “Rename Login Page”
- “Enable IP Whitelisting”
Answer: The “Rename Login Page” is independent of the type of web server because it works at the PHP level and is thus compatible with Nginx.
However the “Login whitelist” feature uses Apache directives to protect the login page and at this stage it is not compatible with Nginx. Check the following forum support thread.
==================================
Q4 How do I fix the issue with permalink settings in nginx when using “Rename Login Page” feature?
Answer: The “Rename Login Page Feature” works perfectly if the “Permalink Setting” is set to “Plain” but if you change the permalink to “Post name” you get a 404 error message in Nginx. Nginx does not understand the rewrite rules in the .htaccess file. The following forum post provides a solution submitted by one of the users.
Database Tables Information And Solutions
Q1 I want to clean my AIOWPS tables which are getting quite large (especially global_meta). What is the best option to carry out?
(Solution provided by wpsolutions in the forum)
“
Solution 1: The plugin has a code which will periodically check the tables created by aiowps and it will cleanup any table which has more than 5000 rows, ie, the code will delete the oldest rows and keep the newest 5000. The “5000” rows is set as a default in the code but I have also added filters for this to allow you to be able to set your own value.
The filters can be found in the wp-security-backup.php file in the function called aiowps_scheduled_db_cleanup_handler.
The cleanup process is triggered once daily using the inbuilt WordPress “wp_schedule_event”.
One way to trigger the cleanup process immediately is to deactivate and activate the aiowps plugin which should kick off the scheduled event.
Solution 2: To use the filters you should not edit any of this plugin’s files but instead you will need to add some code to your theme’s functions.php file.
For example:
add_filter( 'aiowps_max_rows_event_table', 'change_table_rows_remaining', 10, 1 );
add_filter( 'aiowps_max_rows_failed_logins_table', 'change_table_rows_remaining', 10, 1 );
add_filter( 'aiowps_max_rows_login_attempts_table', 'change_table_rows_remaining', 10, 1 );
add_filter( 'aiowps_max_rows_global_meta_table', 'change_table_rows_remaining', 10, 1 );
function change_table_rows_remaining( $rows ) {
return '1000';
}The above will set the maximum number of rows to keep for all of the tables to 1000. Check the following support thread to learn more.
==================================
Q2 Which features require aiowps_global_meta table?
Solution: The table stores the file change detection data and other miscellaneous things such as unlock request keys for cases when someone is using a woocommerce login page. (Answer provided by wpsolutions in the forum)
IP Address Solutions
Q1 When you enable the following feature Enable Login Lockdown Feature, you will see the following error message.
ERROR: Access from your IP address has been blocked for security reasons
Solution: Disable Enable Login Lockdown Feature. Or check to see if your IP address has been locked.
==================================
Q2 My IP address has been blocked by the plugin, how do I unblock myself?
Solution One: What you can do is the following, rename the plugin folder via FTP to something like all-in-one-wp-security-and-firewall-temp. Then log into your website again. Rename the plugin folder back to its original name. Enable the plugin and go to Dashboard -> Locked IP Addresses and unlock your IP address.
Solution Two: If you can’t log after trying the above solution please read the following thread Locked Out from the forum. This might help you get back into your site.
==================================
Q3 Is there anything outside of firewall rules that will also block IP address?
Solution One: Yes – the spam autoblock functionality does not use .htaccess firewall rules. It checks for IPs that are used to post comments which are marked as “spam” either by Akismet or manually by the admin of the site and if the same IP address has more than the allowed amount of “spam” comments, it will be blocked. (Solution provided by wpsolutions in the forum)
==================================
Q4 Wp Security does not recognize external IP addresses. How can I fixed this with the plugin?
Solution: The aiowps function which obtains the IP address uses $_SERVER[‘REMOTE_ADDR’].
In most cases the above global should be the best and least spoofable way to obtain the IP address but there are special cases where certain webservers have a more unusual setup. In that case the server might have some proxy or CDN in front of it and hence you may need to make an adjustment via your wp-config.php file.
One example that you could try is the following code entered in your wp-config.php:
if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match( '/^d{1,3}.d{1,3}.d{1,3}.d{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
However your hosting environment setup might be different, in that case you might need to experiment with the above code because your real IP address might be located in any of the following globals:
‘HTTP_CF_CONNECTING_IP’, ‘HTTP_CLIENT_IP’, ‘HTTP_X_FORWARDED_FOR’, ‘HTTP_X_FORWARDED’, ‘HTTP_X_CLUSTER_CLIENT_IP’, ‘HTTP_FORWARDED_FOR’, ‘HTTP_FORWARDED’
It is also a good idea to talk to your host support and explain your situation to them. They should be able to point you to which $_SERVER global the real IP address will be in. (Solution provided by wpsolutions in the forum)
You can read the solution form the following forum post. Others have also contributed other solutions as well.
==================================
Q5 I am having issues with the Black list feature. I think it is not blocking the IP address I add. What can I do to test this feature?
Solution: To confirm if the blacklist feature works try using your IP address to block yourself temporarily.
1) Make sure you are logged into your server using FTP. This will be handy to unlock yourself if needed.
2) Log into WordPress admin panel and add your IP address to the blacklist settings.
3) Try accessing your site from a browser where you are not logged in.
You should be denied access. If not, then the apache directives are not working on your server.
(If things are working fine and you do get blocked, just FTP your .htaccess file from your server to your computer and edit that file and remove the part of the code which has your IP address and then FTP the file back to the server)
(Solution provided by wpsolutions.)
Miscellaneous Solutions
Q1 I would like to understand how it is possible that all settings are being saved when deactivating or deleting the plugin?
Solution One: The aiowps settings are saved in the WordPress “options” table, under the option name “aio_wp_security_configs”.
When you deactivate this plugin those settings are still in the options table and are available for use next time you activate the plugin.
If you wanted to start your installation from scratch, you could always delete the “aio_wp_security_configs” row in the options table and then re-configure the plugin again. (Solution provided by wpsolutions in the forum)
==================================
Q2 How to implement the new filter “aiowps_ip_blocked_error_msg”) added in version 4.1.0?
Solution One: Add the following function to your theme functions.php file. It is always best to use a child theme. Remember to replace ‘My custom error message!’ with your own message. (Solution by Chesio in the forum)
add_filter('aiowps_ip_blocked_error_msg', 'my_custom_message');
function my_custom_message($error_msg) {
return 'My custom error message!';
}==================================
Q3 All In One WP Security & Firewall is producing Error 403. You can not access the page or directory you want. How do I fix this issue?
Solution One: The http 403 forbidden error is most probably caused by one of the features which uses .htaccess directives. For example, the firewall rules or blacklist feature or the white list feature in the brute force menu.
If you want to quickly get back into your site you can edit your .htaccess file and remove all of the rules added by this plugin. ie, remove all code between and including the following tags:
# BEGIN All In One WP Security
# END All In One WP SecurityThen when you log back into your site you can go into the various feature settings and disable them or change the configuration as needed. Alternative you can go to the AIOWPS “Settings” menu and scroll to the bottom. Click the “Disable All Firewall Rules” button. This will clear all the firewall rules from your .htaccess file. ( Solution quoted by wpsolutions)
==================================
Q4 The pages keep reloading over and over none stop?
Answer: Turn off the text selection and copy protection option. It seems like that feature is not working well with the current theme you are using. (Answer provided by mra13)
==================================
Q5 After installing the plugin I can’t regenerate thumbnails or crop images anymore?
Solution: This is probably due to the 5G firewall rule – You can disable that rule if you wish after you copy and paste the rules locally in notepad running Windows operating system. You can then optionally tweak the 5G rules by making some modifications. Then simply create some custom firewall rules feature.
==================================
Q6 I am receiving too many IP address lock outs, I think my pingback protection is not working correctly. What do I do?
Answer: Click on the following URl Pingback Protection Settings.
==================================
Q7 If the emailed attachment always turns up as an SQL file and not a ZIP file like all the others that means that your server is not configured correctly.
(The following was quoted by Chesio in the forum)
Database backup files are zipped only if there is ZIP extension enabled in PHP, so if you are getting plain sql files by email, most likely that website has this extension disabled.
You can find whether this extension is enabled in output of phpinfo or you can create a dummy PHP file with class_exists( 'ZipArchive' ) check – this is what actually AIOWPSF plugin does.
For example:
==================================
Q8 How do I prevent WordPress default link lost your password from displaying when a users types the wrong password to login?
Solution: Enable the “Show generic error message”. This will replace the default WordPress message with the link to the backend to retrieve the password to a text message without a link
==================================
Q9 After enabling one of the Brute Force features I am still getting lots of attacks, how can I fixed this issue?
Solution One: Check and see if you have the following enabled. Go to WP Security -> Firewall -> Basic Firewall Rules, locate the following Enable Pingback Protection:.
==================================
Q10 What if you can’t log back into your website and you want to totally remove the plugin?
Answer: This is a youtube video created by the developers to help you totally remove the plugin and all entries in the database without login into your website.
==================================
Q11 The login lockout feature is locking users after only one failed attempt, regardless of the how many failed attempts it’s set to require. How can I stop this from happening?
Answer: If you have the following checkbox enabled the plugin will lock that visitor out after the first attempt if username is non-existent: ( Solution quoted by wpsolutions)
==================================
Q12 I get a 404 error message when I activate the plugin? How can I fix this issue?
Answer: Please check the following forum post. This might help you with this issue.
==================================
Q13 I get “The plugin was unable to write to the .htaccess file” when I click on save button in “Save Basic Firewall Settings”. How can I fix this issue?
Server and plugins specs.
- AIO – Filesystem Security : all green
- Running on CentOS7 with CWP
- Apache/2.4.34
- PHP version 7.2.8
- WP version 5.0
- AIO Version 4.3.7.2
Answer: For a possible solution you need to check your server configuration settings. Please check the following forum post to learn more.
If the above does not work make sure that you try again the steps above but this time do not restore the htaccess file settings.
I will be updating this post from time to time. So keep coming back for the latest troubleshooting answers. If you have a question please send me an e-mail or leave a comment.
Enjoy.
All In One WP Security & Firewall Plugin Tutorial List