티스토리 수익 글 보기

Hello

I have further plugins that solid impedes working well. Notably a plugin named wheel of life. I’m looking in solid settings where I can make an exception to make them work well but don’t find anything.

Do you think you could help me or it’s a problem that concerned plugins support have to resolve by themselve ?

Thank you

Hi,

We have Solid Security Pro and one of my users is constantly getting their account locked out due to failed login attempts, I have enabled MFA in the hopes that this would stop this however we’re stilling getting it.

Is there a way to secure the account so it will stop being locked out due to failed login attempts?

I have been using php 8.1 and since its stopped receiving security updates in previous month so i had to upgrade to php 8.3 and before that my hosting platform run a compatibility check via tool and it shows a few errors:

/chroot/home/xyz.com/html/wp-content/plugins/ithemes-security-pro/core/lib/debug.php (1 error)
/chroot/home/xyz.com/html/wp-content/plugins/ithemes-security-pro/core/lockout.php ( 52 errors)

Kindly confirm is plugin totally compatible with php 8.3, if not should I update for new update?

Thanks

Clicking Next after filling out all the fields just spins and does not submit the form.

PHP Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the better-wp-security domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/clients/client4/web3/XXXXXXX/wp-includes/functions.php on line 6131

We are using the Fatal Error Notify Pro plugin, and it is sending error notifications related to Better WP Security.
Please refer to the image at https://www.awesomescreenshot.com/image/57902034?key=2934f863eb2a3f78ad4bc82bca5a0006 to review the issue.

Is there anything you can do to help fix this issue? Thank you.

Plugin: iThemes Security / Solid Security
Version: 9.4.3
PHP version: 8.2
WordPress version: 6.9

Issue Summary

A fatal error occurs when viewing the Logs page in the WordPress Admin. The issue is triggered by the sprintf() call inside class-itsec-wp-list-table.php. The error stops the entire Logs admin page from loading.

Error Message

PHP Fatal error: Uncaught ArgumentCountError: 3 arguments are required, 2 given
in /wp-content/plugins/better-wp-security/core/lib/class-itsec-wp-list-table.php:727

Exact Line Causing Error

$output = '<span class="displaying-num">' . sprintf(
    _n( '%s item', '%s items', $total_items, 'better-wp-security' ),
    number_format_i18n( $total_items )
) . '</span>';

Hi there,

We have an issue when trying to setup the plugin:
https://prnt.sc/BGJDY_gRCaE8

I tried deleting and re-installing the plugin but we keep getting the same errors.

We have multiple (100s) of sites using this plugin which are on the same server (WPEngine); so we are not sure why we are getting issues with this now.

When checking our logs, we do not see any error logs either – anything we can look out for?

Hi Solid Security Team,

Since I updated to the latest version of WordPress, I have not been able to login using my email method for Two-Factor authentication. This is what I get from your plugin:

Important notices from Solid Security

Failed sending Two-Factor Email notification.Could not instantiate mail function. (wp_mail_failed)ModuleNotification CentreDescriptionSending Two-Factor Email FailedDec 05, 2025 9:16 AM – 52 seconds ago

UPDATE: Just realised this is not a Solid Security issue. Looks like there has been changes to WordPress mail() function which has now caused emails to stop being sent.

• This topic was modified 1 month, 2 weeks ago by poppydev.

Hi, my error_log file is full of these:

[28-Nov-2025 10:06:03 UTC] PHP Warning: Undefined array key "malware-scan" in /home/macmagazine/public_html/wp-content/plugins/better-wp-security/core/lib/class-itsec-scheduler-cron.php on line 54
[28-Nov-2025 10:06:03 UTC] PHP Warning: Trying to access array offset on null in /home/macmagazine/public_html/wp-content/plugins/better-wp-security/core/lib/class-itsec-scheduler-cron.php on line 54

Any chance this might get fixed in a future plugin update? Thanks!

When a user is locked out because they got their login details wrong too many times I get an email with their IP address. Is it possible to include the username in this email so I can see who was locked out. This info is available in the Dashboard under Active Lockouts, but it would be useful to have it in the email.

Hi. I installed SS and the Site Scan is not working. It show a Red X for “Plugins”, “Themes”, “WordPress Core”, and “Google Safe Browsing”. Yet “Two Factor” and “Password” show a Check Mark. What could this be? Thank you in advance.

Hi there,

I want to exclude wp-content/cache/wpo-cache/ from file change notifications, but when I add the path to the list of files and folders to exclude and hit save I get the error ‘Ignore File Types must be array’. The ‘Ignore File Types’ field is empty

Thanks

Solid Security blocks ajax request from EventON plugin:

?evo-ajax=eventon_init_load 500 (Internal Server Error)

I couldn’t fix that other than disabling Solid Security, I tried disabling multiple features, no luck

• This topic was modified 2 months, 1 week ago by czokalapik.

I have had multiple clients report and experienced myself that on this screen, setting up authy works but then just goes back to this screen as if we had done nothing.

https://snipboard.io/LCgRdG.jpg

Hi,

I really enjoy using your plugin in many projects. However, today I noticed a false positive for the first time in a completely new project (fresh install with only some plugins). After a site scan with Solid Security, I received the following warning:

WordPress WP Reset PRO Premium Plugin <= 5.98 – Authenticated Database Reset vulnerability

The plugin mentioned is not installed at all. I only have the free version, “WP Reset”. I have never had or used their premium version.

Further down, the solution is listed as:

Update the WP Reset plugin to the latest available version (at least 5.99).

If you take a look at the free plugin, you’ll see that it’s currently at version 2.06 – a long way from 5.

This is incorrect information, correct? It would be great if you could take a look at it.

And yes, you can hide the warning, which is what I’m going to do now. But it’s a message that refers to a plugin that I don’t even use.

Bonjour,

J’ai activer l’option de double authentification via le plugin solidsecurity free, et je ne reçoit plus le code d’authentification par mail nécessaire à ma connexion sur mon site wordpress admin

• This topic was modified 2 months, 3 weeks ago by boutin.

Hello,

when i enable the hide backend feature, i set an new login slug like “itsanexample”.

When i try to connect with https://www.mysite/itsanexample it doesn’t work, i have the message : “Not Found. The requested URL was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.”

For it to work, i have to connect with the URL : https://www.mysite/wp-login.php?itsec-hb-token=itsanexample

I tried to disable/enable the feature but it doesn’t work.

Do you have any idea to solve this problem ?

Thanks

• This topic was modified 3 months ago by delpower.

we have Solid Security on a number of websites for the last several years, and almost every one has Hide Backend enabled — and working FINE 🙂

but today when creating a brand new devel site, for the life of me I cannot get it to work — when its not on, the typical /wp-admin/ URL works. when I turn it on, neither my custom URL nor the default will work. I turned on debug and looked at the code — it looks identical to my operational sites.

I disabled the few plugins I had, still not working. I uninstalled and reinstalled, still not working. as this is a new devel site, I may just delete the entire site and start over, but any advice at all is welcome !!

Hello.

This is the third week in a row that I have been forced to use the backup (fortunately always available) files to retrieve htaccess and wp-config, which turn out to be completely empty, effectively rendering the website unusable (were it not for Cloudflare’s cached pages, which at least do not present me with 404s). There is no shortage of disk space (so what is reported in this thread cannot happen: https://wordpress.org/support/topic/fatal-error-empty-wp-config-php-and-htaccess-files-when-disk-is-full/).

This problem is relatively new, I have been using the plugin for several years and this had never happened in the past. Is there a possible explanation or do we have to give up the option that goes to independently update those two files?

Thanks!

I get:

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the better-wp-security domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6121 Warning: Cannot modify header information – headers already sent by (output started at /var/www/html/wp-includes/functions.php:6121) in /var/www/html/wp-includes/pluggable.php on line 1450 Warning: Cannot modify header information – headers already sent by (output started at /var/www/html/wp-includes/functions.php:6121) in /var/www/html/wp-includes/pluggable.php on line 1453

Hi all,

Is it correct that the plugin regularly (wp-cron) checks and modifies wp-config.php and .htaccess files? We host multiple WordPress instances and recently had the issue that we were running out of disk space. Once this was happening and wp-cron kicked in, it seems that the plugin tried to recreate the files (which was impossible due to missing disk space). This resulted in two unusable empty files wp-config.php and .htaccess, which made the WordPress instances completely unusable until we restored a previous version.

Proposal: Create the files at a different location, ensure that the file content is present, and then move them to the correct location.

Hello, I received some alerts from Solid Security, but these looks not correct to me (free version).
After site scan I got the following results:

• “Sensitive Data Exposure” & “Cross Site Scripting (XSS)” -> Vulnerable Version: <= 6.8.2
  …but the last WordPress version is installed.
• “[username] has administrator capabilities, but does not have a strong password.”
  …in this case, maybe the user password is actually weak, but the user in question has “Editor” capabilities, no “adminstrator”

Hi there,

How can I change the URL for the site scans?

I recently noticed that the site scan logs, after “Site Results,” show the URL of our old site and not the URL of our current site.

Awaiting a response,

Regards, Hoogy

I am getting a lot of the following PHP warnings in the error log

PHP Warning:  Undefined array key "flush-files" in .../wp-content/plugins/better-wp-security/core/lib/class-itsec-scheduler-cron.php on line 54

I am using the latest 9.4.1 code. Can this be fixed in the next release?

I have Solid Security on all of my sites, and all of them are configured exactly the same. Yet I’ve had email notifications from 4 of them, but never from others.

In the past 2 days, all of the sites started showing critical log messages related to a core vulnerability, but I have had an email only from a single site.

I’ve checked cPanel email deliverability and spam filter, and there’s no reason for this that I could find. How can I even troubleshoot this?

When Solid Security Basic is enabled with Elementor, Elementor becomes unusable and generates a 500 server error when saving.

Hello,

Fatal error show 2fa code
Fatal error: Uncaught Error: Call to undefined function PHPMailer\PHPMailer\mail() in /home/verifiso/public_html/wp-includes/PHPMailer/PHPMailer.php:880 Stack trace: #0 /home/verifiso/public_html/wp-includes/PHPMailer/PHPMailer.php(1968):

Hi.
After the website migration to a different hosting provider can’t get the plugin to work anymore.
After de-activating and re-activating it keeps showing these errors which signal a permission issue on the db on a user that does not exist anymore (db user on the new hosting are different).
It looks like the plugin is using old db connection credentials instead of the new ones present on the wp-config file. Where does the plugin get the db user from?

ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_lockouts’
ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_geolocation_cache’
ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_opaque_tokens’
ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_opaque_tokens’
ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_opaque_tokens’
ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_user_groups’
ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_user_groups’
ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_user_groups’
ALTER command denied to user ‘[oldusername]’@’localhost’ for table ‘wp_itsec_user_groups’

Hi, the site admin email address (Settings > General > Administration Email Address) is not being used for 2FA emails. Instead it’s using;

‘wordpress@michaelbennett.org.uk’

Where do I change this ? I can find nowhere this can be edited through the plugin or the wordpress site..