Category: Troubleshooting
Disabling admin account creation protection when you are locked-out
Really Simple Security Pro has an advanced hardening setting to “Restrict creation of administrator roles” Enabling this setting will check for Users that were assigned the Administrator role in a different way than through the regular user profile interface. If a such a user account is found, the role of the user will be changed to Subscriber immediately and an e-mail notification will be sent to the site administrator. If for some reason you are locked out of your site
Content security policy maximum size exceeded
The maximum size available for http headers on your website depends on the webserver that runs your website. For most webservers like Apache and Lightspeed the limit is 8192 bytes but the default configuration of Nginx sets this limit to 4096 bytes. When your website is running Nginx with the default configuration, available space for HTTP headers is limited. In most cases this will be fine but if you have a large Content Security Policy it might result in the
About email notifications in Really Simple Security
Really Simple Security sends email notifications for important events, such as when features are enabled or when vulnerabilities are detected in installed plugins or themes on your WordPress site. To ensure that 2FA codes and security notifications are reliably delivered to your inbox, email address verification is required. You can verify your email address in the plugin by navigating to Settings -> Security -> General. This step is used to confirm that your server is properly configured to send email,
What to do if you’re locked out after renaming the ‘admin’ username
When attacking WordPress websites, guessing usernames and passwords is still a commonly used method to gain access to a WordPress back-end. It goes without saying, that using easy to guess passwords like ‘12345’ or ‘Welcome2022’ will make it really easy for attackers to login to your administrator account. The same goes for usernames; using easy to guess usernames like ‘Admin’ will make it too easy for attackers. This is why Really Simple SSL allows you to prevent usage of the
DISALLOW_FILE_EDIT is defined and set to “false”
When activating the “Disable the built-in file editors” feature under Settings > Hardening in Really Simple SSL, you may receive a notice that “the DISALLOW_FILE_EDIT constant is defined and set to false” as shown in the below image. When DISALLOW_FILE_EDIT has been defined in the wp-config.php with a false value, Really Simple SSL cannot override this. The solution is to remove the following line from your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, false );