In my experience, iThemes Security, the module formerly known as Better WP Security, is kind of terrible. Significantly, it doesn’t uninstall cleanly and will lock you out of your own site at the drop of a hat.

Before I fully got rid of its screwups (and I’m not even sure I have, completely), I had to muck around in phpMyAdmin and drop two database tables it created. (These can be spotted from their prefixes, which will be something like itsec or bwpsec.) From help threads it seems much of the time you’ll also have to delete whatever lines it’s added to your .htaccess and wp-config, also manually, but in my case I didn’t find anything I needed to remove.

On paper it does look like a desirable mod to have; if you do use it, at the least I recommend against activating any of the file- or folder-renaming functions. Pretty sure those are what screwed me up…