Quantcast
Channel: BulletProof Security Forum » All Posts
Viewing all 12461 articles
Browse latest View live

Reply To: Can't lock htaccess file

July 3, 2019, 3:53 pm
$
0
0

So what you are saying is that you see this blue text below on the htaccess File Editor page correct?  If so, then the Root htaccess is actually locked and the problem you are describing is something on your website or server is preventing the Turn On AutoLock POST Form from processing the Form code/submit.  You can try deactivating all of your other plugins and see if the Turn On AutoLock Form works.  If you have Mod Security enabled then a Mod Security SecRule or SecFilter could be preventing the Turn On AutoLock Form from working.

Your root htaccess file is Locked with Read Only Permissions.
Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess file for editing.

Search

Reply To: Can't lock htaccess file

July 3, 2019, 3:57 pm
$
0
0

Yeap, my bad. I forgot to purge cache. Now is all fine.

Reply To: Can't lock htaccess file

July 3, 2019, 4:10 pm
$
0
0

Well you found the problem – You should NEVER cache your WordPress wp-admin area for any reason.  You should also never cache any Forms on the frontend of your website – Login page form, Contact page Form, etc.  All caching plugins have option settings to exclude individual frontend website pages.

Reply To: BPS Pro blocking external folder application – phpMyAdmin

July 3, 2019, 10:42 pm
$
0
0

Yes, thanks, I created the RewriteRule bypass rule for the folder. Just what I needed.

WPML Update – htaccess code created in Root htaccess file

July 5, 2019, 11:19 am
$
0
0

After I updated WPML settings, it wanted to apply Htaccess change as follow:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

What to do (file is in quaranteen)?

Reply To: WPML Update – htaccess code created in Root htaccess file

July 5, 2019, 11:35 am
$
0
0

Delete the Root htaccess file (auto_.htaccess = Root .htaccess file) in Quarantine.  Go to the BPS Pro > B-Core > htaccess File Editor tab page and lock your Root htaccess file to prevent this problem from occurring again.  Also turn on AutoLock.  The generic WordPress Rewrite htaccess code that WPML is adding to the Root htaccess file already exists in BPS Rewrite htaccess code.  BPS incorporates the WordPress standard Rewrite htaccess code already.

Reply To: WPML Update – htaccess code created in Root htaccess file

July 5, 2019, 12:48 pm

How to get past Advanced BP's

July 10, 2019, 2:44 am
$
0
0

<p class=”s1wjcqzz-10 lkEbBw”>Title. I’ve been playing for almost a month, I’m at 51 LPP, have a T6 BP, plenty of bonuses, x5 click x5 merch x 10 research, x30k merchant revenue (without x5 merch ad booster), etc, but I’m finding it really difficult to push past Advanced. I can’t get good BP’s because by the time Advanced BP’s are showing up I can only get maybe 10 fame per soft reset without waiting 5-10 minutes for higher tier stuff, and that’s about a 50% chance (at best), assuming the token isn’t all the way at the end of the slider. What do I do here? Can any veterans/people in my position suggest some stuff to help?</p>
Thanks

Search

Thoughts on BPS Pro Qualifier 2

July 10, 2019, 2:56 am
$
0
0

<div class=”_3xX726aBn29LDbsDtzr_6E dfgx7a-6 hsgMKY” data-click-id=”text”>
<div class=”RichTextJSON-root s1l7dkv5-0 bifmfF”>
<p class=”s1wjcqzz-10 lkEbBw”>I was thinking of heading out to get the BPS pq2 baitcaster combo. They are having a sale it’s going for 119 for the rod and reel. Does anyone have experience with these rods and if so how were They?</p>
<p class=”s1wjcqzz-10 lkEbBw”>So last time when the WD15s came out, all of a sudden we could no longer get the docks we were ordering… out of no where. Now they’re apparently switching the model again, which explains why there is a massive back order on WD15s we’re waiting on.</p>
<p class=”s1wjcqzz-10 lkEbBw”>I asked the person in charge of ordering what the new model is so I can read up on the dock but the model was removed from the portal, anyone know what this new model of dock is and what we should look out for?</p>
<p class=”s1wjcqzz-10 lkEbBw”>Thanks</p>

</div>
</div>
<div class=”_1hwEKkB_38tIoal6fcdrt9″>
<div class=”_3-miAEojrCvx_4FQ8x3P-s”></div>
</div>

Reply To: BPS Pro blocking external folder application – phpMyAdmin

July 2, 2019, 7:52 am
$
0
0

I tested the Query String you posted in your first forum post and got a 403 error on my testing server because of the round bracket/parenthesis code character in the Query String.  What is being blocked in the second Security Log entry that you posted is the %27 url encoded value for the single quote code character – ‘.  My guess would be that several things in the random token string that is being generated are blocked by BPS root htaccess file security rules.  So the best method to use to allow any/all dangerous code characters used/created in the token string Query String by your phpMyAdmin 3rd party application would be the RewriteRule bypass rule for the /phpmyadmin/ folder method, which is what you are using.  So that should take care of the issue permanently.

Or you can create a RewriteRule bypass rule for the /phpmyadmin/ folder by doing the solution in this forum topic:  https://forum.ait-pro.com/forums/topic/custom-applications-outside-of-wordpress-3rd-party-apps/

Reply To: BPS Visual Format not displaying correctly

July 2, 2019, 1:24 pm
$
0
0

UPDATE BPS Pro 14+ and BPS free 3.5+ versions:  The Script|Style Loader Filter (SLF) In BPS Plugin Pages option is now turned On by default.  Previously there was a performance problem caused by turning SLF On, but that issue has been figured out and now SLF increases BPS plugin page performance significantly.

Is there any use to add the Speed Boost Cache if I use Cloudflare?

July 12, 2019, 8:15 am
$
0
0

Just wondering, would you consider it of any help to my site if I add Speed Boost Cache when I’m using Cloudflare (free plan)?

Reply To: Is there any use to add the Speed Boost Cache if I use Cloudflare?

July 12, 2019, 8:41 am
$
0
0

Both the Speed Boost cache code and Cloudflare caching do the same thing. So nope adding the Speed Boost cache code would probably not add any more website performance speed.

Astra Theme file quarantined

July 13, 2019, 4:52 pm
$
0
0

Hi,

I have next:

BPS AutoRestore/Quarantine – ARQ Log
====================================
====================================

[BPS Pro 14: wp-content File AutoRestore Logged: julio 13, 2019 18:30]
Quarantined Filename: class-astra-theme-update.php
Quarantine Path: /opt/bitnami/apps/xxxblog/htdocs/wp-content/bps-backup/quarantine/wp-content/themes/astra/inc/theme-update/class-astra-theme-update.php
Restore Path: /opt/bitnami/apps/xxxblog/htdocs/wp-content/themes/astra/inc/theme-update/class-astra-theme-update.php

Why it happen?

Reply To: Astra Theme file quarantined

July 13, 2019, 5:28 pm
$
0
0

AutoRestore|Quarantine checks all website files for any changes. Files are checked against files in AutoRestore|Quarantine backup.  If a file is quarantined then either a file change occurred in the theme file or the file is a new file added by your theme. Did you upgrade your Theme?  Did you do anything else with your Theme?  See AutoRestore|Quarantine Guide link below to get a general idea of what AutoRestore|Quarantine is and how it works.

Reference Link: AutoRestore|Quarantine Guide

Search

Reply To: Astra Theme file quarantined

July 15, 2019, 10:00 am
$
0
0

Well, I’m not sure what is going exactly here, but certainly is connected with MainWP (despite that I followed all steps).

1) So, in that case, I actually didn’t updated Astra (other plugins are updated) and outcome was that. I hardly believe how site was attacked (to not explain why), especially not in the moment of remote updates.

2) About 10 min ago, I remotely updated FVM plugin in 10 sites and ONLY ON ONE, I get .maintenance in quarantine (??? why?). Again, mostly 100% sure how it is not consequence of attack.

3) There is basically ZERO times when I did remote updates and that at least one (cannot remember for more than one site per time) didn’t sent me email notification about Auto Restore On/Off (??? – why and why only one?).

Please be kind and try to explain what is really going on here.

Reply To: Astra Theme file quarantined

July 15, 2019, 10:37 am
$
0
0

I don’t think your site was attacked.  I think that the file was added or updated due to something that was occurring at the time.  You can view the file in Quarantine to check it just in case, using the View File option in Quarantine.  If everything looks ok then use the Quarantine Restore File option to restore the file.

“I get .maintenance in quarantine (??? why?)” – this issue is caused in this case scenario – WordPress adds the .maintenance htaccess file when doing WordPress, plugin or theme updates and is then supposed to delete the .maintenance htaccess file after the update is completed.  If an AutoRestore cron runs before the .maintenance file is deleted or a WordPress error occurs and the .maintenance file is not deleted then the .maintenance file will be quarantined.  In both cases the solution is just to delete the WordPress .maintenance file in Quarantine.

AutoRestore email alerts can be turned Off on the S-Monitor page.  So check to make sure that the AutoRestore email alerts are not turned Off.  Other possibilities for not seeing the AutoRestore alert email.  The email was sent to your email Junk or Spam folder.  The email address that you are using to send email alerts to is incorrect/invalid on the S-Monitor page.  Your web host flagged the email as Spam and did not deliver the email alert to your mailbox.  Your web host bulk mail queue has a problem occurring currently and there is an extreme delay in sending emails.  Your web host mail server mail config in the php.ini file has some issues/problems.  Another plugin or theme that you have installed is interfering with WordPress Cron jobs or mail functions.  There are probably some more possible causes, but these are the most common.

Reply To: Astra Theme file quarantined

July 15, 2019, 11:16 am
$
0
0

1) Yes, I’m also sure that it is not attacked. I just connected cases/situations.

2) OK, make sense.

3) Maybe I wrongly exposed it. I’m actually wondering why if I did same operation remotely at same time on 10 sites, ONLY ONE send email (why not 10?). So, my issue is not email, rather number of sites. BTW –  all 10 sites have 100% same configuration including servers.

Reply To: Astra Theme file quarantined

July 15, 2019, 11:57 am
$
0
0

Maybe what happened with the AutoRestore email alerts is this – the default AutoRestore email alert setting is set to send the “AutoRestore is deactivated” email alert every 15 minutes.  So maybe only 1 email alert was sent because the Cron job that checks if AutoRestore is deactivated was ready to fire on one site only and not any of the other sites.  You can always test one of your sites by turning AutoRestore Off and waiting 15 minutes to see if the email alert arrives.  Or if you don’t want to wait 15 minutes you can change the S-Monitor > ARQ: When AutoRestore|Quarantine is Turned Off option setting to > Send email alert every 5 minutes.

Reply To: Astra Theme file quarantined

July 15, 2019, 12:55 pm
Viewing all 12461 articles
Browse latest View live
Search