Yeah it seems like your French/English translation method is doing something odd with your website links.  Maybe that has something to do with it.  It does not look like you have the WPML language translation plugin installed.  At least I didn’t see any clues that WPML was installed on your site in your website’s Source Code.  Another possibility could be that you have Mod Security enabled in your web host control panel and Mod Security is also blocking the flipbook plugin (not likely though, but a possibility).

Ok I will check these two options, before I give up .

Thanks again for your support. I rate you 5 stars

hello, my cron job doesn’t work.

I was also reading about a similar problem on this fore, but I couldn’t fix it.

Please, what code should I put into CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: Modify Query String Exploit code here ?

[403 GET Request: 07/08/2019 - 15:04]
BPS: 3.1
WP: 4.9.10
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: 62.197.243.15
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: https://www.EXAMPLE.sk/wp-admin/admin.php?page=zasilkovna&form=pl
REQUEST_URI: /wp-admin/admin.php?page=zasilkovna&form=pl&check=ok%27;%20?%3E
QUERY_STRING: page=zasilkovna&form=pl&check=ok%27;%20?%3E
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Thank you for your response

The Security Log entry that you posted does not look like a typical log entry for a blocked Cron Job.  So it may just look different or maybe this is a separate/different problem.  What is being blocked in the Security Log entry that you posted is the single quote code character: %27 or ' and the angle bracket code character: %3E or >.  Try using the Query String whitelist rule for the wp-admin htaccess file below and let me know if that works or not.

1. Copy the wp-admin htaccess code below into this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the save wp-admin Custom Code button.
3. Go to the Security Modes page and click the wp-admin folder BulletProof Mode Activate button.
Important Note:  If you are already have an existing Skip rule (S=2) in the 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES text box then add your new Cron Job Query String skip/bypass rule above the existing S=2 skip rule and change the Skip rule number to: S=3.

# Custom Cron Job Query String skip/bypass rule
RewriteCond %{QUERY_STRING} page=zasilkovna(.*) [NC]
RewriteRule . - [S=2]

Hi,

i add this code and not save in htacess..

http://screenshot.cz/G2/G2TYA/code.png
after saving, show me a white page in the administration and the changes will not be saved.
I tried to turn on php error and show nothing.

Sounds like a very common Mod Security problem: https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/. Note: We are currently working on changing several of the forms in BPS and BPS Pro since the Mod Security problem is an ongoing problem that is continuing to get worse over time.

You really do not need the BPS wp-admin htaccess file (wp-admin BulletProof Mode). We added that many years ago for 2 reasons: A significant number of people requested it and some web hosts for whatever reason required that a wp-admin htaccess file existed if BPS Root BulletProof Mode was activated. So go ahead and deactivate wp-admin BulletProof Mode on the Security Modes page and let me know if that workaround solution solves the problem. Note: Mod Security is also known to break other things in BPS. See the link above for other problems caused by Mod Security.

Good day,I have found what the problem is and why blocks url.

/wp-admin/admin.php?page=zasilkovna&form=pl&check=ok'; ? >

convert to:

/wp-admin/admin.php?page=zasilkovna&form=pl&check=ok%27;%20?%3E

and correctly url is:

/wp-admin/admin.php?page=zasilkovna&form=pl

and working.

the problem was in the plugin not in Bulletproof.
Well thank you

Managed hosting of WordPress sites comes with plenty of benefits that ultimately improve the overall performance of a site. With reliable services of managed WordPress hosting Singapore, you can say bye to day-to-day maintenance of a website. This means, you can use that sufficient and valuable time to focus on other important tasks. You’ll get full expert level WordPress level support. Many hosting service providers take extra steps to protect the site from various attacks and ensure complete protection of a site.   

ok here is the two things from system info

Server Type: Apache
Operating System: Linux

General statement and explanation to customers/users regarding the ongoing Mod Security problem:
BPS Pro 14.1+ and BPS 3.6+ versions will no longer be broken by Mod Security after redesign has been completed in these new versions of BPS Pro and BPS.  Mod Security included with newer versions of cPanel breaks several things in the BPS and BPS Pro WordPress plugins. This problem has been occurring for 2 years now. Unfortunately, web host techs are not that familiar with editing Mod Security SecRules and typically it takes several days for web host techs to resolve Mod Security problems, which is unsatisfactory for everyone involved. In some cases web host techs are unable to fix the Mod Security SecRule problems. So instead of dealing with this ongoing tedious problem I have set up Mod Security with the OWASP/Spider Labs ModSecurity Core Rule Set for testing in order to redesign BPS and BPS Pro so that they completely bypass/”beat” the OWASP/SpiderLabs ModSecurity Core Rule Set. I believe it would be pointless and a significant waste of time to identify all of the Mod Security SecRules that break things in order to have them fixed eventually. So the simpler route for everyone involved is just to bypass/”beat” Mod Security altogether. This approach will ensure that any new future Mod Security SecRules will not break BPS and BPS Pro. I aplogize to everyone who has suffered through this mess.

Steps to install Mod Security on XAMPP and setup the OWASP ModSecurity Core Rule Set V3.0
Get your XAMPP version first from phpinfo:
Compiler: MSVC15 (Visual C++ 2017)
Architecture: x86
Thread Safety: enabled

You can also check the Apache server logs for info about your Apache build:
Apache/2.4.29 (Win32) OpenSSL/1.1.0g – Apache Lounge VC15 Server built: Nov 3 2017 10:30:36

Get and download the correct Mod Security Module for your XAMPP/Apache server build:
Go to: https://www.apachehaus.com/ and click the downloads link.
Scroll down until you find your Apache server build section. In my particular case the section is: Modules for Apache 2.4.x VC15
Important Note: x86 is for 32 bit installations. x64 is for 64 bit installations. You will find your XAMPP installation type under Architecture in phpinfo.

In my particular case the correct Mod Security Module download is: Mod Security Version 2.9.3 for Apache 2.4.x mod_security2-2.9.3-2.4.x-x86.zip

Extract the Mod Security zip file.
Open the readme_first.txt file. Follow the setup instructions in that file. I have copied those instructions below for my particular XAMPP/Apache/Mod Security setup and installation. Your setup instructions will be different if you have a different XAMPP/Apache/Mod Security version.

Download and install the Visual C++ 2017 x86 Redistributable Package:
This module is built with Visual Studio® 2017 x86, be sure to install the new Visual C++ 2017 x86 Redistributable Package, download from: https://aka.ms/vs/15/release/VC_redist.x86.exe
Note: The Visual C++ 2017 installation states that you must restart your computer before you can use the software. I completed all of the steps below and then rebooted by computer.

# Install:

Copy mod_security2.so to your Apache 2.4.x modules folder
…/apache24/modules/mod_security2.so

Important: rename your exising xampp/apache/bin/pcre.dll file just in case there is a problem.
so you can rollback the Mod Security setup if there is a problem or restore the original pcre.dll file if you are just testing Mod Security.

Copy libcurl.sll, libxml2.dll, pcre.dll and yajl.dll to your Apache 2.4.x bin folder
…/apache24/bin/libcurl.dll
…/apache24/bin/libxml2.dll
…/apache24/bin/pcre.dll
…/apache24/bin/yajl.dll

In my particular case the filename is: modsecurity.conf-recommended. I assume some things have changed since the original setup steps were created.  So I renamed the modsecurity.conf-recommended file to modsecurity.conf in the steps below.

Copy the minimal configuration file to your Apache 2.4.x conf/extra folder
…/apache24/conf/extra/modsecurity-minimal.conf

# Add to your httpd.conf:

LoadModule security2_module modules/mod_security2.so
Include conf/extra/modsecurity-minimal.conf

# Configuration

See the included modsecurity-minimal.conf file for a minimal
configuration example.

For much better security, a complete ruleset should be used.
The OWASP rules are open source and free of charge. For more
information see;

https://www.modsecurity.org/rules.html

See the modsecurity reference manual for full configuration details.
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual

Apache failed to load successfully for me:

12:39:46 PM [Apache] Status change detected: running
12:39:52 PM [Apache] Status change detected: stopped
12:39:52 PM [Apache] Error: Apache shutdown unexpectedly.
12:39:52 PM [Apache] This may be due to a blocked port, missing dependencies,
12:39:52 PM [Apache] improper privileges, a crash, or a shutdown by another method.
12:39:52 PM [Apache] Press the Logs button to view error logs and check
12:39:52 PM [Apache] the Windows Event Viewer for more clues
12:39:52 PM [Apache] If you need more help, copy and post this
12:39:52 PM [Apache] entire log window on the forums

I checked the Apache error log and Mod Security is not loading succesfully.  The Windows Event Viewer does not have any errors or clues about the problem.

I commented out the #Include conf/extra/modsecurity.conf line of code in the Apache httpd.conf file and Mod Security loaded successfully.  So there is a problem with some code in the modsecurity.conf file.

[Sat Aug 10 12:49:51.857031 2019] [:notice] [pid 6244:tid 744] ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/) configured.
[Sat Aug 10 12:49:51.857031 2019] [:notice] [pid 6244:tid 744] ModSecurity: APR compiled version="1.6.5"; loaded version="1.6.3"
[Sat Aug 10 12:49:51.857031 2019] [:warn] [pid 6244:tid 744] ModSecurity: Loaded APR do not match with compiled!
[Sat Aug 10 12:49:51.857031 2019] [:notice] [pid 6244:tid 744] ModSecurity: PCRE compiled version="8.43 "; loaded version="8.43 2019-02-23"
[Sat Aug 10 12:49:51.857031 2019] [:notice] [pid 6244:tid 744] ModSecurity: LUA compiled version="Lua 5.1"
[Sat Aug 10 12:49:51.857031 2019] [:notice] [pid 6244:tid 744] ModSecurity: YAJL compiled version="2.1.0"
[Sat Aug 10 12:49:51.857031 2019] [:notice] [pid 6244:tid 744] ModSecurity: LIBXML compiled version="2.9.9"
[Sat Aug 10 12:49:51.857031 2019] [:notice] [pid 6244:tid 744] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.

The problem lines of code in the modsecurity.conf file are these below which I commented out for now:
I assume I need to enter a valid path for the Audit Log. This is not an important issue on XAMPP since I am choosing to log all Mod Security errors to the Apache error.log file.

# Use a single file for logging. This is much easier to look at, but
# assumes that you will use the audit log only ocassionally.
#
SecAuditLogType Serial
#SecAuditLog /var/log/modsec_audit.log

Apparently SpiderLabs states there is some sort of problem/bug with SecUnicodeMapFile unicode.mapping. I checked the OWASP ModSecurity Core Rule Set V3.0 setup .conf file and this line of code is not included. So I am going to assume it is not that important and move on to the OWASP ModSecurity Core Rule Set V3.0 setup.

# Specify your Unicode Code Point.
# This mapping is used by the t:urlDecodeUni transformation function
# to properly map encoded data to your language. Properly setting
# these directives helps to reduce false positives and negatives.
#
#SecUnicodeMapFile unicode.mapping 20127

After commenting out the 2 lines of code stated above Apache loads successfully and Mod Security loads successfully. Moving on to the OWASP ModSecurity Core Rule Set V3.0 setup now.

[Sat Aug 10 13:12:34.067013 2019] [:notice] [pid 13212:tid 744] ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/) configured.
[Sat Aug 10 13:12:34.067013 2019] [:notice] [pid 13212:tid 744] ModSecurity: APR compiled version="1.6.5"; loaded version="1.6.3"
[Sat Aug 10 13:12:34.067013 2019] [:warn] [pid 13212:tid 744] ModSecurity: Loaded APR do not match with compiled!
[Sat Aug 10 13:12:34.067013 2019] [:notice] [pid 13212:tid 744] ModSecurity: PCRE compiled version="8.43 "; loaded version="8.43 2019-02-23"
[Sat Aug 10 13:12:34.067013 2019] [:notice] [pid 13212:tid 744] ModSecurity: LUA compiled version="Lua 5.1"
[Sat Aug 10 13:12:34.067013 2019] [:notice] [pid 13212:tid 744] ModSecurity: YAJL compiled version="2.1.0"
[Sat Aug 10 13:12:34.068011 2019] [:notice] [pid 13212:tid 744] ModSecurity: LIBXML compiled version="2.9.9"
[Sat Aug 10 13:12:34.070006 2019] [:notice] [pid 13212:tid 744] ModSecurity: StatusEngine call: "2.9.3,Apache/2.4.29 (Win32) Ope,1.6.5/1.6.3,8.43/8.43 2019-02-23,Lua 5.1,2.9.9,826783a941dd0186200011a4b33120efa65a0da3"

OWASP ModSecurity Core Rule Set V3.0 setup
Download the OWASP ModSecurity Core Rule Set from here: https://coreruleset.org/installation/
Unzip the folders on your computer.
Open the INSTALL file for setup instructions. I have copied the setup steps below from the INSTALL file.
I will be doing some variations of the setup instructions for XAMPP.
Manually created this folder: /xampp/apache/modsecurity/.
Copied the entire unzipped OWASP CRS folder: owasp-modsecurity-crs-3.1.0 to the /xampp/apache/modsecurity/ folder and renamed it to: owasp-modsecurity-crs
Renamed the crs-setup.conf.example file to crs-setup.conf.
Customized the crs-setup.conf file for my particular XAMPP environment.
Did Step #6 below word for word.
Did Step #7 below. The only difference is my modsecurity folder name is: /modsecurity/ without .d in the folder name.
Note: DO NOT commented out the #Include conf/extra/modsecurity.conf line of code in the httpd.conf file. You need to continue to include that .conf file.
Apache and Mod Security loaded successfully, but I see this error message: [Sat Aug 10 15:26:47.485166 2019] [:error] [pid 5716:tid 2140] ModSecurity: ModSecurity requires mod_unique_id to be installed.  Edited my httpd.conf file and uncommented this line of code: #LoadModule unique_id_module modules/mod_unique_id.so
Restarted Apache and then ran the basic test in the INSTALL file (see test below).
Checked the Apache error logs and see that Mod Security is working correctly.

[Sat Aug 10 15:31:19.343236 2019] [:error] [pid 12300:tid 2152] [client 127.0.0.1:51950] [client 127.0.0.1] 
ModSecurity: Warning. detected XSS using libinjection. 
[file "C:/xampp/apache/modsecurity/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] 
[line "60"] [id "941100"] [msg "XSS Attack Detected via libinjection"] 
[data "Matched Data: XSS data found within ARGS:param: \\x22><script>alert(1);</script>"] 
[severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] 
[tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] 
[tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] 
[hostname "demo9.local"] [uri "/"] [unique_id "XU9Ft1PnJhZVLMluwEDDDgAAAJU"]

Installing on Apache
——————–
1. Install ModSecurity for Apache
2. Ensure that ModSecurity is loading correctly by checking error.log
at start up for lines indicating ModSecurity is installed. An example
might appear as follows:
ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/) configured.
3. The most common method of deploying ModSecurity we have seen is
to create a new folder underneath the Apache directory (typically
/usr/local/apache/, /etc/httpd/, or /etc/apache2). Often this folder
is called ‘modsecurity.d’. Create this folder and cd into it.
4. Clone the repository into the modsecurity.d folder using:
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs .
This will create a new owasp-modsecurity-crs folder.
5. Move the crs-setup.conf.example file to crs-setup.conf.
Please take the time to go through this file and customize the settings
for your local environment. Failure to do so may result in false
negatives and false positives. See the section entitled OWASP CRS
Configuration for more detail.
6. Rename rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example and
rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example to remove the
‘.example’ extension. This will allow you to add exclusions without updates
overwriting them in the future.
7. Add the following line to your httpd.conf/apache2.conf (the following
assumes you’ve cloned CRS into modsecurity.d/owasp-modsecurity-crs). You
can alternatively place these in any config file included by Apache:

<IfModule security2_module>
Include modsecurity.d/owasp-modsecurity-crs/crs-setup.conf
Include modsecurity.d/owasp-modsecurity-crs/rules/*.conf
</IfModule>

8. Restart web server and ensure it starts without errors
9. Make sure your web sites are still running fine.
10. Proceed to the section “Testing the Installation” below.

Testing the Installation
========================
To test your installation you should be able to use any number
of attacks. A typical request which should trigger CRS would be
http://localhost/?param="><script>alert(1);</script>
Upon sending this request you should see events reported in the
error log (nginx apache) or the event viewer (IIS).
If have not changed the defaults with regards to anomaly scoring,
blocking and sampling percentage, then this request should have
been blocked and access forbidden. Likewise if you have configured
ModSecurity debug logging and/or audit logging this event should
log to these locations as well.

Test Results: Mod Security CRS 3.1.0 and 3.1.1 out of the box with default settings break BPS or BPS Pro.
Default Setting: Paranoia Level 1

# — [[ Paranoia Level Initialization ]] —————————————
#
# The Paranoia Level (PL) setting allows you to choose the desired level
# of rule checks that will add to your anomaly scores.
#
# With each paranoia level increase, the CRS enables additional rules
# giving you a higher level of security. However, higher paranoia levels
# also increase the possibility of blocking some legitimate traffic due to
# false alarms (also named false positives or FPs). If you use higher
# paranoia levels, it is likely that you will need to add some exclusion
# rules for certain requests and applications receiving complex input.
#
# – A paranoia level of 1 is default. In this level, most core rules
# are enabled. PL1 is advised for beginners, installations
# covering many different sites and applications, and for setups
# with standard security requirements.
# At PL1 you should face FPs rarely. If you encounter FPs, please
# open an issue on the CRS GitHub site and don’t forget to attach your
# complete Audit Log record for the request with the issue.
# – Paranoia level 2 includes many extra rules, for instance enabling
# many regexp-based SQL and XSS injection protections, and adding
# extra keywords checked for code injections. PL2 is advised
# for moderate to experienced users desiring more complete coverage
# and for installations with elevated security requirements.
# PL2 comes with some FPs which you need to handle.
# – Paranoia level 3 enables more rules and keyword lists, and tweaks
# limits on special characters used. PL3 is aimed at users experienced
# at the handling of FPs and at installations with a high security
# requirement.
# – Paranoia level 4 further restricts special characters.
# The highest level is advised for experienced users protecting
# installations with very high security requirements. Running PL4 will
# likely produce a very high number of FPs which have to be
# treated before the site can go productive.
#
# Rules in paranoia level 2 or higher will log their PL to the audit log;
# example: [tag “paranoia-level/2”]. This allows you to deduct from the
# audit log how the WAF behavior is affected by paranoia level.
#
# It is important to also look into the variable
# tx.enforce_bodyproc_urlencoded (Enforce Body Processor URLENCODED)
# defined below. Enabling it closes a possible bypass of CRS.
#
# Uncomment this rule to change the default:
#
#SecAction \
# “id:900000,\
# phase:1,\
# nolog,\
# pass,\
# t:none,\
# setvar:tx.paranoia_level=1”

Solution:  Still deciding on the best (most widely compatible) hashing or encryption method to hash or encrypt submitted Form data to the WP database via BPS POST Forms. Logically the hashed or encrypted Form POST data should not trigger any Mod Security SecRules.

Additional Notes:
Mod Security is set to log Mod Security errors by default in the modsecurity.conf file with this setting: SecRuleEngine DetectionOnly.  In order to check for actual Mod Security breakages you will need to change this setting to: SecRuleEngine On.

# The possible values are:
# On: process rules
# Off: do not process rules
# DetectionOnly: process rules but never executes any disruptive actions (block, deny, drop, allow, proxy and redirect)
#
SecRuleEngine On

Recommendation: Edit the modsecurity.conf file and change the PCRE Tuning settings from 1000 to 500000 so that you do not see additional unnecessary Mod security log entries about PCRE limits exceeded.

# PCRE Tuning
# We want to avoid a potential RegEx DoS condition
# Default is 1000. Changed to 500000
SecPcreMatchLimit 500000
SecPcreMatchLimitRecursion 500000

Hello,  first of all thank you to try to give us a solution to “reply sharing” issues, but unfortunately it didn’t work for me. I’m using oceanwp theme, last bbpress & wordpress version, I’ve followed your steps adding the snippets to functions.php and to styles.css, but it didn’t work.

• The first problem is that the sharing buttons are not displaying at all. But when you pass with your mousse over them in the place they supposed to be, you can see that the buttons are there and you can click on them.

I’ve tried changing this address: (‘images/spritesheet.png’), because my theme didn’t have that folder images. I’ve created a folder called images. I’ve also uploaded the spritesheet.png to my own media files in order to provide an accurate URL. But it didn’t work. The css code was added in the correct place (styles.css of my child-theme) because without him, we cannot even make click over the buttons.

• The second problem and maybe the most important is that, after clicking the “invisible” buttons they will share to the social networks only the main page or topic, but not the users replies or posts itself for sharing on social networks. I noticed that the code need to pick up the number followed with the # in order to share the reply/post precisely.

Another detail, can we replace G+ with Whatsapp? Because G+ is not available anymore.

This functionality it’s very important for my website and I’ll really appreciate if you can give me the solutions. I don’t know nothing of code, but I’m always trying to learn and understand. I wish to make it work like this beautiful example on your site!

Thank you in advance for your answers!

You can add the absolute path to the sprite image file or you can try putting a forward slash / in front of images or ../ in front of images.

Examples:

li#twitter {left:50px;width:22px;background:url('/images/spritesheet.png') -50px 0;}

or

li#twitter {left:50px;width:22px;background:url('../images/spritesheet.png') -50px 0;}

or

li#twitter {left:50px;width:22px;background:url('https://www.example.com/wp-content/themes/example-theme/images/spritesheet.png') -50px 0;}

Unfortunately, you cannot add a link to a specific BuddyPress/bbPress reply:

@ John – We have tried adding the bbPress Reply ID before and it is stripped out of the Twitter share posting window/box.  Example code:  <li id="twitter"><a href="http://twitter.com/share?url=<?php echo the_permalink(). '#post-' .bbp_get_reply_id(); ?>" target="_blank" rel="nofollow" title="Twitter"></a></li>.

The URL in the Browser Address bar shows the complete URL including the Anchor Tag #. Example: #post-0000. There is no workaround solution for Twitter because Anchor Tags and Hash Tags that Twitter uses conflict with each other. An Anchor Tag on Twitter is converted to a Twitter Hash Tag.

You can add or remove or change any of the Social Media buttons that you want to change. If you want a button to a different Social Media site then check the help pages on the Social Media site for how to add a Share link. You then need to edit the Sprite image file and change the Sprite image for your new Social Media icon image.

Hi,

Wonder what are the js and css files related to The JTC CAPTCHA Form (on comments)? I am using WP Fastest Cache Pro.

Regards,

JTC has an option to enable to disable JTC on Comments.  Option setting name:  Enable|Disable JTC For These Forms > Uncheck the Comment Form checkbox to disable JTC on Comment.  Check the Comment Form checkbox to enable JTC on Comments.  If you are minifying js scripts with WP Fastest Cache Pro then JTC will most likely be broken on your Comments Form.  You cannot use the BPS Pro Plugin Firewall feature if you are minifying js scripts.

Recommendation:  Do not minify js scripts for any reason since js minification does not actually improve website performance.

If this is not the question you were asking or there is a problem occurring then I would need more specific details and Security Log entries to look at.  Also if a problem is occurring you can use the BPS Pro troubleshooting steps to isolate the problem > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

ReallySimpleSSL ask for 301 redirection to add to htaccess

# BEGIN rlrssslReallySimpleSSL rsssl_version[3.2.3]

RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# END rlrssslReallySimpleSSL

Should I add that to Custom Code (or to let redirection in ReallySimpleSSL unchecked)?

P.S. – I need plugin as I’m using LetsEncrypt and appears problems with mixed content.

Use the steps in this forum topic> https://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233 to add the Really Simple SSL htaccess code.  Instead of using the BPS HTTPS/SSL htaccess code in that forum topic you would be using the Really Simple SSL htaccess code instead. Both the BPS HTTPS/SSL htaccess code and the Really Simple SSL htaccess code do that exact same thing.

Hi,

I think you sent me a link one time when I asked what I should do to move a site with regards to BPS Pro. I can’t seem to find it.

Can you please send me that link again?

Thanks.

Here is the website migration and moving help forum topic > https://forum.ait-pro.com/forums/topic/migrating-moving-or-cloning-websites/#post-20407

Perfect, thanks.

Thanks.