Thanks guys, this worked great! My apologies for the typo in the ReWrite rule!
↧
Reply To: Popup Maker plugin being flagged with 403
↧
Reply To: Motopress Hotel Booking – 403 error – Whitelist Rule required
Thank you so much! Works perfectly now!
↧
↧
Reply To: PHP Error Log Path Does Not Match – Use the Error Log Seen by Server value
[Topic has been merged into this relevant Topic]
Hi
On every page there is a warning :
PHP Error Log Path Does Not Match
The PHP Error Log Location Set To: folder path does not match the Error Log Path Seen by Server: folder path.
Click Here to go to the PHP Error Log page and click the Htaccess Protected Secure PHP Error Log Read Me button for troubleshooting steps.
On the “php error log” page after using the “test error log” button
File Open and Write test successful! Your PHP Error Log file is writable.
To Complete the PHP Error Log Test. Click the Refresh Status button below.
After refreshing
File Open and Write test successful! Your PHP Error Log file is writable.
and the warning is still there…
I have search the forum without solution.
So what’s up doc ?
Best regards
↧
Reply To: PHP Error Log Path Does Not Match – Use the Error Log Seen by Server value
@ abonne31 – Use the Error Log Seen by Server value that is displayed to you. Your server’s php.ini file is configured to use the server’s default php error log file. Copy the Error Log Seen by Server value that is displayed to you into the PHP Error Log Location Set To text box and click the Set Error Log Location button.
↧
Can't View Theme Details for longer than about 1 sec
I have a peculiar issue that BPS Pro or Mod Security Module is causing. I know because when I deactivate BPS Pro, the issue goes away.
At the same time, it didn’t happen until I moved hosts, which the new host has Mod Security enabled, while the old one didn’t.
When I view a theme (Appearance > Theme Details, it just goes back to the theme listings. I can’t view the theme details for longer than about 1 sec. I want to delete a theme.
Have any idea how I might be able to fix this? I can’t seem to deactivate any part of BPS Pro to be able to view the Theme Details. I have to deactivate the whole plugin.
↧
↧
Reply To: Can't View Theme Details for longer than about 1 sec
Yep, we are aware of this JavaScript/AJAX bug in BPS Pro. It will be fixed in BPS Pro 14.2. For now the workaround is to deactivate BPS Pro temporarily, delete your Theme and then activate BPS Pro again.
↧
BlueHost – PHP 7.x version – php handler htaccess code
When you switch your PHP version in your BlueHost web host control panel to a PHP 7.x version, new php handler htaccess code is created at the very top of your Root htaccess file. You will need to copy your BlueHost PHP 7.x version php handler htaccess code into BPS Custom Code before running the Setup Wizard.
1. Turn off AutoRestore
2. Unlock your root htaccess file on the BPS Pro > B-Core > htaccess File Editor page. Note: The reason for this is if your host adds php/php.ini htaccess code in your root htaccess file when you switch php server versions then you will need to copy that new php/php.ini handler htaccess code from your root htaccess file and add it in BPS Root Custom Code.
3. Change/switch your PHP version to 7.3. in your web host control panel.
4. Go to the BPS htaccess File Editor > Your Current Root htaccess File tab > copy the new php handler htaccess code that BlueHost adds at the very top of your root htaccess file and paste it into this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE. IMPORTANT!!! Delete any other old php handler htaccess code that you see in this Custom Code text box.
5. Click the Save Root Custom Code button. Note: If you are unable to save your custom code then click the Encrypt Custom Code button first and then click the Save Root Custom Code button.
6. You can now run the BPS Pro Pre-Installation Wizard and the Setup Wizard.
↧
Go Daddy – PHP 7.x version – php handler htaccess code
If you have the newer Go Daddy cPanel hosting then you no longer need php/php.ini handler htaccess code when you upgrade/switch to PHP 7.2 and PHP 7.3 versions. You will need to delete your older Go Daddy php handler htaccess code that you have saved in BPS Root Custom Code for the older version of PHP that you were previously using. If you have the older Go Daddy Web Classic hosting then stop here and do not do the steps below. Post a forum reply for additional help if you have the older Go Daddy Web Classic hosting.
1. Go to BPS Root Custom Code and remove/delete any php/php.ini handler htaccess code that you see in this Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE. It will look similar to this php handler htaccess code: AddHandler x-httpd-php5-3 .php
2. Click the Save Root Custom Code button.
3. Change/switch your PHP version to 7.2 or 7.3 in your web host control panel.
4. Go to the Setup Wizard page and click the Pre-Installation Wizard button and then the Setup Wizard button
↧
Phpinfo Viewer blocked by BPS Pro
Hello,
I was trying to access the Phpinfo Viewer on one of my SiteGround-hosted websites. Right now, I’m getting a 403 Forbidden Error Page. Below I’ve pasted the Security Log entry for this. Can you let me know what I can do so I can view the Phpinfo Viewer page without getting blocked by BPS Pro? I’ve got 5 other sites on this same server and I can access each site’s Phpinfo Viewer without a problem.
[403 GET Request: September 5, 2019 - 10:47 am] BPS Pro: 14 WP: 5.2.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 216.250.39.154 Host Name: d216-250-39-154.allwest.net SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://example.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fphp%2Fphp-options.php REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/php/bps-phpinfo.php QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
By the way, I’m trying to troubleshoot the PHP mail() function or the WordPress wp_mail() function, since I’m not receiving emails from S-Monitor after we switched our hosting on SiteGround from a Cloud server to a Dedicated server.
Thank you!
Jutta
↧
↧
Reply To: Phpinfo Viewer blocked by BPS Pro
The BPS Security Log logs all 403 errors whether or not BPS is blocking something. So if something else is blocking the PHP Info Viewer then BPS will log that 403 error. If you turn Off Security Logging and try to use the PHP Info Viewer tool then instead of the BPS Security Log logging the error you should see a server error message, which may tell you more information about what is blocking the PHP Info Viewer or you may just see a default server 403 error message page.
There is a new version of BPS Pro available: 14.1. The Security Log entry shows that you have BPS Pro 14 installed.
The Server Protocol is HTTP/1.0, which usually indicates that you are using a Proxy or Load Balancer, but the HTTP_X_FORWARDED_FOR Security Log field does not show a Proxy/Load Balancer IP address. Are you using a Proxy or VPN Browser on your computer?
You can test both PHP mail() and WordPress wp_mail() by using the S-Monitor > Simple Email Tests tool. You should run the Setup Wizard if you have not done that already when you switched your hosting server. If you are able to successfully send emails using the Simple Email Tests tool then the next thing to check would be WordPress standard crons. ie if you have disabled WordPress standard crons then you will not receive emails from S-Monitor/BPS, unless you have setup a Direct Cron correctly. Correctly being the key word here. ie Direct Cron jobs should be set to run once per minute. Any other time interval is a mistake for Direct Cron jobs.
There is another possible cause for the 403 error, but I need to know where Server Protocol HTTP/1.0 is coming from. ie your server/Proxy or your computer/Browser.
↧
Reply To: Phpinfo Viewer blocked by BPS Pro
Hi there,
Thank you for the help. I’ve turned off Security Logging and can now successfully access the PHP Info Viewer. Can you explain why that would be? Does that mean BPS Pro is blocking something it shouldn’t?
As for the mail issues I’m seeing, I’d like to share some more information. Like I said, I’ve got 6 WordPress sites on this new SiteGround Dedicated server. I did run the wizards right after migration to make sure everything was working properly. One of the sites is actually successfully sending mail (I’ve been getting all kinds of subscription-related emails as normal—it’s a subscription website) and the S-Monitor > Simple Email Tests tool works as well (I receive 2 emails when I run the test).
For the other 5 sites, I have email forwarders set up with each domain (so that I can send and receive email from name@example.com, etc., for each site). Those email forwarders work fine, so it doesn’t seem there’s something wrong with the setup on my server in terms of the actual email forwarders—it simply seems that when email try to get send from the WordPress site, they do not work.
Regarding you question: Are you using a Proxy or VPN Browser on your computer?
I don’t believe so; I’m just using Google Chrome. No Proxy or VPN extension either.
Regarding Crons:
We do not have any custom setup for crons. Everything is using the standard WordPress crons.
Thank you for any other information or troubleshooting steps you can provide!
Jutta
↧
Reply To: Phpinfo Viewer blocked by BPS Pro
Turning Security Logging On or Off would not affect the PHP Info viewer. Turn Security Logging back On and check the PHP Info viewer tool. What probably happened is that your IP address was not whitelisted yet on your first access attempt for the PHP Info viewer tool.
My guess would be that the emails are being flagged as spam by something such as Spam Assassin installed on your web host. Or maybe there is a problem with how you are doing email forwarding. Can’t really offer any other suggestions. This is probably something you will need to contact your web host about.
↧
Reply To: SSL Certificate subdomain issue
Great. I figured now that you don’t understand my issue.
1) EXAMPLE ONE
Try to type in browser (you cannot stop visitors to do it, right?) https://forum.ait-pro.com as well as https://www.forum.ait-pro.com and see what you get (in both situations – P.S. – use Incognito).
2) EXAMPLE TWO
Try to type in browser (you cannot stop visitors to do it, right?) https://support.apple.com as well as https://www.support.apple.com and see what you get (in both situations – P.S. – use Incognito).
Your Forum drop out blank page (as you didn’t add support for www in DNS), what is same like my case (where I have SSL error, as I added DNS support), but substantially are same cases vs redirection.
Apple instead works as should to be. In both typing in browser, it redirect on https://support.apple.com (as you wrote, www is not ‘normal’ or usual to type, but Apple knows how MANY PEOPLE DO IT), as it should to be (what I want).
Hopefully, now you get me.
↧
↧
Reply To: SSL Certificate subdomain issue
Why would we add support for a www subdomain when that is not a standard or conventional thing to do. If someone accidentally types in www for this forum site then they have made a mistake since we would never use the www subdomain for a subdomain site. If other people are doing that then I would suggest that they are not doing something that is an Internet standard. You are aware the www is a subdomain and if you also have another subdomain then technically you have a subdomain – subdomain site and not a subdomain site.
Instead of creating some silly problematic solution like creating an additional subdomain for a subdomain website the smarter thing to do would be to redirect or rewrite the www subdomain. Not sure if that is even possible to do, but it is a much more logical approach to someone mistakenly typing in the wrong URL for a website.
↧
Reply To: SSL Certificate subdomain issue
I just tested doing a redirect for the www subdomain URL for this site and of course it did not work because that is not the correct website. www would be the subdomain and forum would be the primary domain, which of course is incorrect. Probably the only option you would have would be to setup Forwarding in your host control panel for www to forward to the correct subdomain site. that may not work either if a CNAME record is not setup for the www subdomain. Not really sure since I have never tried to do anything like that before.
↧
Reply To: SSL Certificate subdomain issue
EXCELLENT
Thanks for great idea to set it in DNS (need some time to pass). Yes, now it works equal as on my example with Apple Support. Everything is redirected fine and now did visitor type with or without www, it always open without version.
I posted it here as I thought how code is not applied for redirection in BPS custom code section, but no, DNS solve issue.
P.S. – I generally agree with you, but as I wrote, Apple KNOW how there is LOT OF PEOPLE who still don’t type it without www, so this is something what should be done in domain DNS to get it to work well (nobody want to get visitors on non existing page warning, right?).
Thanks again.
↧
Unable to reset PHP Error Log alert
There is no way to remove message -> “To remove/clear this Alert click on the Reset Last Modified Time in DB button.” (by click). What about it is?
P.S. – There is no logs also.
↧
↧
Reply To: Unable to reset PHP Error Log alert
Which alert is this? The Security Log alert or the PHP Error log alert? The Security Log and the PHP Error Log now have a View Log button due to ModSecurity CRS problems > https://forum.ait-pro.com/forums/topic/xampp-mod-security-setup-owasp-modsecurity-core-rule-set-setup/#post-37778. We may do this same new procedure for all of the Log pages or maybe just some of them. ModSecurity CRS randomly breaks all sorts of things that are not malicious or suspicious in any way so it might be better just to make all BPS Pro Logs have a View Log button just in case ModSecurity CRS loses its mind over nothing, which it does regularly and constantly.
↧
Reply To: Unable to reset PHP Error Log alert
A PHP Error has been logged in your PHP Error Log
Click Here To go to the P-Security PHP Error Log page.
To remove/clear this Alert click on the Reset Last Modified Time in DB button.
↧
Reply To: Unable to reset PHP Error Log alert
Yep, thought it might be the PHP Error Log alert. Most likely what is happening is that you have some php errors happening constantly and after you click the reset button a new php error has been logged, which makes it appear that the reset is not working, but actually what is happening is the reset worked, but now you have a new php error to reset.
Check the PHP Error Log Last Modified timestamps to confirm that is what is happening.
PHP Error Log Last Modified Time:
Last Modified Time in DB: September 06 2019 15:31:59
Last Modified Time in File: September 06 2019 15:31:59
↧