That is correct conclusion and I think that I know what it is. My other topic of multiple WP instances on Bitnami LAMP stack you solved by .user.ini, but it looks how that create this logs (as there is no logs when single instances are installed on LAMP). BTW, there is nothing written in Log box.
↧
Reply To: Unable to reset PHP Error Log alert
↧
Reply To: Unable to reset PHP Error Log alert
Did you click the new View Log button?
↧
↧
Reply To: Block other websites from displaying your website pages or Feeds in iFrames, Clickjacking Protection
I am trying to install a click tracking app and I was told by the app owner that I had to remove the x-frame sameorigin option in my htaccess.
This click tracking has a link shortener and call-to-action (CTA) feature where a pop-up appears on the destination url. These are setup in their dashboard. I also used a custom domain, which I set as click.example.com.
I also had to setup a CNAME and set it with a url, let’s say it’s click.trackapp.io. Not sure if this is relevant, as I don’t know what it does, but, I just thought I would include it in case it is.
So, it did work when I commented out the header x-frame option.
But, I was just wondering if there is a way to keep this security measure and just allow whatever exception is needed to make it work. I read how to allow an exception for one url using allow-from in the x-frame command. But, I haven’t seen any examples for allowing two. I’m thinking I want to try allowing for click.example.com and click.trackapp.io (that is in the CNAME).
I tried only allowing click.example.com and the CTA pop-up worked, but, the destination url didn’t. I would get a Couldn’t connect message.
Have you come across this kind of issue? Do you know how to allow more than one url in that x-frame command or how to make this work without totally disabling the x-frame option?
I did send a note to the app owner yesterday, but, I haven’t heard back yet.
↧
Reply To: Block other websites from displaying your website pages or Feeds in iFrames, Clickjacking Protection
X-Frame-Options are limited to your website. They only apply to your website and cannot be used for another website. So the allow-from option can only be used for your website URI and cannot be used for another website’s URI.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
There are three possible directives for
X-Frame-Options:X-Frame-Options: deny X-Frame-Options: sameorigin X-Frame-Options: allow-from https://example.com/Directives
If you specify
deny, not only will attempts to load the page in a frame fail when loaded from other sites, attempts to do so will fail when loaded from the same site. On the other hand, if you specifysameorigin, you can still use the page in a frame as long as the site including it in a frame is the same as the one serving the page.
-
deny -
The page cannot be displayed in a frame, regardless of the site attempting to do so.
-
sameorigin -
The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin (see bug 725490). Also see Browser compatibility for support details.
-
allow-fromuri -
The page can only be displayed in a frame on the specified origin. Note that in Firefox this still suffers from the same problem as
sameorigindid — it doesn’t check the frame ancestors to see if they are in the same origin.
↧
Reply To: Exclude JTC CAPTCHA comment Form caching
Hi,
My question was on what js and css files related to anti-spam should I exclude in caching plugin.
The thing is, when I click or hover to show code the code is shown but jumps to bellow footer.
Many thanks,
Rami
↧
↧
Reply To: Exclude JTC CAPTCHA comment Form caching
Can you exclude URI’s in WP Fastest Cache? Your Login page should NEVER be cached for any reason anyway. So you should be able to exclude your Login page from being cached in WP Fastest Cache. If WPFC does not have that capability then you would need to contact them and have them create that standard exclusion feature that exists in all other caching plugins.
↧
Reply To: Exclude JTC CAPTCHA comment Form caching
Oops forgot to include this help info > JTC loads it’s JavaScript/jQuery code inline on the Login page. The problems that I have seen happen before is that the Login page was being cached and/or js scripts minified and/or combined, which breaks the WordPress jQuery dependencies that BPS Pro JTC uses for it’s JavaScript/jQuery code. That is pretty common with all plugins that do minification/compression of js scripts. ie if you decide to minify/compress js scripts then expect problems.
The problem is going to be the same issue on your Comments Form – js script minification and/or combine breaks the WordPress jQuery dependencies that BPS Pro JTC uses for it’s JavaScript/jQuery code.
For your comments form you have only have 2 options to choose from:
Don’t use JTC for your comment form. Uncheck the Comments Form setting in JTC
Don’t minify/combine js scripts. Uncheck js minification/combine options in WPFC.
↧
Reply To: Protect Login Page from Brute Force Login Attacks
I happened to be reading this thread and noticed this part:
https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/#post-7269
Is that code still good? I’m just asking because it was back in 2013.
↧
Reply To: Protect Login Page from Brute Force Login Attacks
@ webstar – Yep, that Server Protocol code still works, but be warned that it can cause problems for Proxy/Load Balancer servers and Proxy/VPN Browsers that use the old outdated HTTP/1.0 Protocol.
↧
↧
Reply To: Your Root htaccess File is not Locked
The issue is because a protected directory’s subdirectories inherit their parent directory’s password protection. The lock iconindicates that Directory Privacy configurations already exist for that directory.
↧
Problem after Dev Server went live
Hello!
After we moved the Dev server to Live, I had some issues with BPS Pro, alot of the message notification in the WP Dashboard were linking to the corresponding BPS sub-page: but that page was blank. I thought to delete BPS, and the plugins folder htaccess, and then reinstall a fresh BPS Pro zip. I ran setup, and that worked last night.
This morning the BPS sub-pages are blank again!? But I’m also getting quite a bit of quarantine emails!
↧
Reply To: website migration files quarantined after Dev Server went live
Thank You!
But I don’t know what to do because my BPS is blank underneath the status message after a fresh install and successful setup.
Do I need to clear the DB tables?
↧
Reply To: website migration files quarantined after Dev Server went live
Is this the right file patch for the quarantine?
- wp-content/
-
- plugins
- _bulletproof-security
- admin
- quarantine
↧
↧
Reply To: website migration files quarantined after Dev Server went live
The naming thing just sounds like a “refresh” problem. If you were using your web host control panel file manager then sometimes you need to reload/refresh the page. If you were using an FTP application then you sometimes need to do a refresh.
You probably just need to request a new BPS Pro Activation Key on the BPS Pro Activation page > Setup Menu > Activation. BPS Pro Activation Keys are your website domain URL encrypted. So if anything changes about your website domain URL then you need to request a new BPS Pro Activation Key. That also includes changing the URL Scheme from http to https.
BPS Pro is designed in a way that you would never need to delete/uninstall BPS Pro for troubleshooting or any other reason. BPS Pro has built-in troubleshooting capability which allows you to turn Off all BPS Pro features > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
The BPS Pro Setup Wizard has a feature called AutoFix, which will automatically fix and setup some things. The Setup Wizard should be run after doing a website migration. The Setup Wizard can also be run over and over again as needed to automatically fix things > https://forum.ait-pro.com/forums/topic/setup-wizard-autofix/
↧
Reply To: website migration files quarantined after Dev Server went live
The Quarantine folder location is here: /wp-content/bps-backup/quarantine/
↧
Reply To: website migration files quarantined after Dev Server went live
Ok thanks, I’m a bit tired after staying up late dealing with hosting issues etc for the live migration.
I followed the restoration of quarantine files instructions and have my BPS Dashboard back
But I’m still getting a continual stream of quarantined file alert emails.
↧
Reply To: website migration files quarantined after Dev Server went live
Did you do all the steps correctly? AutoRestore needs to be turned Off before you copy files from the /quarantine/ folder to your website folders. You then need to run the Setup Wizard after you are done copying all files from the /quarantine/ folder to your website folders. Did you make sure that you changed your website URLs in your database to the new site URLs? Did you make sure that you changed your wp-config.php file database connection information?
↧
↧
Reply To: website migration files quarantined after Dev Server went live
Yes I turned auto-restore off through the recommended method of of renaming folder, restoring quarantine files, then rerunning BPS Setup.
As far as the hosting, I had to recycle our primary site domain, so I had no choice but to backup everything, delete everything.
Then I cloned over the new site without doing the proper BPS procedures.
After all the errors occurred I went in and deactivated/deleted the plugin (BUT LEFT THE DB IN PLACE).
Then I did a fresh install of BPS and activated successfully.
The quarantine is triggering over and over on the same 4 target.
/root/auto.ht_access
/root//wpconfig.php
/wp-content/theme/child-theme/pdf-maker.php
/wp-content/bps_security.old (in folder above plugins) ((this was from a time during DEV when someone had deactivated BPS twice and it started misfiring)).
I’m just going through now and trying to restore these files through BPS dashboard now, but it is these same 3 areas over and over.
↧
Reply To: website migration files quarantined after Dev Server went live
I have
Total number of Quarantined Files: 340
Those same 4 files over & over, mainly wpconfig.php & makepdf.php
↧
Reply To: website migration files quarantined after Dev Server went live
Just delete all the files in Quarantine since each row in the Quarantine table is another instance of a file being quarantined.
↧