Oh hold on I just looked at the Security Log entries a little closer. I think what is happening is this user is doing some sort of “remote posting”. Do these steps below to whitelist the /wp-admin/post.php file.
To add a skip/bypass rule for the post.php file to your wp-admin htaccess file:
1. Add the wp-admin skip/bypass rule to this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN FIXES
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and activate wp-admin BulletProof Mode again.
Note: The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
# post.php / admin-ajax.php skip/bypass rule
RewriteCond %{REQUEST_URI} (post\.php|admin-ajax\.php) [NC]
RewriteRule . - [S=2]
Also since this user is doing “remote posting” then the BPS XML-RPC Bonus Custom Code should NOT be used on this website.
- This reply was modified 1 hour, 25 minutes ago by AITpro Admin.
- This reply was modified 1 hour, 23 minutes ago by AITpro Admin.