Hi guys,
I’ve just upgraded to pro and have an issue with the popup maker plugin triggering a 403 pretty much every time someone opens a page on my site:
[403 GET Request: 28th August 2019 - 3:37 pm] BPS Pro: 14 WP: 5.2.2 Event Code: UAEGWR-HPRA Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: GDPR Compliance On Host Name: 45.63.19.241.vultr.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: https://unplugrentals.com/vehicles/avan-aspire-555-db-ap-2019/ REQUEST_URI: /wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1566958975&ver=1.8.11 QUERY_STRING: defer&generated=1566958975&ver=1.8.11 HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
I’ve tried to whitelist the file and the folder in the UAEG section (litespeed server) see below, but still being flagged.
RewriteRule ^/uploads/pum/pum-site-scripts.js$ - [L] RewriteRule ^/uploads/pum/.$ - [L]
Contacted the plugin maker asked if it may be better to put the script into the actual plugin-folder – his reply:
So there are a couple issues:
1. Putting it in our plugin folder means it needs to be regenerated every time you update our plugin, if that fails it will end up throwing 404s until it is regenerated.
2. Some popup blockers block loading of assets from any site if the path contains /wp-content/popup-maker/assets/js/, so this is a way around that.
3. Page builders do the same thing we do, something I’ve been curious about how they get around as I’ve never seen people complain about their page builders assets 403.
We are looking for a proper long term solution, but loading them from our plugin folder isn’t the right one for the situation.
Here is the link to the plugin-page: https://wppopupmaker.com/
Can you guys advise what I should do here?
Many thanks!
Sascha