Thanks for confirming the new Custom Code Encryption feature successfully evades/bypasses ModSecurity CRS on BlueHost hosting. We tested the new Custom Code Encryption|Decryption feature on several different web host testing accounts, but do not have a BlueHost test hosting account to test with.
If you would like to safely/smoothly upgrade/switch to PHP 7.2.7 do the steps below:
1. Turn Off BPS Pro AutoRestore|Quarantine.
2. Unlock your root htaccess file on the BPS Pro > B-Core > htaccess File Editor page > click the Unlock htaccess File button. Note: If your web host adds php/php.ini htaccess code in your root htaccess file when you switch php server versions then unlocking your root htaccess file allows your web host to add php handler htaccess code to the very top of your root htaccess file.
3. Login to your web host control panel and switch your php version to the php version you would like to use.
4. Go back to the BPS Pro > B-Core > htaccess File Editor page > click the Your Current Root htaccess File tab > copy the new php handler htaccess code added at the very top of your root htaccess file. Note: If your web host does not use php handler htaccess code then you will not see any new php handler htaccess code at the top of your root htaccess file – skip steps 5, 6, 7 and 8 and do steps 9 and 10.
5. Go to the Custom Code tab page > click the Root htaccess File Custom Code accordion tab/button.
6. Paste your new php handler htaccess code in this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE. Important Note: delete/cut/overwrite any older php handler htaccess code that you see in this Custom Code text box.
7. Click the Save Root Custom Code button. Note: If your web host has ModSecurity CRS installed and you are unable to save your Custom Code then click the Encrypt Custom Code button first and then click the Save Root Custom Code button.
8. Go to the Security Modes tab page > click the Root Folder BulletProof Mode Activate button.
9. Go to the htaccess File Editor tab page > click the Lock htaccess File button.
10. Turn AutoRestore|Quarantine back On.