BackUpWordPress 404 Not Found – wp-cron.php is returning a 403 Forbidden

[hhart]

Installed BackUpWordPress Version 2.1.3
Using Bulletproof Version .47.7
Got this message from BackUpWordpress:
BackUpWordPress has detected a problem. wp-cron.php is returning a 404 Not Found response which could mean cron jobs aren’t getting fired properly. BackUpWordPress relies on wp-cron to run scheduled back ups
So, deactivated bulletproof mode and the above message went away. What to do now?

Thanks!

[AITpro Admin]

UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

1. Copy this .htaccess code below to this BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED:
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

BPS Pro 11.6+ & BPS free .53.2+
You may see this code or the 11.5+/.53.1+ code in your root htaccess file.  The code does the same exact thing and is whitelisted in the same exact way.

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

BPS Pro 11.5+ & BPS free .53.1+

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ - [R=405,L]

BPS Pro 11.4|BPS free .53 and lower versions

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and 
# remove/delete HEAD| from the Request Method filter.
# Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
# The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]

[hhart]

Yes, I see. That is the same fix for the 403 and 302 error listed on your page at
http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/  
The message is gone so I am going to assume this worked. Will know more tomorrow when I check to see if the scheduled backup did indeed, backup.
Thanks!
 

[AITpro Admin]

Yep we use this great backup plugin ourselves so the fix definitely works.  😉  I was not aware that a 404 Not Found error also occurs so i will add that information to the fix as well.  Thanks.

[char]

I have the same problem as hhart. I am using the same exact plugin for programmed backups. I receive the same message:  wp-cron.php is returning a 404 Not Found response which could mean cron jobs aren’t getting fired properly. BackUpWordPress relies on wp-cron to run scheduled back ups.  I have contacted my webhost. They say that my wp-cron.php might be corrupted and that I should replace it on the server with a new uploaded one. They also proposed a web page to read but honestly, I have difficulty making heads or tails with all this information. You (the Key Master of this forum) suggests to remove the ‘HEAD’ from some section but I am not even sure what to do exactly. 
Thanks
P.S.: This is the page the webhost suggests:  http://wolfiezero.com/519/wp-cron-giving-you-the-404s/

[AITpro Admin]

Do you have the BPS plugin installed? See the forum reply above.

[char]

Thanks for replying. Yes I have BPS installed.
If I understand correctly, just to make it clear, all I have to do is to delete the term ‘HEAD’ in this section?:

{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]

Also, I have another problem. I have made a few changes since a couple of months and suddenly my WP readme.html file is nolonger htaccess protected. Do you have any idea why it could be like that?Thank you.

[AITpro Admin]

yes, that is correct.

How do you know your WP readme.html file is not protected?  Is BPS telling you it is not protected?  Are you seeing error messages?  What changes did you make?  Does the very top line of the root .htaccess have this – #   BULLETPROOF .47.7 >>>>>>> SECURE .HTACCESS – or is there something above this line or have you modified this line?

[char]

I know it because BPS says it is not, in the ‘Additional Website Security Measures’ section, in read. I am not seeing any error messages besides this one. I have made a few changes in the ‘PHP Server / PHP.ini Info’ section. A few configurations were in red, such as ‘Expose PHP’, ‘Allow Persistent connections’, ‘Magic Quotes’, ‘Display Errors’ and ‘Allow URL fopen’, if I remember correctly. I asked my webhost to correct them. And the problem appeared just after that, coincidence or not. And for the very top line of the root.htaccess, there is another line, that seems to have been added, beginning with

SuPHP_ConfigPath /home/ (then my username) /public_html/

Could it be a line added by the technician to make the modifications that is causing this? Should I delete it? Should I cancel the changes that I asked for, even if they appear in red?
Many thanks.

[AITpro Admin]

Yep the php/php.ini handler added to the top line of the .htaccess file is the problem.  Cut and paste it under this section of your root .htaccess file and everything will be fine.

# ADD A PHP HANDLER
# If you are using a PHP Handler add your web hosts PHP Handler below
SuPHP_ConfigPath /home/ (then my username) /public_html/

[char]

It worked. Everything looks fine, the alarm went off. Returning to my first issue, I have a question. Is deleting the ‘HEAD’ command in the ‘Request Methods Filtered’ not risking of endangering the safety of the installation? Could it make more unstable or more vulnerable?
Many thanks. 

[AITpro Admin]

The HEAD Request filter is just a nuisance filter to block spambots and junkbots and is not a security filter.  It does not have anything to do with security so removing it does not make your site any less safe.

[char]

Something else has come up. Somehow, after I made the modification and that the alarm went off, I had to put the BulletProof Mode back on. The problem is, the modifications that I asked my webhost to do are gone now. The php.ini file still exists, the commands are at ‘off’ as they are supposed to be but now they are ‘on’ in BPS. I re-pasted the sequence  SuPHP_ConfigPath /home/ (then my username) /public_html/ in the   # ADD A PHP HANDLER section but it is not working. The route seems to be cut. By the way, am I too zealous by wanting these changes? If they are not that critical, maybe I could just forget about them.
Thanks for your patience.

[AITpro Admin]

If you add your php/php.ini handler to the BPS CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE text box and save your changes and then go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button. 2 things will happen.  Your php/php.ini handler is saved permanently.  Every time you click the Activate Root folder BulletProof Mode you php/php.ini handler will be added to your root .htaccess file.

Custom Code Help Resources:
The Blue Read Me help button on the Custom Code page.
http://www.ait-pro.com/aitpro-blog/3898/bulletproof-security-pro/custom-code-help-and-faq-how-to-use-custom-code-adding-custom-code-to-automagic/

[char]

I will probably be allright at this point (I hope). Thank you. You have been very helpful. Obviously, you know your stuff. Keep going.

[Author]

Posts