BPS Free Read Me First – General Troubleshooting

[AITpro AdminKeymaster]

This Forum is for Posting BulletProof Security Free Questions & Comments.  If your Question or Comment is regarding BulletProof Security Pro then please post in the BulletProof Security Pro Forum.

BulletProof Security Free General Troubleshooting Steps

BPS setup steps:

1. Click the AutoMagic buttons
2. Activate All BulletProof Modes.
3. Setup complete.

Note:  In order for BPS Pro to work correctly you MUST be using a Custom Permalink Structure:  http://codex.wordpress.org/Using_Permalinks#Choosing_your_permalink_structure

BPS removal steps:

1. Activate Default Mode on the Security Modes page.
2. Use the Delete wp-admin .htaccess feature on the Security Modes page.
3. Deactivate and delete BPS on the WP Plugins page.

Unable to login into your website:

1. Use FTP or your Web Host Control Panel File Manager and delete the .htaccess file in your website root folder and the .htaccess file in your wp-admin folder.
2. Log into your website, click the BPS AutoMagic Buttons and Activate all BulletProof Modes.

BPS and BPS Pro are compatible with 1,000′s of Web Hosts, but are not compatible with these 3 Web Hosting Companies (Landis Holdings, NTT Communications & Yahoo Hosting – Due to Custom Server Configurations or Restrictions) 

Symptoms of the problem:  The B-Core page will not fully load and is “chopped off”.  See screenshot.

Hostingzoom (Landis Holdings)
Resellerzoom (Landis Holdings)
Modvps (Landis Holdings)
WowVPS.com (Landis Holdings)
JaguarPC (Landis Holdings)
Verio (NTT Communications)
NTT America (NTT Communications)
NTT Europe (NTT Communications)
Yahoo Hosting

Screenshot of the problem with these Hosts

 

BulletProof Security Troubleshooting 

BulletProof Security Plugin Conflict or Some Functionality On Your Website Is Not Working Correctly

As of BPS .47.8 Security Logging / HTTP Error Logging has been added. If you are experiencing a possible plugin conflict or some other issue or problem on your website check the BPS Security Log tab page for any errors related to the issue/problem.  Create a new Topic and post the error message that is related to the issue/problem.

If you think that BulletProof Security is causing a plugin conflict or any other issue on your website that is causing something not to work, then please use these steps below to take BulletProof Security out of the equation completely for testing.  There is no need to deactivate BulletProof Security because it has a built-in Default Mode that allows you to put WordPress in a default state without deactivating BulletProof Security. If you find that BulletProof Security does have a conflict with another plugin then please check the BulletProof Security Plugin Compatibility Issues – Testing and Fixes Page to see if a fix (bypass/skip rule) is already listed. If your plugin is not listed and you have confirmed that BulletProof Security is definitely causing a conflict then please post a comment in this Forum.

1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
2. Activate Default Mode on the Security Modes page.
3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
4. If the issue/problem is related to Login Security turn Off Login Security on the Login Security & Monitoring page.
5. Test your plugin or theme.
6. Restore your .htaccess files using BulletProof Security built-in Restore.

To completely uninstall BulletProof Security you would do steps 2 and 3 above and then just delete the BulletProof Security plugin on the WP Plugins page.

NOTE: Both the Root BulletProof Mode and the wp-admin BulletProof Mode MUST be activated – Activate Root BulletProof Mode and then activate wp-admin BulletProof Mode.  If you only activate Root BulletProof Mode and you do not activate the wp-admin BulletProof Mode then some wp-admin Dashboard functions may not work correctly on some web hosts, such as configuring Widgets.

BulletProof Security AutoMagic Not Working, Unable to Edit .htaccess Files, 404 Errors, 403 Errors, 500 Errors, WordPress is broken

If you are unable to create .htaccess files with AutoMagic or edit .htaccess files with the BPS built-in editor or you are seeing 404 errors or 403 Errors when trying to edit .htaccess files or use AutoMagic then your site is using the broken cPanel HotLink Protection Tool. It has been broken since at least 2002 and not only breaks BulletProof Security, but it also breaks many other WordPress features such as the WordPress Plugin Editor and too many other things in WordPress to list here.

Log into your cPanel and click on the HotLink Protection Tool.  If you see this code below then this confirms that the problem that is occurring on your website is the broken cPanel HotLink Protection Tool problem.

URLs to allow access:

(%0A|%0D|%27|%3C|%3E|%00)
\.opendirviewer\.
users\.skynet\.be.*

Screenshot of the cPanel HotLink Protection Tool

Solution: There is only one way to block the broken cPanel HotLink Protection tool, since enabling and disabling it is also broken – you cannot turn it off. You will need to lock your Root .htaccess file (if your Server is configured with CGI then locked means Read Only 404 file permissions) and log into cPanel and delete all code that you see in the HotLink Protection windows. If you unlock your Root .htaccess file at a later time and WordPress and BulletProof Security and ARQ and Quarantine are not working correctly again then you will need to repeat these steps to fix the problem again as this broken tool will probably do the same thing again as soon as your Root .htaccess file is unlocked.

BulletProof Security Alert will not go away – “BPS Alert! Your site does not appear to be protected by BulletProof Security”

This issue/problem can be caused by the Broken cPanel HotLink Protection Tool problem or if another plugin is using the WordPress function – flush_rewrite_rules() incorrectly or also if your Server API type is DSO (see DSO help information below). You can check/find your Server API type on the BPS System Info Tab page.

Try refreshing your Browser first to see if the BPS alerts go away. These alerts could be left over from the previous check / last function check.

Important Note: The Lock Root .htaccess file button not only locks the root .htaccess file for protection, but this also protects BPS / your website from plugins that are using the WordPress function – flush_rewrite_rules() incorrectly. This particular WordPress function is very misunderstood and is used incorrectly in a lot of plugins and of course causes a lot of problems for other plugins that create or write .htaccess code such as BPS, BPS Pro, W3 Total Cache, WP Super Cache, etc etc etc. The WordPress flush_rewrite_rules() function should ONLY be used in plugin deactivation and plugin activation functions, but since this WordPress function is very misunderstood it is used outside of the intended purpose for that function, which of course breaks other plugins that write or create .htaccess files or code.

Eliminating the possibility of a plugin conflict (flush_rewrite_rules() function used incorrectly):

1. Deactivate all of your plugins except for BPS.
2. Click the AutoMagic buttons and activate BulletProof Modes again.
3. Refresh your Browser.

If the problem is still occurring at this point then it is not being caused by another plugin using the WordPress flush_rewrite_rules() function incorrectly.

If the problem is not occurring then be sure to lock your root .htaccess file before activating your plugins again or the same problem will occur again and your root .htaccess file code will be wiped out again by the WordPress flush_rewrite_rules() function in whatever plugin that is not using this function correctly.

NOTE:  If your Root .htaccess file is unlocked and you go to the WordPress Permalinks page your Root .htaccess file code will be deleted.  You will need to activate Root folder BulletProof Mode again.

500 Internal Server Error After Activating BulletProof Mode for your Root Folder

Some Web Hosts do not allow you to use the “Options” Directive in .htaccess files. If you see a 500 Internal Server Error then comment out the “Options” Directive by adding a pound sign (#) in front of Options -Indexes in your Root .htaccess file as shown below.

# DO NOT SHOW DIRECTORY LISTING
# If you are getting 500 Errors when activating BPS then comment out Options -Indexes
# by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
#Options -Indexes

Some Web Hosts do not allow you to use the “DirectoryIndex” Directive in .htaccess files. If you see a 500 Internal Server Error then comment out the “DirectoryIndex” Directive by adding a pound sign (#) in front of DirectoryIndex in your Root .htaccess file as shown below.  Known Hosts with this issue:  NordNet

# DIRECTORY INDEX FORCE INDEX.PHP
# Use index.php as default directory index file
# index.html will be ignored will not load.
#DirectoryIndex index.php index.html /index.php

BulletProof Security AutoMagic Not Working/built in .htaccess File Editor Not Working, Unable to Backup or Restore Files and the Broken cPanel HotLink Protection Tool is Not The Cause

If your Server API type is DSO then you will need to do some manual file and folder permission changes.  You can check your Server API on the System Info tab in BPS and BPS Pro.  If you see that your Server API is DSO then you will need to perform these installation steps for DSO.  We are currently working on adding additional coding in BPS and BPS Pro for DSO configured Servers and will eventually release a BulletProof Security version that has full automation for DSO configured Servers.

BulletProof Security WP Error: “no input file specified”- Permalink Problems/404 Errors – using the .html permalink hack is causing 404 Errors

If you see a “no input file specified” error then there is something wrong with your WordPress custom permalink structure.  Another cause of 404 Errors is using the .html Permalink hack.  Using .html in your WordPress Permalink Structure is considered a hack and is not a standard WordPress Custom Permalink Structure.  Example Permalink .html Hack:  /%postname%.html.  Many years ago this supposedly increased page ranking and SEO.  If that was ever really true it is definitely not true now.  Using this permalink hack will only cause your website problems and BulletProof Security will not work with this permalink hack.  You will need to change your custom permalink to a standard WordPress custom permalink structure in order to be able to use BulletProof Security.

403 Forbidden Error after updating/upgrading BPS

Some web hosts (approximately 6 Hosts out of 1000′s of Hosts) have a strict policy that .htaccess files can ONLY have 644 permissions and do not allow you to change your .htaccess file permissions to 404.  During the BPS automatic update/upgrade process your Server API is detected and if it is a typical SAPI that should allow your .htaccess file to be locked with 404 permissions then BPS will automatically lock the file.  To see if this is the problem that is occuring FTP to your website and change the .htaccess file permissions in your website root folder to 644.  If the 403 error goes away then please let us know which Host you have by posting a comment here so that we can add them to the below of Hosts that do not allow 404 file permissions for .htaccess files.

List of Web Hosts that require 644 .htaccess file permissions – 404 permissions are not allowed on these Hosts and will cause a 403 Error 

If you Web Host does not allow locking of your Root .htaccess file/404 file permissions for your Root .htacces file, then go to the BPS Edit/Upload/Download tab page and click on the Turn Off AutoLock button.  This will prevent your Root .htaccess file from being automatically locked when you upgrade BPS, which will prevent a 403 Error from occurring on your website.

webmasters.com
LiquidWeb.com
iPower
iPage

WordPress Network / MU Specific Help Support

General Help Information About BPS and WordPress Network / MU Websites

Do not Network Activate BPS.
BPS Should only be activated on the Primary Site.
BPS AutoMagic buttons should ONLY be used on the Primary Site
Network/MU sub-sites are virtual sites – BulletProof Modes should NOT be activated on sub-sites
ONLY Super Admins can see the BPS menu in sub-sites for both BPS Free and BPS Pro
If a Site Admin tries to view BPS Settings or BPS pages a Super Admins Permissions Error message is displayed

Network / MU Images Not Displaying in Media Library or on Website

Network / MU Images Not Displaying

 

• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 6 months, 1 week ago by  AITpro Admin.
• This topic was modified 6 months, 1 week ago by  AITpro Admin.
• This topic was modified 6 months ago by  AITpro Admin.
• This topic was modified 6 months ago by  AITpro Admin.
• This topic was modified 5 months, 3 weeks ago by  AITpro Admin.
• This topic was modified 5 months, 3 weeks ago by  AITpro Admin.
• This topic was modified 5 months, 3 weeks ago by  AITpro Admin.
• This topic was modified 5 months, 2 weeks ago by  AITpro Admin.
• This topic was modified 5 months, 1 week ago by  AITpro Admin.
• This topic was modified 5 months, 1 week ago by  AITpro Admin.
• This topic was modified 4 months, 1 week ago by  AITpro Admin.
• This topic was modified 3 months, 4 weeks ago by  AITpro Admin.
• This topic was modified 3 months, 3 weeks ago by  AITpro Admin.
• This topic was modified 3 months, 1 week ago by  AITpro Admin.
• This topic was modified 3 months, 1 week ago by  AITpro Admin.
• This topic was modified 3 months ago by  AITpro Admin.
• This topic was modified 3 months ago by  AITpro Admin.
• This topic was modified 3 months ago by  AITpro Admin.
• This topic was modified 2 months, 4 weeks ago by  AITpro Admin.
• This topic was modified 2 months, 4 weeks ago by  AITpro Admin.
• This topic was modified 2 months, 3 weeks ago by  AITpro Admin.
• This topic was modified 2 months, 3 weeks ago by  AITpro Admin.
• This topic was modified 2 months ago by  AITpro Admin.
• This topic was modified 1 month, 3 weeks ago by  AITpro Admin.
• This topic was modified 1 week ago by  AITpro Admin.
• This topic was modified 1 week ago by  AITpro Admin.

[Author]

Posts