Weaver II Theme – unable to update a page, 403 error

[Bob]

Hi, I am trying to update a page which is having modifications to the basic page done via the theme Weaver-ii-pro. Every time I try to update it I get a security alert as follows:

[403 GET / HEAD Request: October 20, 2014 10:44 am]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xx.xx.xx.xx 
Host Name: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (removed for security purposes! the host and IP are mine)
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http://darlingtonmethodistdistrict.org.uk/wp-admin/post.php?post=23&action=edit&message=1
REQUEST_URI: /wp-content/themes/weaver-ii-pro/editor-style-css.php?mce=1&twidth=1025&fontsize=11&fontfamily=Arial%2CHelvetica%2Csans-serif&titlefont=%22Bitstream+Charter%22%2CTimes%2Cserif&bg=%23FFFFFF&textcolor=%23000000&hdgcolor=%237A3D11&inbg=%23FFFFCD&a=%231657A1&ahover=%23E37120&table=default&list=disc&imgcapt=%23333333&imgbcolor=%23FFF8DC
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0

How can I set up some form of skip/bypass rule that will allow my theme to modify the settings?
Thanks
_______________________________

Update to my recent post – I am now being blocked as a Hacker! I am wondering whether I need to whitelist my IP address or something? Please advise…

This is the latest security log:

[403 GET / HEAD Request: October 20, 2014 10:58 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: MY IP ADDRESS
Host Name: MY HOST NAME
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http://darlingtonmethodistdistrict.org.uk/who-we-are/mission/mrdf/?tve=true
REQUEST_URI: /wp-content/themes/weaver-ii-pro/editor-style-css.php?mce=1&twidth=1025&fontsize=11&fontfamily=Arial%2CHelvetica%2Csans-serif&titlefont=%22Bitstream+Charter%22%2CTimes%2Cserif&bg=%23FFFFFF&textcolor=%23000000&hdgcolor=%237A3D11&inbg=%23FFFFCD&a=%231657A1&ahover=%23E37120&table=default&list=disc&imgcapt=%23333333&imgbcolor=%23FFF8DC
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0/

Thanks
Bob

[AITpro Admin]

Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES: , click the Save wp-admin custom code button and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.

# post.php skip/bypass rule
RewriteCond %{REQUEST_URI} (post\.php) [NC]
RewriteRule . - [S=2]

This may take care of both of the issues or you may need an additional whitelist rule for the second Security Log entry. After adding the wp-admin skip/bypass rule for post.php test updating a post and let me know if everything is working correctly and check your Security Log for any NEW Security log entries.

[Bob]

I added the code as you suggested and then I tried changing the size of an image on one page – checked a few minutes later and seemed to get this:

[403 GET / HEAD Request: October 20, 2014 6:14 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: xx.xx.xx.xx
Host Name: myhost details
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http://darlingtonmethodistdistrict.org.uk/who-we-are/mission/mrdf/?tve=true
REQUEST_URI: /wp-content/themes/weaver-ii-pro/editor-style-css.php?mce=1&twidth=1025&fontsize=11&fontfamily=Arial%2CHelvetica%2Csans-serif&titlefont=%22Bitstream+Charter%22%2CTimes%2Cserif&bg=%23FFFFFF&textcolor=%23000000&hdgcolor=%237A3D11&inbg=%23FFFFCD&a=%231657A1&ahover=%23E37120&table=default&list=disc&imgcapt=%23333333&imgbcolor=%23FFF8DC
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0

But the strange thing (to me at least) is that when I tried adding some text on a different page it did not trigger the security log. So I tried going back and changing the image size on the previous page again – but this time no triggering of the log??
So, I am wondering if the security log item above is related to changing the pages or to something else I did – but I am not sure what it might be.
What I am really trying to do though is to add a widget area on one of the pages – rather than just tweek text and images.
I’ll continue to try to do that and see what happens.

If in the meantime the above code suggests anything else, then I would be happy to hear it…
Thanks for your swift response,
Bob

[AITpro Admin]

Ok one of the Security Log entries is no longer happening for the post.php file so it is successfully being whitelisted.  Now you probably need to whitelist this file:  editor-style-css.php

Try this first (if this does not work then I will post another more complex whitelist rule):

1. Copy this code below to this BPS Root Custom Code text box:  CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

# Weaver II Theme editor-style-css.php file skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/themes/weaver-ii-pro/editor-style-css.php [NC]
RewriteRule . - [S=13]

[Author]

Posts