If I trie to do www.example.com/?s=asd%27"><img+src%3D2+onerror%3Dalert%281%29+>
instead of getting your 403.php the site presents the centos default page.
Shouldn’t this be something that get’s caught by the plugin and redirect to your 403.php page?
Thanks
BPS Security logging redirection to the BPS 403.php logging template file is handled by this htaccess directive code in your Root htaccess file: ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php.
What type of hosting is this? Shared, VPS, Dedicated? Do you have access to the server’s httpd.conf and vhosts conf files?