Home › Forums › BulletProof Security Pro › ProfileGrid – Custom Login Page Error
- This topic has 4 replies, 2 voices, and was last updated 2 weeks ago by
AITpro Admin.
-
AuthorPosts
-
Sparky
ParticipantI’ve just installed BPS Pro and I am getting a new error/behavior. We use ProfileGrid to for our “membership” area and it controls our login. When logging in now a dialog opens that says there has been a critical error on the site. However, if you click on Login a second time it lets you into the site. Very odd.
How do I prevent this error from coming up? Whitelist the plugin?
Thank you!
AITpro Admin
KeymasterThe WordPress Login hook in BPS Pro is conflicting with the Login hook in ProfileGrid. ProfileGrid is a Membership plugin. So it should already come with Login Security features. Go to BPS Pro > Login Security > Turn On|Turn Off option > choose setting: Login Security Off > Click the Save Options button. Membership plugins and themes typically need full control of all Login processing since they do a lot more than just login processing.
ParticipantI’m afraid this did not resolve the issue. There are soooo many features in Pro that I just don’t know where to turn next. Any other ideas?
KeymasterThe JTC CAPTCHA might be causing the problem. Go to BPS Pro > JTC Anti-Spam|Anti-Hacker > Under Enable|Disable JTC For These Forms: > uncheck the Login Form, Register Form and Lost Password Form checkboxes > click the Save Options button.
If that doesn’t fix the problem then send a WordPress Admin login to your site to: info@ait-pro.com
KeymasterLogged into your site and fixed the problem. See the fix below. Since the ProfileGrid Membership plugin is completely handling login processing and not using the standard wp-login.php page at all, you can leave BPS Pro Login Security and JTC off since they would not work on a custom Login page anyway. The ProfileGrid Membership plugin does have a CAPTCHA feature if you want to enable that to prevent spambot logins. You would only need to do that if you are getting a lot of spambot Registrations and logins.
2 BPS htaccess security rules were causing the problem. They have been commented out with a # sign below.
For anyone else that runs into this problem you can do the steps below to fix the problem.
Copy the modified BPS Query String Exploits code below into this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
Click the Save Root Custom Code button.
Go to the BPS Setup Wizard page and run the Pre-Installation and Setup Wizards.# BEGIN BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. # Use BPS Custom Code to add or remove user agents temporarily or permanently from the # User Agent filters directly below or to modify/edit/change any of the other security code rules below. RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] #RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR] #RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE BPS QUERY STRING EXPLOITSYou have a recurring php nuisance error for the BackWPup plugin. The php error is occurring pretty much constantly. Create a forum support post on the BackWPup plugin’s support page and copy/paste php error below.
[19-May-2026 22:39:01 UTC] PHP Warning: session_start(): Failed to read session data: files (path: /var/cpanel/php/sessions/ea-php72) in /home/customer/www/xxxxxx/public_html/wp-content/plugins/backwpup/src/Infrastructure/Restore/commons.php on line 393
-
AuthorPosts
- You must be logged in to reply to this topic.