BulletProof Security Forum

Unfortunately, that is not possible to do with Regular Expressions (RegEx) code because of how this PHP function works: file_exists()

Question to AI: Can you use regular expressions for the path for the php file_exists function?

AI response: No, the PHP file_exists function does not support regular expressions for its path parameter. It accepts…[Read more]

Your host support people must have renamed the BPS Pro plugin folder. So yeah you can manually delete the BPS Pro plugin folder here using FTP or your web host control panel file manager > /wp-content/plugins/bulletproof-security. Then reinstall the BPS Pro zip file using the WordPress Plugin upload zip installer and run the BPS Pro Setup Wizards.

How critical is this DISABLE_WP_CRON constant is in use error? Is this specific to GDMW?

Disabling standard WP crons is fine as long as you are enabling some other type of crons like Direct Crons or Alternative crons. BPS and most WP plugins rely on crons to perform automation. If Plat Cron is something your GDMW hosting has created or using…[Read more]

BPS is compatible with Direct Crons, Alternative Crons and in this case I would call this an alternative custom cron. The default WP Core file for WP Crons is: wp-cron.php, which is located in the root folder of your WP installation. So calling this issue a compatibility issue is not using the best technical term or wording. I’m not exactly sure…[Read more]

I know how to do a Quarantine Restore. That wasn’t my question though…

To try to be more specific:

1. IS BPS Pro is compatible with plat-cron?
   It appears that GDMW disabled wp cron in favor of using plat cron instead (I suspect wp cron may not be re-activatable).
2. IF BPS Pro is compatible with plat cron, is there anything specific I need to do…

[Read more]

Go to Quarantine > restore the plat-cron.php file in Quarantine > copy the entire path to the plat-cron.php file into the “Exclude Folders|Files from being checked by AutoRestore” text box. Choose “Exclude an Individual File. Click the Exclude Folder|File button.

Note: you can get the full path to the plat-cron.php file from the Quarantine Log.…[Read more]

Hi

Just noticed this post – and thought I’d respond just in case it’s relevant…

I had a similar issue on my reseller account – I host 20+ websites with no issue – a new client wanted me to take over their websites and 2 were migrated over from GoDaddy to my server. It appears that during this migration, Godaddy php settings were also carried…[Read more]

This problem was handled via direct email. The files sent to me were checked by me and they had not been tampered with. AutoRestore|Quarantine accidentally quarantined legitimate WP Core files during the recent WP 6.9.4 Automatic Update. This problem can happen if there is significant latency when the WP update occurs. The solution is to restore…[Read more]

Ok, Thank you. I will go back and apply the code from the post you recommended previously to stop blocking head request.

Have a Great day

Terry

Blocking HEAD Requests is a nuisance “filter” to block Bots, not a security measure. These days it is completely unnecessary to block HEAD Request. Years ago Pre-PHP 7.4 it made a difference with website performance. If you are running at least PHP 7.4 then blocking HEAD Requests is no longer necessary. I assume Rank Math Link Genius is using the…[Read more]

Or is there something I am doing that is causing these head request since all I am doing is adding links to other pages on the site in the content.

I don’t want to open the site up completely for head attacks if adding the suggest code would jeopardize the site. The plugin that is monitoring the links is Rank Math Link Genius. Following is the most recent logged entries in BPS security log. Is there a way to allow that plugin only to do the head request. Or what do you recommend. Thank…[Read more]

Broken links typically show this Error Code: 404 Not Found, but depending on the tool you are using to check for broken links the tool itself will be blocked with a 405 error if it is making a HEAD Request. Do the steps in the link below to allow all HEAD Requests.

405 Method Not Allowed – means the web server understands the request and the URL…[Read more]

These are all legitimate WP Core files. So either a WP Automatic update occurred and these files were accidentally quarantined or these files have been tampered with. Most likely this is an accidental quarantine.

Use FTP or your web host control panel File Manager tool
Download /wp-includes/class-wp-http-ixr-client.php to your…[Read more]

Looking at this X help information, you may not be able to hotlink images from your website.

X (formerly Twitter) generally does not encourage or support direct hotlinking of images hosted on its servers (pbs.twimg.com) to external websites, such as embedding them in blog posts or as site elements. While the images may load temporarily, they often…

[Read more]