BulletProof Security Forum

What’s tricky about handling WordPress Major updates with AutoRestore|Quarantine (ARQ) is that most people do not run into this type of problem.  The number of people that run into a problem is very low – less than half a percent.  I believe the root of the problem is a latency issue.  ie the new WordPress Major update takes longer than the ne…[Read more]

This type of problem only occurs for WordPress Major updates.  I have looked at possible solutions, but those solutions come with undesirable side effects/problems.  Probably the best and safest way to do a WordPress Major update to avoid any problems would be to use the AutoRestore|Quarantine Standard Procedural Steps when manually modifying f…[Read more]

It took a long time to fix this because I had to go into each site and manually reinstall, then clear the quarantine and reset the log. Very tiresome and repetitive.

It looks like there have been similar issues in the past. What can be done to prevent this issue from recurring? There’s no reason BPS should be quarantining newly unpacked core…[Read more]

What must have happened is that new WP Core folders were added/created and for whatever reason AutoRestore|Quarantine did not backup those WP Core folders.  To get out of this file quarantine looping problem do a manual WordPress re-install on the Dashboard > Updates page > click the Re-Install Now button.  Let me know what happens.

Made me laugh on that last sentence.  Tough times to be sure.  😉  I’m thinking maybe you changed the default ARQ settings to include your WordPress /plugins/ folder. The BPS Pro Plugin Firewall protects the WordPress /plugins/ folder.  So you don’t need to additionally included the /plugins/ folder within the BPS Pro ARQ settings.

To fix the iss…[Read more]

Those are not standard PHP error log syntax error messages.  So what is happening is that a plugin or your theme is using your PHP error log to log those log entries, which should of course be logged to a log file instead of using your PHP error log file in my opinion.  😉  You could of course just ignore those messages being logged to your PHP er…[Read more]

Yeah, not really sure man.  Keep doing Google searches using the error message and of course variations of the error message and other search term variations to figure out the solution. Someone has run into this same problem and figured it out already.  Have not run into this particular problem before so yeah can’t really offer any better advice d…[Read more]

@ Benito – You would have to make these same modifications each time you upgraded BPS Pro.  Not huge deal I guess, but probably figuring out why your particular server configuration is not working with the standard BPS Pro code would be a better route to take in the long run.  I’m guessing this is some kind of httpd.conf configuration issue s…[Read more]

hello,

Thanks for your reply.  I tried what you suggested to add to the php.ini file and that did not help. I also took a look at all my plugins and there are no caching plugins installed. I also tried to deactivate all my plugins and still I could not load the svgs. So I am thinking its a server configuration issue. Would you know what I need…[Read more]

Not working on Debian and apache2.4 because Rewritecond not accepting this kind of CIDR notation.

I made 3 changes on 3 files :
admin/wizard/swizard-functions.php
admin/core/core-forms.php
includes/firewall-autopilot.php

Modifications :
$allow_whiteList[] .= ‘RewriteCond %{REMOTE_ADDR} !^’ . $allow_Value . ‘$’ . “n”;
->
$allow_whiteList[] .=…[Read more]

@ coen – You can simply just copy the Query String Exploits code above and then do the rest of the steps. With all this stressful stuff going on everything seems 10 times more difficult than normal right. 😉

The PHP Error most likely has to do with a value (form entry) somewhere that needs to be inputted (added) somewhere.  The PHP Error is…[Read more]

Hi,

I’ve saved the custom code BEGIN BPSQSE BPS QUERY STRING EXPLOITS text in box: 12
Commented out the security rule:

#RewriteCond %{QUERY_STRING} -[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]

Run the setup wizard.
This deleted the Whitelist options!!!
Got them saved again.

Whitelist…[Read more]

The solution is here > https://forum.ait-pro.com/forums/topic/allowing-get-request-from-amazonaws/#post-38477. Let me know if you run into any problems with doing the steps in the forum link above.

Not really sure to be honest, but if you run into any problems then I’ll be glad to work through them with you.  Just not really that familiar with OpenLiteSpeed.

Thanks for reply. So, briefly, you expect no particular behaviors and some potential issues, right?