BulletProof Security Forum

I don’t think you can solve this problem using BPS or BPS Pro.  If this is the only website that is having this issue and it is not constant and instead intermittent then the logical things to look would be plugins and themes that run cron jobs at certain intervals that could be overloading the website and causing it to crash briefly.  First s…[Read more]

Thank you. I’m just trying to eliminate all these false positives so that when I get a downtime notice I know it’s real. With so many sites to manage, and this being the only one that’s behaving this way, it’s a real mental resource sucker (a time-sucker, too). So I was mainly trying to see if whitelisting the Manage WP IPS or url would stop the…[Read more]

Going by what was said above the check is done every 5 minute or more depending on your settings.  If you wanted to check your site once per minute you could create a cron job in your control panel that pings the site once per minute, but then you would have to check your server logs to check for any crons that did not fire correctly or you could…[Read more]

FYI – we did get 6 more sets of downtime/uptime notifications yesterday. It’s driving me crazy that the only way to know if one is for real and the site actually needs attention is to load it after each notice I receive. Is there no way to whitelist a url short of installing the Pro version?

@ Sledge – There is 1 additional option in BPS Pro for the MU Tools plugin and that is an AutoRestore Turn On|Off option.  It is only used in cases where someone migrated a website and forgot to turn Off AutoRestore in their site backup file.  You can accomplish the same thing just by renaming the BPS Pro plugin folder which deactivates the BPS P…[Read more]

Thanks for the quick response. I am contemplating to purchase the Pro license. Would there be any additional impact on the BPS Pro plugin functionality because the mu-plugins directory is not accessible?

@ Sledge – You can just dismiss the Script|File Owner User ID Mismatch Notice.  The only thing the BPS MU Tools must-use plugin does in BPS free is it allows you set WP Automatic Update filters.  So no big deal.

I am getting the Script|File Owner User ID Mismatch Notice message on my hosted site. The only thing with a different owner that I can find is the mu-plugins directory which is locked by the hosting company and I do not have access to it. (I suspect the web server may be running with a different user account so that it can access this…[Read more]

Laughing at myself for not checking the existing custom code before responding. The code you sent is already present in custom code box 9. Sorry for that.

Hm. Checked the security log and nothing at all has been logged since I installed it on July 20. Maybe this is something to do with GoDaddy Managed WP? I don’t really know how it works or what it takes over from the site. I’ll try the custom code you sent and see what happens.

If BPS is blocking anything it will be logged in the BPS Security Log.  If your web host is blocking something then you would have to ask them if they are blocking that.  What type of request is being made from site24x7? If the request is a HEAD request then you would need to allow all HEAD requests by doing the steps below.

1. Copy the code b…[Read more]

Well, it’s a little hard to say because we’re still troubleshooting the issue. Because these downtime notifications seem to all be false positives, the idea right now is that it appears the pings that ManageWP sends to the website to see if it’s up are being blocked:

“Here is how our Uptime Monitor add-on works:
1. It asks for your website’s…[Read more]

You would only need to whitelist IP addresses if something is being blocked.  Is something being blocked?  I would need to know what is being blocked before I could provide a solution.

If you try to go to that URL you will see a 403 or 404 error because that is not a valid URL.  You can do the BPS troubleshooting steps to figure out if BPS is actually blocking something > https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting Note: The User Agent is this forum site, not the Google Crawler or…[Read more]

Hi,
thanks for replying so quick 🙂
The link is valid, I just tested it again.
https://buildingcleaningservice.com.au/testimonials/data:image/svg+xml,%3Csvg%20xmlns=http:/www.w3.org/2000/svg%20viewBox=0%200%20318%2093%3E%3C/svg%3E

The URL is made by the WP Rocket plugin, to delay loading the image (lazy load).
I would image all lazyload…[Read more]

That is not a valid URL that was used to test from the sitechecker.pro website.  Please post a BPS Security Log entry that shows a Security Log entry where something legitimate is being blocked.  I checked your site and did not see any 403 errors in Google Chrome Dev tools.

Thanks for posting the code.  Yep, the code is not malicious/hacker code.  I found another reddit post that also said that some web hosts automatically create this file for whatever reason.  So this file/code was a false positive detection by Wordfence.