Site Activity
-
AITpro Admin replied to the topic Repeated Php warnings and errors in the forum BulletProof Security Pro 9 hours, 47 minutes ago
If you check your website using Google Chrome Developer tools you will see a lot of javascript errors. For now do these things: purge all cache > LiteSpeed and CloudFlare > deactivate the BPS Pro Plugin Firewall. Then add the CloudFlare hostname and IP address whitelist rules and save them (do not activate the Plugin Firewall yet) > then check y…[Read more]
-
Nitin Shah replied to the topic Repeated Php warnings and errors in the forum BulletProof Security Pro 10 hours, 49 minutes ago
Thank you for the response. A couple of additional details:
- We are not using Cloudflare CDN, but the domain is hosted on Cloudflare. All caching options on Cloudflare CDN are disabled.
- Exact CDN is being used for static files in combination with Quic.Cloud (LiteSpeed) CDN for the dynamic cache. We are using CDN Mapping options within the…
-
AITpro Admin replied to the topic Repeated Php warnings and errors in the forum BulletProof Security Pro 12 hours, 11 minutes ago
Ignore Repeated Errors only prevents duplicate php errors from being logged. It does not prevent/ignore php errors when they occur repeatedly. Example: If you look at the timestamp for each individual php error that is logged they will have different timestamps.
In general what I see when I check your site are these problems:
– You are using…[Read more] -
Nitin Shah started the topic Repeated Php warnings and errors in the forum BulletProof Security Pro 12 hours, 54 minutes ago
I am having repeated errors shown in my PHP error log. I have tried changing the setting in the display option to ignore repeated errors, but that hasn’t helped. Here is a link to an image where you can see the settings for display option: https://prnt.sc/d0WM7_Zv53Lx
[BPS Pro htaccess Protected Secure PHP Error Log][27-Jan-2023 05:05:33 UTC]…[Read more]
-
x replied to the topic htaccess Files Disabled – Setup Wizard Enable|Disable htaccess Files in the forum BulletProof Security Pro 4 days, 18 hours ago
i was also looking for the same
-
jose sally replied to the topic WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port in the forum BulletProof Security Pro 1 week ago
Thanks, i’ll try it on my site
-
AITpro Admin replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week ago
https://en.wikipedia.org/wiki/Cross-site_request_forgery
Limitations
Several things have to happen for cross-site request forgery to succeed:-
The attacker must target either a site that doesn’t check the referrer header or a victim with a browser or plugin that allows referer spoofing.[22]
-
The attacker must find a form submission at th…
-
-
Phil replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago
Thanks very much for that update. I’ll forward your note to the team that did the security scan and we’ll see what response that provokes. I’ll be back in touch to close the thread.
Thanks again,
Phil.
-
AITpro Admin replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago
Either I am missing something here or misunderstanding the use of this phrase “Anti CSRF Tokens”. From my understanding you ONLY need Anti CSRF Tokens for Forms and nothing else. BPS does offer CSRF attack protection, but does not add or interfere with any existing forms that belong to other plugins, such as Contact Forms or other Forms. If a…[Read more]
-
Phil replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago
Thanks for your quick response. BPS was recommended by WPEngine to address the absence of anti-CSRF tokens. My understanding was that anti-CSRF protection is a default capability of BPS so no additional configuration was carried out. Just installed and hit “go”!
CORS setup was also criticised in the security review. We addressed this by a&l…[Read more]
-
AITpro Admin replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago
I would need more information to be able to help. What are you using for your Anti CSRF Token protection? Are you using CORS? You cannot use CORS with Anti CSRF Tokens. WordPress uses Nonces for CSRF protection. If you want to protect forms (contact, etc.) you can use Google reCaptcha for your forms. It will protect your forms against CSRF…[Read more]
-
AITpro Admin replied to the topic Undefined array key /bulletproof-security.php in bulletproof-security.php on line 218 in the forum BulletProof Security Pro 1 week, 2 days ago
You can ignore this php error. This error only occurs when installing plugins on the WordPress Add New Plugins page. It is caused by the BPS free and BPS Pro plugins having the same plugin folder name => /bulletproof-security/.
-
Phil started the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago
Hi, we have BPS Pro installed to address a security scan that found we had no anti-CSRF token.
Now that BPS Pro is running, the scan has been re-run and identified the anti-CSRF token on the homepage only.
Please could you point me to info to ensure the token is included on ALL pages & posts?
Many thanks,
Phil.
-
Terry started the topic Undefined array key /bulletproof-security.php in bulletproof-security.php on line 218 in the forum BulletProof Security Pro 1 week, 2 days ago
Without wishing to launch a major investigation. Would you please point me in the correct direction to try and prevent this error. I receive it several times a day usually after any changes are made on the website, always line 218.
PHP Warning: Undefined array key “bulletproof-security/bulletproof-security.php” in…[Read more] -
AITpro Admin replied to the topic window.webpackWcBlocksJsonp=window.webpackWcBlocksJsonp in the forum BulletProof Security Pro 1 week, 5 days ago
Going by the code naming convention it looks like the code belongs to the WooCommerce Blocks plugin. It is not malicious code. So you can safely restore the file.
-
Louis started the topic window.webpackWcBlocksJsonp=window.webpackWcBlocksJsonp in the forum BulletProof Security Pro 1 week, 5 days ago
I had this file quarantined by BPS and was wondering exactly what it was and if I should restore?
(window.webpackWcBlocksJsonp=window.webpackWcBlocksJsonp||[]).push([[21],{155:function(t,e,r){“use strict”;r.d(e,”a”,(function(){return a}));var c=r(5),n=r(61),o=r(35),s=r(131);const a=t=>{if(!Object(n.b)())return{className:””,style:{}};const e=Object -
AITpro Admin replied to the topic I'm Stuck After CSV Import! in the forum BulletProof Security Pro 2 weeks, 3 days ago
Did you deactivate BPS Pro too? Deactivating BPS Pro turns off the built-in troubleshooting capabilities like turning off the Plugin Firewall. If you deactivated BPS Pro then activate BPS Pro and deactivate the BPS Pro Plugin Firewall. Deactivating BPS Pro will turn off AutoRestore|Quarantine, but don’t forget to run the BPS Pro Setup Wi…[Read more]
-
Go1Fit replied to the topic I'm Stuck After CSV Import! in the forum BulletProof Security Pro 2 weeks, 3 days ago
Sorry, to be more specific, I also disabled all plugins on the site, except one for WPBackUp / Restore and still am getting 403 forbidden on JS files within a plugins respective /lib folders.
-
AITpro Admin replied to the topic I'm Stuck After CSV Import! in the forum BulletProof Security Pro 2 weeks, 4 days ago
If plugin js scripts are being blocked then they might be blocked by the BPS Pro Plugin Firewall. Deactivate the Plugin Firewall and when restoring a website from a backup AutoRestore needs to be turned Off. After you are done with the website restore, run the Pre-Installation Wizard and Setup Wizard.
-
Go1Fit replied to the topic I'm Stuck After CSV Import! in the forum BulletProof Security Pro 2 weeks, 4 days ago
The ModSecurity trigger was SQL Injection but I was running an intensive CSV import into a WP Plugin WP_Posts table
- Load More