BulletProof Security Forum

Los Angeles, California

Follow @BPSPro

Site Activity

  • All Members 20,302
  • RSS
  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic Repeated Php warnings and errors in the forum BulletProof Security Pro 9 hours, 47 minutes ago

    If you check your website using Google Chrome Developer tools you will see a lot of javascript errors.  For now do these things: purge all cache > LiteSpeed and CloudFlare > deactivate the BPS Pro Plugin Firewall.  Then add the CloudFlare hostname and IP address whitelist rules and save them (do not activate the Plugin Firewall yet) > then check y…[Read more]

  • Profile picture of Nitin Shah

    Nitin Shah replied to the topic Repeated Php warnings and errors in the forum BulletProof Security Pro 10 hours, 49 minutes ago

    Thank you for the response. A couple of additional details:

    1. We are not using Cloudflare CDN, but the domain is hosted on Cloudflare. All caching options on Cloudflare CDN are disabled.
    2. Exact CDN is being used for static files in combination with Quic.Cloud (LiteSpeed) CDN for the dynamic cache. We are using CDN Mapping options within the…

    [Read more]

  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic Repeated Php warnings and errors in the forum BulletProof Security Pro 12 hours, 11 minutes ago

    Ignore Repeated Errors only prevents duplicate php errors from being logged. It does not prevent/ignore php errors when they occur repeatedly. Example: If you look at the timestamp for each individual php error that is logged they will have different timestamps.

    In general what I see when I  check your site are these problems:
    – You are using…[Read more]

  • Profile picture of Nitin Shah

    Nitin Shah started the topic Repeated Php warnings and errors in the forum BulletProof Security Pro 12 hours, 54 minutes ago

    I am having repeated errors shown in my PHP error log. I have tried changing the setting in the display option to ignore repeated errors, but that hasn’t helped. Here is a link to an image where you can see the settings for display option: https://prnt.sc/d0WM7_Zv53Lx
    [BPS Pro htaccess Protected Secure PHP Error Log]

    [27-Jan-2023 05:05:33 UTC]…[Read more]

  • Profile picture of x

    x replied to the topic htaccess Files Disabled – Setup Wizard Enable|Disable htaccess Files in the forum BulletProof Security Pro 4 days, 18 hours ago

    i was also looking for the same

  • Profile picture of jose sally

    jose sally replied to the topic WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port in the forum BulletProof Security Pro 1 week ago

    Thanks, i’ll try it on my site

  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week ago

    https://en.wikipedia.org/wiki/Cross-site_request_forgery

    Limitations

    Several things have to happen for cross-site request forgery to succeed:

    1. The attacker must target either a site that doesn’t check the referrer header or a victim with a browser or plugin that allows referer spoofing.[22]

    2. The attacker must find a form submission at th…

    [Read more]

  • Profile picture of Phil

    Phil replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago

    Thanks very much for that update.  I’ll forward your note to the team that did the security scan and we’ll see what response that provokes.  I’ll be back in touch to close the thread.

    Thanks again,

    Phil.

  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago

    Either I am missing something here or misunderstanding the use of this phrase “Anti CSRF Tokens”.  From my understanding you ONLY need Anti CSRF Tokens for Forms and nothing else. BPS does offer CSRF attack protection, but does not add or interfere with any existing forms that belong to other plugins, such as Contact Forms or other Forms.  If a…[Read more]

  • Profile picture of Phil

    Phil replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago

    Thanks for your quick response.  BPS was recommended by WPEngine to address the absence of anti-CSRF tokens.  My understanding was that anti-CSRF protection is a default capability of BPS so no additional configuration was carried out.  Just installed and hit “go”!

    CORS setup was also criticised in the security review.  We addressed this by a&l…[Read more]

  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago

    I would need more information to be able to help.  What are you using for your Anti CSRF Token protection?  Are you using CORS?  You cannot use CORS with Anti CSRF Tokens.  WordPress uses Nonces for CSRF protection.  If you want to protect forms (contact, etc.) you can use Google reCaptcha for your forms. It will protect your forms against CSRF…[Read more]

  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic Undefined array key /bulletproof-security.php in bulletproof-security.php on line 218 in the forum BulletProof Security Pro 1 week, 2 days ago

    You can ignore this php error. This error only occurs when installing plugins on the WordPress Add New Plugins page. It is caused by the BPS free and BPS Pro plugins having the same plugin folder name => /bulletproof-security/.

  • Profile picture of Phil

    Phil started the topic Anti-CSRF token on homepage only in the forum BulletProof Security Pro 1 week, 2 days ago

    Hi, we have BPS Pro installed to address a security scan that found we had no anti-CSRF token.

    Now that BPS Pro is running, the scan has been re-run and identified the anti-CSRF token on the homepage only.

    Please could you point me to info to ensure the token is included on ALL pages & posts?

    Many thanks,

    Phil.

  • Profile picture of Terry

    Terry started the topic Undefined array key /bulletproof-security.php in bulletproof-security.php on line 218 in the forum BulletProof Security Pro 1 week, 2 days ago

    Without wishing to launch a major investigation. Would you please point me in the correct direction to try and prevent this error. I receive it several times a day usually after any changes are made on the website, always line 218.
    PHP Warning: Undefined array key “bulletproof-security/bulletproof-security.php” in…[Read more]

  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic window.webpackWcBlocksJsonp=window.webpackWcBlocksJsonp in the forum BulletProof Security Pro 1 week, 5 days ago

    Going by the code naming convention it looks like the code belongs to the WooCommerce Blocks plugin.  It is not malicious code. So you can safely restore the file.

  • Profile picture of Louis

    Louis started the topic window.webpackWcBlocksJsonp=window.webpackWcBlocksJsonp in the forum BulletProof Security Pro 1 week, 5 days ago

    I had this file quarantined by BPS and was wondering exactly what it was and if I should restore?
    (window.webpackWcBlocksJsonp=window.webpackWcBlocksJsonp||[]).push([[21],{155:function(t,e,r){“use strict”;r.d(e,”a”,(function(){return a}));var c=r(5),n=r(61),o=r(35),s=r(131);const a=t=>{if(!Object(n.b)())return{className:””,style:{}};const e=Object

  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic I'm Stuck After CSV Import! in the forum BulletProof Security Pro 2 weeks, 3 days ago

    Did you deactivate BPS Pro too?  Deactivating BPS Pro turns off the built-in troubleshooting capabilities like turning off the Plugin Firewall.  If you deactivated BPS Pro then activate BPS Pro and deactivate the BPS Pro Plugin Firewall.  Deactivating BPS Pro will turn off AutoRestore|Quarantine, but don’t forget to run the BPS Pro Setup Wi…[Read more]

  • Profile picture of Go1Fit

    Go1Fit replied to the topic I'm Stuck After CSV Import! in the forum BulletProof Security Pro 2 weeks, 3 days ago

    Sorry, to be more specific, I also disabled all plugins on the site, except one for WPBackUp / Restore and still am getting 403 forbidden on JS files within a plugins respective /lib folders.

  • Profile picture of AITpro Admin

    AITpro Admin replied to the topic I'm Stuck After CSV Import! in the forum BulletProof Security Pro 2 weeks, 4 days ago

    If plugin js scripts are being blocked then they might be blocked by the BPS Pro Plugin Firewall. Deactivate the Plugin Firewall and when restoring a website from a backup AutoRestore needs to be turned Off.  After you are done with the website restore, run the Pre-Installation Wizard and Setup Wizard.

  • Profile picture of Go1Fit

    Go1Fit replied to the topic I'm Stuck After CSV Import! in the forum BulletProof Security Pro 2 weeks, 4 days ago

    The ModSecurity trigger was SQL Injection but I was running an intensive CSV import into a WP Plugin WP_Posts table

  • Load More

Login

Create a Login Account

Search Forums





Topic Tags

3rd Party Apps 403 error 404 error 500 error @font-face admin-ajax.php Apache Module apostrophe AutoRestore BackupBuddy BackUpWordPress bbPress better wp security BlueHost Bonus Custom Code BPS Pro Upgrade BuddyPress BulletProof Security Pro Upgrade Cache CAPTCHA CloudFlare Contact Form 7 cpanel Cron CSS cURL Custom Code Custom php.ini Setup DB Backup DSO DSO Setup Steps error_log F-Lock failed to open stream FastCGI fatal error flush_rewrite_rules GWIOD HEAD Request htaccess Redirect Code HTTP Error Log Idle Session Logout ini_set Options installation iPage Jetpack JTC Anti-Hacker JTC Anti-Spam login Login Security mailchimp maintenance mode Malware Scanner ManageWP ModSecurity mod_fcgid mod_security MScan multisite network NextGen NextGen Gallery open_basedir parenthesis php.ini handler php error PHP Error Log php errors php handler Plugin Firewall post.php Pre-installation Wizard Quarantine Redirect S-Monitor search Security Log Security Log Entries Setup Wizard single quote single quote code character Sucuri timthumb tools.php UAEG uploads Uploads Anti-Exploit Guard VaultPress W3 Total Cache W3TC wget Whitelist Rules WooCommerce Wordfence wordpress wp-admin wp-config.php WP Super Cache XAMPP xmlrpc

Proudly powered by WordPress, BuddyPress and bbPress.

Skip to toolbar
  • About WordPress
    • WordPress.org
    • Documentation
    • Support
    • Feedback
  • Log In
  • Register
  • Activate
  • Video Tutorials
  • BPS Pro Forum
    • Read Me First
    • BPS Pro Troubleshooting Steps
    • Post New Forum Topic
  • BPS Free Forum
    • Read Me First
    • BPS Free Troubleshooting Steps
    • Post New Forum Topic
  • Activity
  • Buy BPS Pro
  • BPS Pro Features
  • BPS Pro Download
  • Testimonials
  • Contact
  • Menu
    • Log in
    • Register
    • Activate
    • BPS Pro Forum
    • BPS Free Forum
    • Activity
    • Video Tutorials
    • Buy BPS Pro
    • BPS Pro Download
    • BPS Pro Features
    • Testimonials
    • Contact