BulletProof Security Forum

Answer:

The reason for the website crash when running the Setup Wizard was there was older PHP handler htaccess code saved in BPS Pro Root Custom Code.  Also on this particular host server running PHP 7.4 and API: LiteSpeed CGI the PHP handler htaccess code below is required in the root htaccess file in order for the site to load. This LiteSpeed…[Read more]

Answer:

BPS Pro is a security plugin that includes a DB Backup feature as an additional feature to quickly backup and fix database issues.  BPS Pro does not include a file backup feature.  All of your content (Posts, Pages, Option Settings, etc) is saved in your WordPress database.  Your WP database content is very important and not easily re…[Read more]

Will do, thank you.

For now see if Jetpack blocks bad bots from auto-registering and auto-logins.  If bad bots are able to auto-register then add the MemberPress Match CAPTCHA add-on > https://memberpress.com/add-ons/math-captcha/.  CAPTCHA’s block bots from auto-registering and auto-logins.

Brief Update: In order for everything to work smoothly, per your instructions, I had to disable JTC and I also had to remove the #Protect wp-login.php from Brute Force Login Attacks placed under <label for=”bps-CCode”>14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS… </label>as well. That said, I also use Jetpack, which keeps track of a…[Read more]

When you deactivate or activate the LiteSpeed Cache plugin it adds or removes the WP_CACHE constant code in the wp-config.php file. If you are using the Browser cache option in the LiteSpeed Cache plugin then htaccess code will be added and removed on plugin deactivation or activation.  Do the steps below to take care of this issue.

1. Delete…[Read more]

Ok, thank you for your time and assistance.

Continued success,

-Bill

@ bill – Your additional “edit” has been deleted per your request. I will respond directly via email to your additional “edit”.

It is fairly common that membership Plugins or Themes override BPS JTC and Login Security features because the WordPress Login and Registration pages only have a couple of Hooks (Actions and Filters) for login…[Read more]

Thank you for the insight. So, if I disable these features, will the site be “less secure” or more vulnerable to compromise? I always double-down on everything with BPS Pro (login security, Brute Force log-in code, etc.), so I apologize for the question– just want to make sure that the site will still be protected as people begin entering…[Read more]

See this MemberPress help page regarding MemberPress htaccess code > https://docs.memberpress.com/article/179-understanding-rewrite-rules. Read the help text at the top of that page.  Sounds like you will need to turn Off BPS Pro JTC Anti-Spam|Anti-hacker, which is a CAPTCHA feature.  You may also need to turn Off BPS Pro Login Security & M…[Read more]

Greetings and thanks AITPro for your years of service and ingenuity. I had two (2) quick questions pertaining to MemberPress. 1) I read the updated approach outline above but when I reach the step (included below), I did not see the MemberPress .htaccess code in my .htacess file. This is the step I’m referencing:

3. Copy your actual MemberPress…[Read more]

Answer:

That looks like a Basic Authentication login prompt. It is not a BPS Pro login thing. BasicAuth is an additional login feature that is either setup in a wp-admin htaccess file or setup from your web host control panel. Maybe your web host added this?

Answer:

You can ignore this error message.  I need to add an additional check for an empty delimiter.  What is more important is that when I checked the frontend of your website I found a 403 error, which is suspicious.  The file that is generating the 403 error is this one:  /wp-content/plugins/wpgdprPro_r4duTI/update.php.  When I do a goog…[Read more]

Answer:

That is not malicious code or hacker code. It is serialized database data from your WordPress database. I assume this is some kind of log file. The mc_data folder is created by the MalCare Security plugin.  So the mc.log file is a log file for that plugin.

Create an AutoRestore exclude rule at the top of the Quarantine page for this…[Read more]

Answer:

Good job! I’m impressed with your firm grasp on how to fix this issue.

You would add the new php/php.ini handler htaccess code in this Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
… then click the Save Root Custom Code button and go to the Security Modes tab page and click the Root folder BulletProof Mode Act…[Read more]