BulletProof Security Forum | Site-Wide Activity

AITpro Admin replied to the topic quarantine bypass not working for folder in the forum BulletProof Security Free

Fri, 10 Apr 2026 18:15:21 -0700

Nope, you don’t need to run the Setup Wizard again when changing most individual option settings.

handsunc replied to the topic quarantine bypass not working for folder in the forum BulletProof Security Free

Fri, 10 Apr 2026 17:45:59 -0700

I have a follow up question, if I make this kind of edit in BPS Pro > AutoRestore > Exclude wp-content Folders, do I have to run setup again? Thanks!!

AITpro Admin replied to the topic error_log quarantine in the forum BulletProof Security Pro

Thu, 19 Mar 2026 21:02:42 -0700

Unfortunately, that is not possible to do with Regular Expressions (RegEx) code because of how this PHP function works: file_exists()

Question to AI: Can you use regular expressions for the path for the php file_exists function?

AI response: No, the PHP file_exists function does not support regular expressions for its path parameter. It accepts…[Read more]

Terry started the topic error_log quarantine in the forum BulletProof Security Pro

Thu, 19 Mar 2026 17:12:42 -0700

Is there a way to tell BPS not to quarantine error_log files generated by the server that occur in multiple folders without having to whitelist each one individually. I have had sites with the files in 15 to 20 different folders which I think were generated from attacks on the sites. I know how to do block BPS from checking one at a time but…[Read more]

AITpro Admin replied to the topic How to re-install BPS Pro after server migration debacle in the forum BulletProof Security Pro

Tue, 17 Mar 2026 23:32:10 -0700

Your host support people must have renamed the BPS Pro plugin folder. So yeah you can manually delete the BPS Pro plugin folder here using FTP or your web host control panel file manager > /wp-content/plugins/bulletproof-security. Then reinstall the BPS Pro zip file using the WordPress Plugin upload zip installer and run the BPS Pro Setup Wizards.

Frank started the topic How to re-install BPS Pro after server migration debacle in the forum BulletProof Security Pro

Tue, 17 Mar 2026 21:41:11 -0700

Hi,

My Host just moved my working, issue-free site to the cloud, it’s a nightmare. Following 500 internal errors the Host deactivated BPS Pro along with my BPS Pro .htaccess file containing custom code replacing it with another file.

The Host has now advised I can re-activate BPS Pro but cannot use the former .htaccess file. Upon clicking “…[Read more]

AITpro Admin replied to the topic BPS Notice: DISABLE_WP_CRON / plat-cron.php Quarantine in the forum BulletProof Security Pro

Tue, 17 Mar 2026 05:59:21 -0700

How critical is this DISABLE_WP_CRON constant is in use error? Is this specific to GDMW?

Disabling standard WP crons is fine as long as you are enabling some other type of crons like Direct Crons or Alternative crons. BPS and most WP plugins rely on crons to perform automation. If Plat Cron is something your GDMW hosting has created or using…[Read more]

AITpro Admin replied to the topic BPS Notice: DISABLE_WP_CRON / plat-cron.php Quarantine in the forum BulletProof Security Pro

Tue, 17 Mar 2026 05:55:30 -0700

BPS is compatible with Direct Crons, Alternative Crons and in this case I would call this an alternative custom cron. The default WP Core file for WP Crons is: wp-cron.php, which is located in the root folder of your WP installation. So calling this issue a compatibility issue is not using the best technical term or wording. I’m not exactly sure…[Read more]

bulletproof replied to the topic BPS Notice: DISABLE_WP_CRON / plat-cron.php Quarantine in the forum BulletProof Security Pro

Mon, 16 Mar 2026 23:35:07 -0700

I know how to do a Quarantine Restore. That wasn’t my question though…

To try to be more specific:

IS BPS Pro is compatible with plat-cron?
It appears that GDMW disabled wp cron in favor of using plat cron instead (I suspect wp cron may not be re-activatable).
IF BPS Pro is compatible with plat cron, is there anything specific I need to do…

[Read more]

AITpro Admin replied to the topic BPS Notice: DISABLE_WP_CRON / plat-cron.php Quarantine in the forum BulletProof Security Pro

Mon, 16 Mar 2026 21:52:34 -0700

Go to Quarantine > restore the plat-cron.php file in Quarantine > copy the entire path to the plat-cron.php file into the “Exclude Folders|Files from being checked by AutoRestore” text box. Choose “Exclude an Individual File. Click the Exclude Folder|File button.

Note: you can get the full path to the plat-cron.php file from the Quarantine Log.…[Read more]

bulletproof started the topic BPS Notice: DISABLE_WP_CRON / plat-cron.php Quarantine in the forum BulletProof Security Pro

Mon, 16 Mar 2026 20:45:30 -0700

1- Getting the Error:

BPS Notice: DISABLE_WP_CRON constant is in use
The WordPress DISABLE_WP_CRON constant is in use, which disables all Standard WP Crons. Several BPS Pro features use Standard WP Crons. If a plugin is being used that disables Standard WP Crons and uses Direct Cron Jobs instead or your Web Host…

[Read more]

wpconvert replied to the topic php reverting to 7.4 in the forum BulletProof Security Pro

Mon, 16 Mar 2026 08:14:31 -0700

Just noticed this post – and thought I’d respond just in case it’s relevant…

I had a similar issue on my reseller account – I host 20+ websites with no issue – a new client wanted me to take over their websites and 2 were migrated over from GoDaddy to my server. It appears that during this migration, Godaddy php settings were also carried…[Read more]

AITpro Admin replied to the topic File sent to Quarantine in the forum BulletProof Security Pro

Sat, 14 Mar 2026 03:51:46 -0700

This problem was handled via direct email. The files sent to me were checked by me and they had not been tampered with. AutoRestore|Quarantine accidentally quarantined legitimate WP Core files during the recent WP 6.9.4 Automatic Update. This problem can happen if there is significant latency when the WP update occurs. The solution is to restore…[Read more]

Terry replied to the topic BPS reported as causing 405 errors in Link Checkers in the forum BulletProof Security Pro

Wed, 11 Mar 2026 13:06:07 -0700

Ok, Thank you. I will go back and apply the code from the post you recommended previously to stop blocking head request.

Have a Great day

Terry

AITpro Admin replied to the topic BPS reported as causing 405 errors in Link Checkers in the forum BulletProof Security Pro

Wed, 11 Mar 2026 01:15:40 -0700

Blocking HEAD Requests is a nuisance “filter” to block Bots, not a security measure. These days it is completely unnecessary to block HEAD Request. Years ago Pre-PHP 7.4 it made a difference with website performance. If you are running at least PHP 7.4 then blocking HEAD Requests is no longer necessary. I assume Rank Math Link Genius is using the…[Read more]

Terry replied to the topic BPS reported as causing 405 errors in Link Checkers in the forum BulletProof Security Pro

Wed, 11 Mar 2026 00:46:21 -0700

Or is there something I am doing that is causing these head request since all I am doing is adding links to other pages on the site in the content.

Terry replied to the topic BPS reported as causing 405 errors in Link Checkers in the forum BulletProof Security Pro

Wed, 11 Mar 2026 00:44:16 -0700

I don’t want to open the site up completely for head attacks if adding the suggest code would jeopardize the site. The plugin that is monitoring the links is Rank Math Link Genius. Following is the most recent logged entries in BPS security log. Is there a way to allow that plugin only to do the head request. Or what do you recommend. Thank…[Read more]

AITpro Admin replied to the topic BPS reported as causing 405 errors in Link Checkers in the forum BulletProof Security Pro

Wed, 11 Mar 2026 00:10:01 -0700

Broken links typically show this Error Code: 404 Not Found, but depending on the tool you are using to check for broken links the tool itself will be blocked with a 405 error if it is making a HEAD Request. Do the steps in the link below to allow all HEAD Requests.

405 Method Not Allowed – means the web server understands the request and the URL…[Read more]

AITpro Admin replied to the topic File sent to Quarantine in the forum BulletProof Security Pro

Tue, 10 Mar 2026 23:56:42 -0700

These are all legitimate WP Core files. So either a WP Automatic update occurred and these files were accidentally quarantined or these files have been tampered with. Most likely this is an accidental quarantine.

Use FTP or your web host control panel File Manager tool
Download /wp-includes/class-wp-http-ixr-client.php to your…[Read more]

Terry started the topic BPS reported as causing 405 errors in Link Checkers in the forum BulletProof Security Pro

Tue, 10 Mar 2026 20:39:49 -0700

I have a site that shows a lot of broken links that generate a 405 error. I contacted the datacenter to check server configuration since some reports show that 405 errors can be caused by server configurations. However the response below is from the datacenter stating that BPS appears to be the cause. Any suggestions.

Please find a summary of…[Read more]

Ian started the topic File sent to Quarantine in the forum BulletProof Security Pro

Tue, 10 Mar 2026 18:51:36 -0700

Hi,

We have not been working on the website this afternoon, and I have just had an email to say the following files have been quarantined which sounds suspicious.

Do you recognise any of these files, and should we do anything in particular – This is the first time something like this has happened to us.

File: /home/sites/39b/5/583032bac8/public_…[Read more]

AITpro Admin replied to the topic Image Blocked by Security Plugin on Twitter / X in the forum BulletProof Security Pro

Tue, 03 Mar 2026 17:32:23 -0800

Looking at this X help information, you may not be able to hotlink images from your website.

X (formerly Twitter) generally does not encourage or support direct hotlinking of images hosted on its servers (pbs.twimg.com) to external websites, such as embedding them in blog posts or as site elements. While the images may load temporarily, they often…

[Read more]

AITpro Admin replied to the topic Image Blocked by Security Plugin on Twitter / X in the forum BulletProof Security Pro

Tue, 03 Mar 2026 17:21:03 -0800

Then what is causing the problem is the HTML code that you are using to link the image. Most likely the HTML code contains something that is being rejected by your host server as invalid. Below is basic and standard HTML code to link an image and most importantly it must contains the full URL to the image. If an img src url does not contain the…[Read more]

Ian replied to the topic Image Blocked by Security Plugin on Twitter / X in the forum BulletProof Security Pro

Tue, 03 Mar 2026 16:13:54 -0800

Hi,

Yes when I click the link on twitter I get to my website fine, the issue is twitter itself is not showing the image from my website like facebook does.

We are trying to find out what is blocking the image from being displayed on the twitter platform

Hope that makes sense

AITpro Admin replied to the topic Image Blocked by Security Plugin on Twitter / X in the forum BulletProof Security Pro

Tue, 03 Mar 2026 14:54:25 -0800

A 400 error does not mean something is being blocked. It means your code has a mistake that cannot be processed by your server or your server is simply refusing to process the Request because the Request is malformed (gibberish) or seen as incorrect. A 403 error means something was blocked. So yeah neither BPS or your host server is blocking the…[Read more]

Ian replied to the topic Image Blocked by Security Plugin on Twitter / X in the forum BulletProof Security Pro

Tue, 03 Mar 2026 14:35:10 -0800

Hi,

The server techs said they are not blocking twitter.

I created as basic a post as possible – https://walkingfootball.com/test/

Shows up fine on facebook – https://www.facebook.com/WalkingFootballdotcom/posts/pfbid02TkHpGR4Zt6d3n1UNFY77AfEpEtqeL82U9TjkTqJ2UHgsVFtajCxtU1s5UZv1FYewl

But on twitter just the blank holding card image again -…[Read more]

AITpro Admin replied to the topic Image Blocked by Security Plugin on Twitter / X in the forum BulletProof Security Pro

Tue, 03 Mar 2026 13:08:29 -0800

BPS is not blocking the X shared post. Your web host server is not able to process the content/code of the X shared post. The error message is indicating the problem is with your image URL in the X post. So what I would recommend is creating a simple URL that only contains a link to your website page or post instead of trying to include a link to…[Read more]

Ian started the topic Image Blocked by Security Plugin on Twitter / X in the forum BulletProof Security Pro

Tue, 03 Mar 2026 10:43:33 -0800

When sharing a post on Facebook and Twitter / X – the images appear in Facebook but are not appearing on the Twitter / X posts, IE – https://walkingfootball.com/united-vs-cancer-24-hour-walking-football-challenge-in-support-of-prostate-cancer/

GROK reported

Both the twitter:image URL you specified and the larger scaled version referenced in…[Read more]

AITpro Admin replied to the topic Script|File Owner User ID Mismatch Notice on all sites but no mismatches in the forum BulletProof Security Free

Sat, 28 Feb 2026 23:52:50 -0800

You probably need to change the path to the new DB Backup Folder location. Take a look at the folder path in this DB Backup option setting: DB Backup Folder Location. Or maybe you just need to create a Manual DB Backup to update BPS option settings. I believe that error check, checks old DB Backup folder paths against what is saved in the DB…[Read more]

Allen replied to the topic Script|File Owner User ID Mismatch Notice on all sites but no mismatches in the forum BulletProof Security Free

Sat, 28 Feb 2026 22:03:13 -0800

OK, thank you! Didn’t know about turning off autorestore. (Have never done a migration before, had no way of knowing and blogvault’s instructions were thin. Worked great after a couple of failures due to the lack thereof, however.)

Ran the setup wizard. Notice was still there. Dismissed it. Seems all is well. Would it simply reappear if there was…[Read more]

AITpro Admin replied to the topic Script|File Owner User ID Mismatch Notice on all sites but no mismatches in the forum BulletProof Security Free

Sat, 28 Feb 2026 17:40:16 -0800

https://forum.ait-pro.com/forums/topic/migrating-moving-or-cloning-websites/#post-20407

Any time you are doing a website migration, move, clone, etc. AutoRestore needs to be turned off before migrating, moving, cloning a website. After completing a website migration, move, clone, etc. go to the Setup Wizard and run the Pre-Installation Wizard…[Read more]

Allen replied to the topic Script|File Owner User ID Mismatch Notice on all sites but no mismatches in the forum BulletProof Security Free

Sat, 28 Feb 2026 17:25:01 -0800

I’m having this problem after a blogvault staging migration.

Tried to rename the folder unsuccessfully and was unable to create a test manual DB Backup Job.

I tried using cpanel’s file manager to temporarily rename the db-backup-security folder (before deleting it) but the site crashed.

(Once I corrected the folder name to ‘db-backup-security’…[Read more]

Calvin Jones replied to the topic Weird menu order BPS/BPS Pro with WPVivid Backup in the forum BulletProof Security Pro

Wed, 25 Feb 2026 18:13:30 -0800

Thanks a million for the response — I’ll get back to the folks at WP Vivid Backup and point them to this.

AITpro Admin replied to the topic Weird menu order BPS/BPS Pro with WPVivid Backup in the forum BulletProof Security Pro

Wed, 25 Feb 2026 14:44:21 -0800

I did Live testing with the BPS, BPS Pro and WPvivid Backup plugins and this solution works fine.

AITpro Admin replied to the topic Weird menu order BPS/BPS Pro with WPVivid Backup in the forum BulletProof Security Pro

Wed, 25 Feb 2026 14:41:06 -0800

The issue is that the BPS and BPS Pro plugins are not using the optional $position parameter in the add_menu_page() function, which I should probably add at some point. WPvivid is using the optional $position parameter in the add_menu_page() function and they are using 100 for the $position parameter value, which would normally put the WPvivid…[Read more]

Calvin Jones started the topic Weird menu order BPS/BPS Pro with WPVivid Backup in the forum BulletProof Security Pro

Wed, 25 Feb 2026 13:08:04 -0800

I’ve notices a weird menu order glitch that occurs on most (but not all) sites where I have BPS/BPS Pro installed alongside WP Vivid Backup (Free and Pro versions).

When both plugins are active, the WP Vivid menu item inserts itself between the BPS Pro and BPS Pro Logs/Info menu entries on the main admin menu. This isn’t a big issue — both…[Read more]

AITpro Admin replied to the topic 403, access denied in the forum BulletProof Security Free

Thu, 19 Feb 2026 15:07:15 -0800

I tested the website’s WooCommerce store and the Subscription feature and the Cart and everything appears to be working without any errors.

AITpro Admin replied to the topic 403, access denied in the forum BulletProof Security Free

Thu, 19 Feb 2026 14:56:51 -0800

You only need to run the Setup Wizards, which will automatically change/fix anything that needs to be changed/fixed. I used 1 random example Security Log entry, just to show the Query String issue. At this point go ahead and test to see if WooCommerce subscriptions are working or not.

handsunc replied to the topic 403, access denied in the forum BulletProof Security Free

Thu, 19 Feb 2026 14:36:36 -0800

I updated the plugin and ran Installation again, do I need to delete old htaccess or do anything else, the code in the reply was showing an elementor string, but my issue is wpcron for woocommerce subscriptions whcih support suspected was getting a 403 from bulletproof. I am letting know woocommerce support that I am working with you, but is there…[Read more]

AITpro Admin replied to the topic 403, access denied in the forum BulletProof Security Free

Thu, 19 Feb 2026 14:00:23 -0800

I received the Security Log file. The website has BPS Pro 17.4 installed. Upgrade to BPS Pro 17.5, which has a fix for Plugin Firewall plugin scripts with Query Strings added to the plugin file URLs: ?ver=3.34.1

[403 GET Request: February 18, 2026 – 10:39 am]
BPS Pro: 17.4
WP: 6.9
Event Code: PFWR-PSBR-HPRA
Solution:…[Read more]

AITpro Admin replied to the topic 403, access denied in the forum BulletProof Security Free

Wed, 18 Feb 2026 21:45:10 -0800

It doesn’t matter which forum you post in. Yep, send me the Security Log info to: info@ait-pro.com

handsunc replied to the topic 403, access denied in the forum BulletProof Security Free

Wed, 18 Feb 2026 20:38:10 -0800

I just realized I posted in the Free forum, should I repost in Pro?

handsunc replied to the topic 403, access denied in the forum BulletProof Security Free

Wed, 18 Feb 2026 18:18:14 -0800

should I email you the log? Its big, thanks!!

AITpro Admin replied to the topic 403, access denied in the forum BulletProof Security Free

Wed, 18 Feb 2026 16:46:17 -0800

I need more information. Have them send you Security Log entries from the BPS Pro Security Log that show what is being blocked.

handsunc started the topic 403, access denied in the forum BulletProof Security Free

Wed, 18 Feb 2026 13:20:37 -0800

Hi I have a client with woocommerce subscriptions, lately a few have stalled and support gave me this info, can you help:

I just wanted to quickly follow up to let you know I have still been trying to work on this issue. I do know this much, though: this issue is caused by the cron system returning a 403, access denied, error.

I do think this is…[Read more]

Jaiji replied to the topic 403/whitelist issue in the forum BulletProof Security Free

Thu, 12 Feb 2026 14:54:25 -0800

Thanks so much, that seems to have sorted it. I very much appreciate your excellent support.

AITpro Admin replied to the topic 403/whitelist issue in the forum BulletProof Security Free

Thu, 12 Feb 2026 13:58:02 -0800

What is being blocked is the single quote code character/apostrophe in the Query String: Valentine%27s Use the solution in this forum topic to fix the problem > https://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939

Jaiji replied to the topic 403/whitelist issue in the forum BulletProof Security Free

Thu, 12 Feb 2026 13:34:27 -0800

I’m finding it strange that the site owner gets a 403 (it’s them who’s blocked in the logs) but I don’t.

Jaiji started the topic 403/whitelist issue in the forum BulletProof Security Free

Thu, 12 Feb 2026 13:25:50 -0800

Hi. I run a WooCommerce site selling jewellery which uses Klaviyo for marketing emails. A mailout has just gone out with 2 links – one to a Valentine’s day collection in the Woo store, and one to a Valentines blog post. The links have extensive Klaviyo tracking code, which until today has always worked fine.

When clicking the email links, I am…[Read more]