After WP-CLI upgrade, BPS Pro continually quarantines legitimate WordPress files

Home Forums BulletProof Security Pro After WP-CLI upgrade, BPS Pro continually quarantines legitimate WordPress files

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • April 6, 2020 at 9:45 pm #38842
    seafoam
    Participant

    I just upgraded to WordPress 5.4.0 using wp-cli (the WordPress Command Line Interface).

    Now all of my WordPress sites with BPS Pro Active say that seven files have been quarantined.

    It’s always the same seven.

    If I restore the files from the quarantine, they are immediately quarantined again, no matter how many times I do it.

    This is maddening. How do I stop this unwanted behavior? These are false positives.

    I shouldn’t have to deal with false positives just because I use WP-CLI to upgrade instead of the web upgrader.

    The files being quarantined are:

    block.json
/home/user/domain/wp-includes/blocks/shortcode/block.json
2020-04-06 21:13:16
    block.json
/home/user/domain/wp-includes/blocks/social-link/block.json
2020-04-06 21:13:16
    style-rtl.min.css
/home/user/domain/wp-includes/css/dist/block-directory/style-rtl.min.css
2020-04-06 21:13:16
    style.min.css
/home/user/domain/wp-includes/css/dist/block-directory/style.min.css
2020-04-06 21:13:16
    style-rtl.css
/home/user/domain/wp-includes/css/dist/block-directory/style-rtl.css
2020-04-06 21:13:16
    style.css
/home/user/domain/wp-includes/css/dist/block-directory/style.css
2020-04-06 21:13:16
    script-loader-packages.php
/home/user/domain/wp-includes/assets/script-loader-packages.php
2020-04-06 21:13:16
    April 7, 2020 at 9:38 am #38843
    AITpro Admin
    Keymaster

    What must have happened is that new WP Core folders were added/created and for whatever reason AutoRestore|Quarantine did not backup those WP Core folders.  To get out of this file quarantine looping problem do a manual WordPress re-install on the Dashboard > Updates page > click the Re-Install Now button.  Let me know what happens.

    April 8, 2020 at 11:40 pm #38844
    seafoam
    Participant

    It took a long time to fix this because I had to go into each site and manually reinstall, then clear the quarantine and reset the log. Very tiresome and repetitive.

    It looks like there have been similar issues in the past. What can be done to prevent this issue from recurring? There’s no reason BPS should be quarantining newly unpacked core files that just came from the repository, whether via the web installer or WP-CLI or SFTP.

    April 9, 2020 at 10:47 am #38845
    AITpro Admin
    Keymaster

    This type of problem only occurs for WordPress Major updates.  I have looked at possible solutions, but those solutions come with undesirable side effects/problems.  Probably the best and safest way to do a WordPress Major update to avoid any problems would be to use the AutoRestore|Quarantine Standard Procedural Steps when manually modifying files steps below.  I apologize for the headaches and inconveniences you had to go through.  I’m still looking for a better way to code AutoRestore|Quarantine for WordPress Major updates that does not cause any other problems.  So yeah that’s a work in progress.

    https://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps

    AutoRestore|Quarantine Manual File Editing/Uploading Procedural Steps
    AutoRestore|Quarantine (ARQ IDPS) is a real-time file monitor that monitors all of your website files for any changes. When manually uploading or modifying files or folders with FTP use these simple procedural steps to avoid having those files autorestored and/or quarantined. If files are sent to Quarantine then use the Restore File option in Quarantine to restore those files. ARQ is amazing, but it cannot tell who you are if you are manually modifying or uploading files or folders outside of your WordPress Dashboard – that is not possible.

    1. Turn AutoRestore Off on the AutoRestore page.
    2. Manually upload files or manually modify/edit files or folders.
    3. Click the appropriate AutoRestore Backup Files button: Root Files, wp-admin Files, wp-includes Files or wp-content Files Backup Files button or run the Setup Wizards.
    4. Turn AutoRestore back On.

    April 9, 2020 at 11:04 am #38846
    AITpro Admin
    Keymaster

    What’s tricky about handling WordPress Major updates with AutoRestore|Quarantine (ARQ) is that most people do not run into this type of problem.  The number of people that run into a problem is very low – less than half a percent.  I believe the root of the problem is a latency issue.  ie the new WordPress Major update takes longer than the next ARQ Cron job run. So basically what happens is the ARQ Cron job run that backs up new WordPress Core files fires too early before all new WP Core folders/files have been added/created/updated.  Most likely the last thing that occurs during a WordPress Major update is that any new WP Core folders are added/created.

    Possible solutions would be to increase the ARQ Cron job interval for just WordPress Major updates or force an ARQ shutdown that would send an email notification that the BPS Pro Setup Wizard needs to be re-run.  The first possible solution is much better for obvious reasons.

    April 23, 2020 at 6:11 am #38871
    Sivakumar
    Participant

    I have my website hosted on SiteGround with auto update of WordPress.

    After upgrade to WordPress 5.4, I ran into the following issues –

    • Not able to add a new post
    • Not able to add a new page
    • Unable to install a new theme
    • Unable to install a new plugin

    Little did I realise it’s an issue due to conflict with BPS (both 14.2 & 14.4). With significant efforts on trial and error, I found the issue that the “break” happens due to BPS’s quarantining/removal of the following files –

    • wp-includes/assets/script-loader-packages.php
      wp-includes/blocks/shortcode/block.json
      wp-includes/blocks/social-link/block.json

    As I’m not a hard-core wordpress person (who has the skill to do manual wordpress installation), I have deactivated BPS pro and placed an alternate security plug-in now. It’ll be helpful if BPS pro can come up with a fix soon.

    As part of the debugging, I did come across the following error as well. Not sure whether this has any relevance to the quarantining of the above-mentioned files.

    PHP Notice: WP_Block_Type_Registry::register was called incorrectly. Block type names must be strings. Please see Debugging in WordPress for more information. (This message was added in version 5.0.0.) …/wp-includes/functions.php on line 5167

    Please do the needful for a fix.

    April 23, 2020 at 6:38 am #38872
    AITpro Admin
    Keymaster

    @ Sivakumar – There was a known problem with the WordPress 5.4 Major update and BPS Pro AutoRestore|Quarantine. To fix the problem do the steps below. This problem affected less than 1% of all BPS Pro users.

    Go to the WordPress > Dashboard menu > Updates page > click the Re-Install Now button.
    Go to the BPS Pro > Setup Wizard page > run the Pre-Installation Wizard and Setup Wizard.
    Go to the BPS Pro > Quarantine page > delete all of the WordPress files that are in Quarantine.

    April 23, 2020 at 7:12 am #38873
    Sivakumar
    Participant

    Thank you. Will re-install of WordPress 5.4 affect the recently added posts/plugins?

    Is there any work-around to avoid re-install such as Restore of Quarantine files (but does that require ARQ to be Off always – to avoid re-quarantine)?

     

    April 23, 2020 at 8:06 am #38874
    AITpro Admin
    Keymaster

    @ Sivakumar – Re-installing WordPress only re-installs all WordPress Core files. So any existing database data (Posts content, Pages content, Option Settings, etc.) is not affected when re-installing WordPress files.

    You cannot restore those particular WordPress 5.4 files because the new WordPress Core folders did not get successfully created before the ARQ file/folder backup Cron fired. This problem was caused by a combination of WordPress Automatic Update installation latency and the ARQ file/folder backup Cron firing too soon before those new WordPress Core folders were created. The solution is to do a re-installation of WordPress by following the steps in my previous forum reply.

    ARQ should always be turned On at all times. ARQ is designed to automatically turn itself Off when a WordPress, Plugin or Theme installation or update is occurring, backup all new files and then turn itself back On automatically.  The only exception for when you would want ARQ to be turned off would be the “AutoRestore|Quarantine Standard Procedural Steps when manually modifying files” below.

    https://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps

    AutoRestore|Quarantine Manual File Editing/Uploading Procedural Steps
    AutoRestore|Quarantine (ARQ IDPS) is a real-time file monitor that monitors all of your website files for any changes. When manually uploading or modifying files or folders with FTP use these simple procedural steps to avoid having those files autorestored and/or quarantined. If files are sent to Quarantine then use the Restore File option in Quarantine to restore those files. ARQ is amazing, but it cannot tell who you are if you are manually modifying or uploading files or folders outside of your WordPress Dashboard – that is not possible.

    1. Turn AutoRestore Off on the AutoRestore page.
    2. Manually upload files or manually modify/edit files or folders.
    3. Click the appropriate AutoRestore Backup Files button: Root Files, wp-admin Files, wp-includes Files or wp-content Files Backup Files button or run the Setup Wizards.
    4. Turn AutoRestore back On.

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.