Better WordPress Minify plugin – Plugin Firewall, Plugin Firewall Whitelist

Home Forums BulletProof Security Pro Better WordPress Minify plugin – Plugin Firewall, Plugin Firewall Whitelist

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #1045
    AITpro Admin

    If you are using the Better WordPress Minify plugin to minify your CSS and JS scripts then you cannot use the Plugin Firewall in BulletProof Security Pro.  The Better WordPress Minify plugin is minifying scripts in a way that the Plugin Firewall Whitelisting Tools /Scanner do not see the true origin of plugins scripts so that plugin script Whitelist rules can be created successfully.  Whitelisting the entire Better WordPress Minify plugin folder will not work either nor will using the Plugin Override tool due to the way plugin scripts are being minified.  If a solution is found at a later time it will be posted here, but it is doubtful that anything can be done.  Better WordPress Minify is working correctly and is doing exactly what it is designed to do and unfortunately the Plugin Firewall just cannot see what to Whitelist so basically this is an incompatibility issue that most likely does not have a solution.

    AITpro Admin

    A new Plugin Firewall Read Me First Troubleshooting post has been created here >>>


    hmm. Won’t the code below work?

    # BWP Minify skip/bypass rule plugins folder
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/bwp-minify/ [NC]
    RewriteRule . - [S=17]
    # BWP Minify skip/bypass rule cache folder
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/bwp-minify/cache/ [NC]
    RewriteRule . - [S=16]
    # BWP Minify skip/bypass rule java
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/bwp-minify/cache/(.*)\.js [NC]
    RewriteRule . - [S=15]
    # BWP Minify skip/bypass rule css
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/bwp-minify/cache/(.*)\.css [NC]
    RewriteRule . - [S=14]
    # BWP Minify skip/bypass rule css.gz
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/bwp-minify/cache/(.*)\.css.gz [NC]
    RewriteRule . - [S=13]
    # BWP Minify skip/bypass rule js,gz
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/bwp-minify/cache/(.*)\.js.gz [NC]
    AITpro Admin

    A lot of things have changed in BPS Pro since this forum topic was created.  The new Plugin Firewall AutoPilot Mode will be able to automatically detect and create Plugin Firewall whitelist rules if you turn off/disable minification to allow AutoPilot Mode to work, BUT typically every/any/all minify plugins modify the frontloading Source Code (plugin .js scripts, CSS, HTML, etc) of a website in a way that the original Source Code can no longer be processed by the Plugin Firewall.  So what that means is even if you have valid Plugin Firewall whitelist rules then the Plugin Firewall will still not be able to function/process those whitelist rules.  You can either exclude all frontloading .js scripts in Better WordPress Minify from being minified or manually (literally manually combine .js scripts) minify frontloading .js scripts or turn off/deactivate the Plugin Firewall.

    Minify Plugins: If you are using a Minify plugin then you will probably not see Security Log entries / alerts.  Most if not all minifying plugins allow you to choose to exclude plugin scripts that you do not want to minify.  If you want to use the BPS Pro Plugin Firewall then you can choose not to minify particular plugin scripts so that you can use both minifying and the Plugin Firewall together.  It is recommended that you turn Off/deactivate minifying to get the plugin scripts that need to be whitelisted in the Plugin Firewall.  After you have added those plugin scripts to your Plugin Firewall whitelist you can then exclude those same plugin scripts from being minified in your minify plugin and turn On/activate your Minify plugin.



    Just a broad-based question about minifying plugins, security, and increasing page load times in general…

    I’m trying to improve our https site page load times, so have scoured the i/net for ideas and tried to tweak our site as best I can. However, most seem to sing the praises of using a minifying plugin of some description and even in the Google webmaster tools it recommends a minifying option to improve page load times (well ours, anyway!).

    Also on a test it showed that our home page had “56% js + 30% css = requests; and 30% js + 20% css = Bytes” so the minifying plugins would presumably help this.

    But from what you’ve said here you don’t recommend them… any particular reason? Is it because it limits the reach of the BPS plugin firewall (or the need to completely deactivate it) so increasing the site security risk too much?

    Would appreciate your views.


    AITpro Admin

    I have never had any good results (no significant page load speed improvement, etc) by doing “automated minification”.  Automated minification would be installing a plugin that tries its best to do a “one size fits all” thing and minifies all js and css scripts to the best of its abilities/capabilities.  The reason I do not recommend automated minification is that I personally feel that minification is not a “one size fits all” thing and should not be automated and there is a very good chance – 80% or more of creating complications and problems for your website.  If you want to minify scripts then personally and professionally I believe there is only 1 way to do that correctly – manually combine js and css scripts that can be combined/minified and do thorough testing to ensure that you have not created problems by doing that minification.

    The reason the Plugin Firewall will be broken by using automated minification is that the Plugin Firewall needs to read your website pages Source Code.  Since automated minification drastically changes (mangles your Source Code is closer to the truth) your website pages Source Code then basically your Source Code is no longer readable in a way that makes much sense.  If you do manual minification, which in my opinion is the ONLY way to do minification correctly, then the Plugin Firewall will work normally/correctly since your Source Code will still make sense and be readable.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.