BPS admin/js/ files 403 Forbidden

[Tony Payne]

I have been using BPS for a few years, but have a problem with a site that I am revamping and just moved to Cloudflare.
The site appears to work fine, however all the admin pages are giving 404 errors on the BPS admin/js files. This is breaking the functionality, and I am not sure what the problem is.
I have included the Firefox Console Log at the bottom of the post – can’t see anywhere to upload a file, but hopefully that may give a clue.
The site is on the latest WordPress version, hosted at X10Infinity, with the Customizer theme. I have 2 other sites with the same setup (not moved to Cloudflare) and they are ok.
I have the Cloudflare caching all turned off for the moment, and any page rules also turned off.
I tried deactivating BPS Pro and no errors. Having re-activated and after running the Setup Wizard, the problems are still there.
I have also removed all Custom Htaccess Code but no luck.
Hoping you can give me a clue as to what is breaking the site.

[AITpro Admin]

Links copied from forum topic above. BuddyPress now blocks posting multiple links in forum topics if you are not the Admin of a forum site.

GET https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=14.3
[HTTP/1.1 403 Forbidden 1448ms]

GET https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=14.3
[HTTP/1.1 403 Forbidden 2444ms]

GET https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=14.3
[HTTP/1.1 403 Forbidden 2375ms]

GET https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-ui-accordion.js?ver=14.3
[HTTP/1.1 403 Forbidden 2580ms]

GET https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-encryption.js?ver=14.3
[HTTP/1.1 403 Forbidden 2612ms]

GET https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/crypto-js/crypto-js.js?ver=14.3
[HTTP/1.1 403 Forbidden 2718ms]

The script from “https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=14.3” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. admin.php
Loading failed for the<script> with source “https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=14.3”. admin.php:3073:1
The script from “https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=14.3” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. admin.php
The script from “https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=14.3” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type. admin.php
Loading failed for the <script> with source “https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=14.3”. admin.php:3074:1
GET https://www.famouspeoplefrombournemouth.com/wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=14.3
[HTTP/1.1 403 Forbidden 948ms]

[AITpro Admin]

There is a problem with the BPS Pro Plugin Firewall and Cloudflare, which is causing the 403 errors with BPS js files.

https://forum.ait-pro.com/forums/topic/cloudflare-login-security-and-plugin-firewall-not-working/

Problem:  Cloudflare breaks the BPS Pro Plugin Firewall, which in turn breaks BPS Pro Login Security and other things.  Important Note:  This only appears to be caused by installing WordPress Cloudflare plugins and not when installing Cloudflare from your web host control panel or directly from the Cloudflare website.

Solution:  Copy the Cloudflare IP address Range htaccess code below into the Plugin Firewall > Plugin Firewall Additional Whitelist Tools > Whitelist by Hostname (domain name) and IP Address text box > click the Save Hostname and IP Address Rules button > click the Plugin Firewall Activate button.

173.245.48.0/20, 103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 141.101.64.0/18, 108.162.192.0/18, 190.93.240.0/20, 188.114.96.0/20, 197.234.240.0/22, 198.41.128.0/17, 162.158.0.0/15, 104.16.0.0/12, 172.64.0.0/13, 131.0.72.0/22, 2400:cb00::/32, 2606:4700::/32, 2803:f800::/32, 2405:b500::/32, 2405:8100::/32, 2a06:98c0::/29, 2c0f:f248::/32

[Tony Payne]

I didn’t initially install the Cloudflare plugin, I registered and set my Cloudflare account up via the link on the host cPanel.

After I had problems, I installed the Cloudflare plugin, but it didn’t want to work properly after activation. I deactivated and removed it. Wondering if it might have left something behind?

I added the list of Cloudflare IP’s to the plugin firewall as recommended and activated the firewall. It didn’t make any difference.

Going to try the Setup Wizard again to see if that helps, and then follow the troubleshooting links above.

Thanks very much for the prompt response and help.

[AITpro Admin]

Try clearing/resetting the Plugin Firewall first.

https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

Fix all general Plugin Firewall issues/problems:
1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
2. Go to the Plugin Firewall page.
3. Click the Plugin Firewall BulletProof Mode Deactivate button.
4. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
5. Click the Save Whitelist Options button.
6. Click the Plugin Firewall Test Mode button.
7. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
8. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
9. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
10. Click the Plugin Firewall Activate button.

Fix all general Plugin Firewall issues/problems and Proxy server configuration mistakes:
Note this fix also applies to using a VPN|Proxy when you are logged into your website.
Additional steps to fix both general Plugin Firewall issues/problems and to compensate for an additional Proxy server configuration mistake (whitelist the Proxy IP Address). Note: This only applies to Proxy server issues/problems. Use the steps above unless specifically instructed to use these steps below to fix/whitelist a Proxy server IP address problem.

1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
2. Go to the Plugin Firewall page.
3. Click the Plugin Firewall Additional Whitelist Tools accordion tab.
4. Enter Proxy server IP address: xxx.xxx.xxx.xxx in the Whitelist by Hostname (domain name) and IP Address text box.
5. Click the Save Hostname and IP Address Rules button.
6. Click the Plugin Firewall BulletProof Mode Deactivate button.
7. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
8. Click the Save Whitelist Options button.
9. Click the Plugin Firewall Test Mode button.
10. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
11. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
12. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
13. Click the Plugin Firewall Activate button.

[Tony Payne]

Alas no joy from running the Setup Wizard again.

Got into the External Tools. Had to delete the plugins .htaccess file first.

Now the wp-admin BS pages load ok. Nice to have the accordion back, tabbed pages are rather unreadable without it.

Still have this error though.

ReferenceError: otw_shortcode_object is not definedadmin.php:3044:1
     https://www.famouspeoplefrombournemouth.com/wp-admin/admin.php?page=bulletproof-security/admin/core/core.php#PFWScan-Menu-Link:3044

Will continue tests…

Well, having deleted the plugins .htaccess file seems to have fixed things. The plugin firewall is now re-activated. Setup Wizard re-run again (for good luck) and the above error is the only one I can see.

[AITpro Admin]

The BPS Pro External Tools are kind of outdated, but they still do have some usefulness in some cases.

The otw_shortcode_object code is part of the Buttons Shortcode and Widget plugin and not part of BPS Pro. So either the error message above is actually 2 separate error messages or the error is referencing the BPS Pro Plugin Firewall link URL for some odd reason.

[Tony Payne]

Thanks.

I deactivated the plugin and the error disappeared.

I may need to find a replacement that gives shortcodes. Plenty around.

Touch wood I think we are working ok.

Really appreciate the help.

[AITpro Admin]

Well the error is not really that significant so if the plugin is working then just ignore that minor error.

[Author]

Posts