BPS Pro Alert! Your site does not appear to be protected by BulletProof Security

Home Forums BulletProof Security Pro BPS Pro Alert! Your site does not appear to be protected by BulletProof Security

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #17159
    Tony Payne

    I created a new clean install of a web site yesterday, with a new database, installed BPS Pro and then proceeded to add other plugins. When I add a plugin I get the message at the top of the page and the .htaccess is placed into Quarantine.  I have to recreate it and then activate security mode.  I can’t think what I might be doing wrong. I am adding plugins (in this case the Yoast SEO plugin which is well used and trusted).

    BPS Pro Alert! Your site does not appear to be protected by BulletProof Security.

    The Quarantine log message is: Quarantined File: Root .htaccess file renamed to auto_.htaccess
    Any ideas?  I was hoping that by doing a clean install things would be error free. Using WordPress 3.9.2 and hosted on Hostgator.

    AITpro Admin

    This is the #1 most common problem that occurs with both BPS and BPS Pro and is caused by the WordPress flush_rewrite_rules function used in plugins and themes to flush/delete the root .htaccess file contents and add the standard default WordPress rewrite .htaccess code.  The solution is very simple to solve both of these problems so that they do not reoccur repeatedly – Lock your root .htaccess file and turn on AutoLock on the B-Core >>> htaccess File Editor tab page.

    BulletProof Security Alert will not go away – “BPS Pro Alert! Your site does not appear to be protected by BulletProof Security”
    WordPress flush_rewrite_rules function problem

    The #2 most common problem is the cPanel Hotlink protection tool problem
    cPanel HotLink Protection Tool Problem

    Tony Payne

    Ah thank you very much. I thought I had the .htaccess write protected automagically. Will check the settings now. I noticed that the last plugin I installed didn’t give the error.

    AITpro Admin

    Not all plugins use the WordPress flush_rewrite_rules function.  Probably only 1 in 1,000 plugins use that WordPress function.


    Locking the root .htaccess file does not cause problems or break the intended purpose for using the flush_rewrite_rules function for other plugins that are using the flush_rewrite_rules function.  The BPS root .htaccess code is integrated into the standard WordPress Rewrite .htaccess code and already contains the correct code to generate custom post types and other things intended by using the flush_rewrite_rules function.  This information below describing this function’s usage is not 100% crystal clear so to clarify and simplify what the intended usage is, it is simply this:  Ensure that the user/website is using Permalinks AND the WordPress Rewrite .htaccess code.  Since BPS/BPS Pro is already using the WordPress Rewrite .htaccess code then everything works correctly and there is actually no need for the flush_rewrite_rules function to flush/delete the root .htaccess code, but the flush_rewrite_rules function performs other tasks normally as intended. BPS/BPS Pro does not interfere with those other tasks when you lock your root .htaccess file and only prevents the root .htaccess code from being flushed/deleted since that is not necessary when using BPS/BPS Pro .htaccess code.

    Remove rewrite rules and then recreate rewrite rules.

    This function is useful when used with custom post types as it allows for automatic flushing of the WordPress rewrite rules (usually needs to be done manually for new custom post types). However, this is an expensive operation so it should only be used when absolutely necessary. See Usage section for more details.


    Flushing the rewrite rules is an expensive operation, there are tutorials and examples that suggest executing it on the ‘init’ hook. This is bad practice.
    Flush rules only on activation or deactivation, or when you know that the rewrite rules need to be changed (e.g. the addition of a new taxonomy or post type in your code). Don’t do it on any other hook. More detail information in the comments on WP Engineer’s post: Custom Post Type and Permalink
    Make sure custom post types and taxonomies are properly registered before flushing rewrite rules, especially during plugin activation: Activation Checklist for WordPress Plugin Developers

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.