BPS Pro prevents the proper functioning of WP Reset

Home Forums BulletProof Security Pro BPS Pro prevents the proper functioning of WP Reset

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
  • #39643

    Hi Edward,

    I have WP Reset installed on my site.

    Contrary to what its name suggests, WP Reset allows to create snapshots of the database at a given time.

    What’s the use of it ?
    It allows you to go back if you realize that one of your actions (mainly the installation, activation, deactivation or deletion of a plugin or theme) has caused problems.

    To learn more, watch this short video at this very moment: https://youtu.be/xBfMmS12vMY?t=104

    The problem is that WP Reset does not work at all when BPS is installed.

    I’m telling you this because I made 3 tests:
    – Test 1; BPS Pro installed (although not yet activated) => WP Reset does not work
    – Test 2: BPS Pro deactivated => WP Reset still does not work
    – Test 3: BPS Pro deleted => WP Reset works normally.

    I got the confirmation by the WP Reset team that the problem comes from BPS.


    So is it possible to whitelist WP Reset for the plugin to work properly?

    If so, tell me if you need me to give you admin access to my site.


    AITpro Admin

    You don’t need to deactivate the BPS Pro plugin for troubleshooting.  BPS Pro has built-in troubleshooting capability.  Use the BPS Pro troubleshooting steps to eliminate, confirm and isolate which BPS Pro security feature is causing a problem > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    Go to the BPS Security Log page, look for a Security Log entry that has “wp-reset” in the Log entry and post it in your forum reply. So I can see what BPS is blocking and post a whitelist rule for the WP Reset plugin.

    AITpro Admin

    I have tested the WP Reset plugin and am not seeing a 403 error when testing all the option settings on the Snapshots page.  The Developer Tools 403 error in your screenshot shows that what is being blocked is the /wp-admin/admin-ajax.php file. Not sure why I am not seeing this on my test site when testing the WP Reset plugin.  Maybe I am not testing the same exact WP Reset option setting that causes this 403 error?  To whitelist the admin-ajax.php file in the BPS wp-admin htaccess file do the steps below. Let me know if this solves the problem or not.

    1. Copy the admin-ajax.php htaccess code skip/bypass rule below to this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the Save wp-admin Custom Code button.
    3. Go to the BPS Setup Wizard page and run the Pre-installation Wizard and Setup Wizard. For BPS free run the Setup Wizard.

    # Skip/bypass rule for the admin-ajax.php file
    RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
    RewriteRule . - [S=3]
    AITpro Admin

    I just noticed that the WP Reset plugin creates this folder:  /wp-content/wp-reset-snapshots-export/ to store database backups (snapshots).  Re-running the BPS Pro Pre-Installation Wizard and Setup Wizard will automatically create a wp-content folder exclude rule for the /wp-reset-snapshots-export/ folder so that it will not be checked by AutoRestore|Quarantine.


    This is a bit more complicated than that and I’ll explain.

    In the Pro version, we have several options for storing our snapshots.

    The right one is to automatically transfer them to the cloud AND autodelete the “local” one.

    This screenshot shows all the settings available.

    Why is the best option? Because WP Reset creates duplicates of tables in the database (by adding a prefix to them).

    For example, if you have 12 tables and create 2 snapshots, you will end up with 36 tables.

    When you send them to the cloud AND autodelete it locally, it also deletes the tables created.


    When you say:

    Re-running the BPS Pro Pre-Installation Wizard and Setup Wizard will automatically create a wp-content folder exclude rule for the /wp-reset-snapshots-export/ folder so that it will not be checked by AutoRestore|Quarantine,

    is it something you just added to BPS Pro?

    Can you “intervene” in what BPS Pro does without the need to download a newer version of the plugin?

    AITpro Admin

    BPS Pro 14.9 already does that because the Setup Wizard checks wp-content folders for certain file types.  If the file types are zip or gz files then the Setup Wizard automatically creates a wp-content folder exclude rule for that folder.  The reason for that is you don’t want AutoRestore checking a backup folder where new backups will be added/created regularly or else those backup files will be quarantined.

    Did you try the admin-ajax.php htaccess skip/bypass whitelist rule yet?  If that does not fix the problem then I would need to see your Security Log entries to see what is being blocked.  You can send your BPS Security Log file contents to this email address: info at ait-pro dot com.


    I will try tomorrow because it’s time to sleep in my part of the world :-).

    Thanks again Edward for your top notch support. Best one EVER!


    Hi Edward,

    I copy-pasted the snippet of code you gave me for whitelisting.

    When I submit it, I get a 502 Error with the word openresty below (the url is /wp-admin/admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7)

    And even if I go back to the previous page (alt + left arrow), remove the code and click on the submit button, I still get that 502 Error.

    However, I can still access the back-office of my site.

    Is that normal and should I proceed to step #3?

    Thank you.

    AITpro Admin

    502 Bad Gateway error
    The HyperText Transfer Protocol (HTTP) 502 Bad Gateway server error response code indicates that the server, while acting as a gateway or proxy, received an invalid response from the upstream server.

    OpenResty is a web server which extends Nginx by bundling it with many useful Nginx modules and Lua libraries.

    Most common cause of a 502 error is ModSecurity.  Note: ModSecurity also causes 403, 404, 500, 503 and a few other errors.  If you have ModSecurity installed then you will need to click the Encrypt Custom Code button first before clicking the Save wp-admin Custom Code button.


    Awesome! WP Reset works perfectly.

    Now, I’ll send this thread to WP Reset so that they can respond efficiently to future customers who might have the same problem as me but don’t know that this is related to BPS Pro in the first place.

    Many thanks, Edward!

    AITpro Admin

    Thanks for confirming the fix worked.  I’ll add this fix to the Setup Wizard AutoFix feature so that it will be automatically created by the Setup Wizard.

Viewing 12 posts - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.