WordPress Major Automatic Update – files quarantined

Home Forums BulletProof Security Pro WordPress Major Automatic Update – files quarantined

Viewing 15 posts - 1 through 15 (of 23 total)
  • Author
    Posts
  • #27061
    Roger MacRae
    Participant

    A couple of my sites were just auto updated to wordpress 4.4 and minutes after each auto update I received a message that the files were quarantined  and then sites were no long accessible. Is this a known issue and if so how do I prevent it in the future. Both sites running latest version of BPS Pro

    #27063
    AITpro Admin
    Keymaster

    ARQ Automation should work the same with WordPress Major and Minor Automatic Updates so not sure what could have happened.  To fix this problem use the Solution 1: Manually Copying Folders and Files from the Quarantine Folder method below.

    http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#ARQ-Troubleshooting

    Solution 1: Manually Copying Folders and Files from the Quarantine Folder:
    As of BPS Pro 11.2, Quarantine creates a mirrored directory structure of the quarantine file source path in the protected Quarantine folder. If Excessive files have been quarantined you can copy the entire folder from the /wp-content/bps-backup/quarantine/ folder back to where the folder and files were quarantined from. Example: All files in folder: /example-folder/ were sent to this quarantine folder: /wp-content/bps-backup/quarantine/somewhere/example-folder/. Copy the /example-folder/ back to where it was quarantined from: /somewhere/example-folder/.  Notes:  AutoRestore should be turned Off before manually copying files from Quarantine back to where they were quarantined from.  After you have manually copied files from Quarantine you can run the Setup Wizard to back up all files and turn AutoRestore back On.  If you are unable to log into your site to turn Off AutoRestore you can use the BPS Pro Xternal Tools Form to turn Off AutoRestore.  You can also use the Xternal Tools Form to delete all files in Quarantine after you have manually copied them from Quarantine.

    #27081
    AITpro Admin
    Keymaster

    Important Note: If you have BPS Pro 12.8 or higher versions of BPS Pro installed click this link for quickier and easier steps to fix quarantined files problems: https://forum.ait-pro.com/forums/topic/website-not-loading-after-wordpress-upgrade-or-theme-upgrade-500-error-files-quarantined/. BPS Pro 12.8+ versions automatically deactivate/turn ARQ Off when the /bulletproof-security/ plugin folder is renamed instead of having to use the BPS Pro XTF Form Tools to deactivate/turn ARQ Off.

    It looks there is a problem with ARQ Automation and WordPress Major Automatic Updates (or maybe just this specific WP 4.4 Major Automatic Update).  We now have 4 confirmed cases where allowing WordPress Major Automatic Updates is causing WordPress files to be quarantined, 500 errors and the website to not load.

    These steps below will fix the problem or you can restore website files (NOT the WP Database) from a file backup and then install WordPress 4.4 using the Dashboard > Updates > Re-Install Now button:

    Note:  I have created a WP 4.4 fix zip file (link below) that contains ONLY the folders and files needed to fix this problem.  Total unzipped filesize is 6.7MB vs 20MB.  Total number of files is: 441 vs 1,299.

    1. Download the WordPress wp44-fix.zip file that I created: http://www.ait-pro.com/wp44-fix/wp44-fix.zip to your computer.

    2. Unzip the zip file on your computer.

    3. Using FTP, Upload the WordPress Core folders (wp-admin and wp-includes folders) that you unzipped on your computer to these AutoRestore backup folders:
    Upload the entire /wp-admin folder to /wp-content/bps-backup/autorestore/wp-admin/.
    Upload the entire /wp-includes folder to /wp-content/bps-backup/autorestore/wp-includes/.
    Upload all the unzipped files: readme.html, wp-activate.php, wp-comments-post.php, wp-load.php, wp-login.php, wp-mail.php, wp-settings.php, wp-signup.php and xmlrpc.php to /wp-content/bps-backup/autorestore/root-files/.

    4. Using FTP, Upload the WordPress folders and files that you unzipped on your computer to these website folders:
    Upload the entire /wp-admin folder to /wp-admin/ overwriting the /wp-admin folder.
    Upload the entire /wp-includes folder to /wp-includes/ overwriting the /wp-includes folder.
    Upload all the WordPress root files to your WordPress installation folder. readme.html, wp-activate.php, wp-comments-post.php, wp-load.php, wp-login.php, wp-mail.php, wp-settings.php, wp-signup.php and xmlrpc.php

    5. After uploading all of the folders and files, login to your site, go to Dashboard > Updates > and click the Re-Install now button to reinstall WordPress 4.4.  Doing this step does 2 things:  1. Ensures that your WordPress 4.4 installation is complete.  2. ARQ Automation will automatically turn off ARQ, backup all of your new WordPress 4.4 files and then turn itself back on.

    6. Go to Quarantine and delete all files in Quarantine.

    Recommendation:  It is highly recommended that you DO NOT allow WordPress Major Automatic Updates and only allow WordPress Minor Automatic Updates.  To change your WordPress Automatic Update settings use the BPS Pro WP Automatic Update Pro-Tool and choose settings to ONLY allow WordPress Minor Automatic Updates.

    Further Investigation:  Further investigation will be performed to determine why this problem is occurring with WordPress Major Automatic Updates to prevent this problem from occurring on future WordPress Major Automatic Updates.  It is also possible that something has changed with how WordPress Automatic Updates are now being done and ARQ Automation would need to have new coding work performed to adapt to that new change with WordPress Automatic Updates.  Pending further investigation.

    Additional General Information (for reference purposes only):
    List of WordPress 4.4 File Changes:  http://forum.ait-pro.com/forums/topic/wordpress-4-4-file-changes-list-of-wordpress-4-4-file-changes/

    #27101
    MMBCB
    Participant

    I believe that I posted a topic to this forum last night, but do not see my post.. If the BPS plugin has been disabled manually through cpanel (I did not know it was BPS until too late, just white screen), what is the process to turn BPS back on?  Is it the same?

    #27103
    AITpro Admin
    Keymaster

    I am not sure how you disabled BPS so logically you would reverse whatever you did to disable BPS.  If you are experiencing the same problem as stated above in this forum topic then a side by side time comparison is:  20-30 minutes to do all of the steps above vs 10-15 minutes to do a file restore and reinstallation of WP 4.4.

    #27104
    MMBCB
    Participant
    1. The plugin is listed as “bulletproof-security_” on the back-end and it is deactivated thru dashboard. WP is already updated to version 4.4 (the web host tech did this, as all I saw was a white screen).
    2. Don’t suppose BPS created a separate backup of the database when this happened?  Lost some data, when one of the host techs fave bad advice.
    #27105
    AITpro Admin
    Keymaster

    1. Then I assume you would just rename it back to bulletproof-security and remove the underscore.  IMPORTANT:  You should do steps 1 through 3 above to make sure the new WordPress 4.4 folders and files exist in AutoRestore Backup before renaming bulletproof-security back to its original name.

    2. If you created a Database Backup with BPS DB Backup or another DB Backup plugin then you can restore that DB Backup.  BPS does not do automatic DB Backups on it’s own.  You can of course schedule automated DB Backups with BPS DB Backup.

    #27106
    MMBCB
    Participant

    Also, seeing this on dashboard, “The plugin bulletproof-security/bulletproof-security.php has been deactivated due to an error: Plugin file does not exist.”  Maybe, I need to reinstall BPS?

    #27108
    AITpro Admin
    Keymaster

    That error is occurring because you have renamed the bulletproof-security folder name.  Once you name it back to bulletproof-security you will need to reactivate the BPS Pro plugin.

    #27109
    Hannah
    Participant

    I am experiencing the same issue. Of 9 sites in which I have BPS Pro installed, all but three are in 500 error mode and I cannot log in. Interestingly, two of the three that escaped the problem had ARQ deactivated, but one of them had ARQ turned on. Why that one got through unscathed is beyond me. I will try to do the steps above to restore the one I’m working on now and let you know what happens. Hmmm. added later…won’t uploading the wp-content directory from the WP 4.4 update zip overwrite our uploads and child themes? It would be good to get confirmation that this is what we want to do when restoring these sites.

    #27111
    AITpro Admin
    Keymaster

    I believe it would be faster and simpler just to do a file restore (NOT a Database Restore) and reinstallation of WP 4.4.  The reason the other sites did not have files quarantined is because ARQ was deactivated.  I recommend that you do not allow WordPress Major Automatic Updates and change that.  It may turn out that WordPress has made some kind of change to how Automatic Updates are done and we will have to change ARQ Automation code to adapt to that new WordPress 4.4 change.  Not enough information yet to know exactly what the problem is yet.  Pending further investigation.

    #27116
    Hannah
    Participant

    Thank you, that is what I will do.

    #27118
    Jason
    Participant

    Hi,

    I was just about to post about this issue but (being a good user) checked the forum first 🙂 And yes I can confirm the same issue happened on my site. So i guess this post is more for informational purposes for BPS Pro team and anyone else visiting. As a note I update my WordPress sites using Plesk admin and all sites running BulletProof Free upgraded to WordPress 4.4 with no issues. I have one site on the same reseller host that runs BPS Pro and I was notified of an error during the update. On visiting this site it showed a white page and 500 server error in the developer console. At this stage I assumed it was a theme or plugin failure so renamed folders but with no luck. Suffice to say I went through the usual tricks to get the site back up. I then checked the server error_log which showed nothing of interest. The bps_php_error.log was far more informative and showed the following line:
    [09-Dec-2015 11:05:36 UTC] PHP Warning: require(/var/www/vhosts/REMVOEDMYURL.com/httpdocs/wp-includes/random_compat/random.php): failed to open stream: No such file or directory in /var/www/vhosts/REMVOEDMYURL.com/httpdocs/wp-includes/compat.php on line 338. On checking the path I noticed the entire “random_compat” folder was empty so I copied over the missing files manually thinking the Plesk update had failed. This then triggered a few more lines of missing WordPress files until everything was there and in the right place. I opened the site url and hey presto it was back online. I clicked to the “about” page and straight away I got a 500 server error! Luckily I had FTP open at the same time and saw the files disappear from the “random_compat” folder. That’s when I thought maybe ARQ was quarantining these new 4.4 files and checked the backup folder to see them all in there. So I downloaded 4.4. zip, renamed admin and root .htaccess, renamed plugins and themes and copied over all the files manually. Refreshed the page and I was able to login to the Dashboard and get things set up again. Then it was a process of settign all folder names back. Once done the only plugin I didn’t reactivate was BPS Pro and the site worked okay all day – except of course now it was getting spammed 😉 I’ve now just re-enabled the .htaccess files and used XTF to turn off ARQ. The site is up and running with BPS Pro enabled which is great. One thing I wondered, if I re-enable ARQ will this trigger the file quarantine again? That’s the only part of this I’m confused about i.e. I manually copied over the missing files and when refreshing the page they were immediately quarantined. Anyway, hope this is helpful and next time I’ll manually upgrade for WP major updates.

    Thanks
    Jason

    #27120
    AITpro Admin
    Keymaster

    If you run the Setup Wizard or use the manual AutoRestore Backup Files buttons on the AutoRestore page before turning AutoRestore back on then that ensures that all of your Live website files exactly match all of your AutoRestore Backup files because running the Setup Wizard or Backing up files manually creates AutoRestore Backup copies of all of your Live website files.

    #27121
    Hannah
    Participant

    I’m so sorry, I know you have your hands full today and probably have your head deep in code trying to figure out what has gone wrong, but I am really struggling here and don’t know what to do next but stare at my computer and try to hold back the tears. I followed your instructions above, short of overwriting the entire wp-content folder from the 4.4 download zip to both the actual and autorestore directories. Just too paranoid to do it, although I do have backup files I can use to restore the content, so if you recommend I do that too, I will suck it up and go for it. Currently the root files, admin and includes from the WP 4.4 zip have been uploaded to the bps-backup>autorestore directory and to the actual directories where they go. No change. I am still locked out of admin and the front-facing site has not come back up. I cannot use the xternal tools form due to a 403 Forbidden error. I am still working on the first of 6 sites that went down, one of my highest priority sites which you helped me with when I first bought BPS Pro. The only files in Quarantine are wp-includes, which I uploaded before reading your directions. I hope you can take the time to tell me what you recommend I do next.

Viewing 15 posts - 1 through 15 (of 23 total)
  • You must be logged in to reply to this topic.