BPS Setup Wizard AutoFix persistent alert

Home Forums BulletProof Security Pro BPS Setup Wizard AutoFix persistent alert

This topic contains 25 replies, has 3 voices, and was last updated by  AITpro Admin 4 months, 1 week ago.

Viewing 15 posts - 1 through 15 (of 26 total)
  • Author
    Posts
  • #34622

    bbmedia
    Participant

    After updating to BPS Pro 13.4 on our current installs, I am getting some instances of a persistent alert for the
    BPS Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) Notice

    We have followed a typical BPS Pro update process – this is with both WP 4.8.3 & WP 4.9 installs –  the WP instances include Woocommerce (3.1.1 and 3.2.5). Also we have tried:

    • the setup wizard multiple times on each site.
    • Plugin/Auto-Firewall Test mode
    • clearing all caches incl browser
    • checked that the resulting htaccess file is correctly setup (incl. custom setups)

    Our sites have the same core of plugins across them, including the Woocommerce installs, though obviously there are always some differences. So far the only similarity between the offending sites is Woocommerce. These sites contained the same plugins prior and this has only begun happening on updating from 13.3 to 13.4.

    Any ideas?

    #34623

    AITpro Admin
    Keymaster

    Have you re-run the BPS Pro Wizards? We made some changes to the WooCommerce whitelist rule to expand the whitelisting range for WooCommerce as they are adding new Query Strings regularly.

    #34629

    bbmedia
    Participant

    “Also we have tried:

    • the setup wizard multiple times on each site.

    …”

    #34635

    AITpro Admin
    Keymaster

    Ah ok yeah I was not sure what you meant exactly with that bullet point. 😉  Do these steps below and let me know if this works or not:

    1. Use the BPS Custom Code Export feature to export all of your Custom Code.
    2. Click the Delete button to delete all of your Custom Code.
    3. Run the Setup Wizards again.

    Note:  You can manually add any custom htaccess code back to BPS Custom Code by opening the exported Custom Code zip file.

    #34636

    bbmedia
    Participant

    Well this fixes it but it’s enough of a PITA to have to manually do a Setup Wizard process after an update as it is, without also having to revisit our Woocommere sites to then delete custom code and redo this, given that we do mainly ecommerce sites.

    #34637

    AITpro Admin
    Keymaster

    Yeah, I hear ya.  The newer WooCommerce security rule fix should have been done automatically by BPS on BPS upgrade so not sure why that did not happen automatically on your site(s).  In the long run it is more important for the newer WooCommerce security rule to be created.  Sorry for any inconvenience this has caused.

    #34642

    bbmedia
    Participant

    You also might like to know that you Quarantine Log Reset doesn’t use the correct date. Afer having to update it 3 times to get it to turn the notice off, it seems to exist in the future:

    Last Modified Time in DB:  November 28 2017 08:45:44
    Last Modified Time in File: November 28 2017 08:45:44

    And yes… I’m running on AEST  but it was still only Nov 27 2017 8:45:44 here. Strangely, hear in Australia, we don’t live a day ahead of everyone else.

    #34643

    bbmedia
    Participant

    So… here come the perpetual alerts from sites for auto quarantined files… this happens whenever we update BPS Pro.
    I come back to one of these sites I’ve been mucking around with to get BPS Pro all sorted and there’s 30 rows of auto_htaccess sitting there.

    It’s tedious to have to go through these sites after updates and reconfigure the htaccess when it either doesn’t remember the hide MAINWP code at the end of the plugin,  or when it randomly decides, out of the blue, to update the htaccess file every hour or so and throw additional lines between.   every.   single.   line.  in the htaccess file and then quarantine the file.

    Most of the other sites are alerting me that no, BPS Pro doesn’t like error_logs which aren’t the BPS Pro error_log and start quarantining them on every ARQ run for every error that’s logged, resulting in the error log never being updated, and the quarantined version being overwritten with the very latest errors. Surely you can build an exception for error_log files – or some process to auto-except them once vetted?

    the number of times I’ve had to go through and compare these files on so many different sites, I am getting very tired of it.

    #34644

    bbmedia
    Participant

    So I guess the real question is… Why do you persist in pushing out many little updates to your plugin, when each update means that we have to constantly manually fix the settings to get it not to spit quarantined files, and also when these updates to fix one issue seem to then cause another?

    I am going to stop updating BPS Pro until major updates, and then only when we’ve got an extra day or two in our schedule to go through and get each of the sites working without constant alerts.

    I’d happily pay a yearly maintenance fee if, like other plugins, it meant I could avoid all these update problems, and was working with a plugin that looked even remotely modern or WP-like, was succinct in it’s notation and education, and operates smoothly without having to do continual page refreshes.

    If only this plugin had some proper customer-focused direction to it and didn’t waste so much time of it’s paying members. The plugin and the company’s market-focus need a major overhaul.

    #34646

    AITpro Admin
    Keymaster

    BPS timestamps are GMT synched, but are also based on whatever WP time settings you are using. Don’t want to point any fingers, but a few plugins and themes can interfere with what BPS is doing with timestamps. The log file timestamps are not really a big deal. If they are not synched to your timezone then it does not affect anything important. They are more of visual spotcheck type of thing.

    For the quarantine problem send me your Quarantine log contents so I can see what is going on:  info at ait-pro dot com. A common issue/problem with default server error_log files can be taken care of by creating a single file exclude rule. See this help section for the steps to do that >

    AutoRestore|Quarantine steps for creating wp-content folder and single file exclude rules
    http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules

    Sorry for any irritation that the latest BPS Pro release may have caused. Yeah it was a light update due to folks being on holiday and such. 😉

    #34649

    bbmedia
    Participant

    I’ll send you the quarantine logs.

    Yes I’m fully aware of the manual process to setup an exception to various error_log files, and have to use it. But you’re missing the point – we shouldn’t have to. It is something that is common, and can be avoided (like too many updates) with a bit of thought and good coding to provide a once-off error_log verification process. You seem to forget that the most expensive thing to your targeted demographic is the customer’s time, and this plugin wastes much of it.

    How about you guys start thinking about it from the point of a consumer? You’d get a lot more traction with this product is you did. The way you do the whole custom code process is just so tedious – and unnecessarily so, if you had some input that wasn’t purely from a nerdy tech perspective. You have a technically good product which create a good end result for security, and a woefully inadequate one from a usage perspective, coupled with unnecessary updates which cause as many probs as they fix. But, sadly, this company just doesn’t know how to think like this, nor take external advice – this product should have 1 million+ installs and a half of those being premium. This is why it doesn’t.

    #34650

    AITpro Admin
    Keymaster

    I hear what you are saying – the main focuses for BPS Pro have always been – #1 Create a security app that is unbeatable.  #2 Keep BPS Pro very affordable for anyone/everyone. #3 Make something very complex, easy to use for anyone/everyone.  So it seems like point #3 is not working for you for some reason.  #1 and #2 are definitely true – just recently a website that I manage was attacked – BPS Pro ARQ IDPS did its usual magic and stopped that hack and let me know the exact Point of Attack.  Bottom line BPS Pro is brilliant, complex and yet simple to use for anyone/everyone.  I’m sorry you are having some problems, but we have put a lot of thought into the BPS Pro project with the end user in mind first and foremost.  Not trying to be defensive here, but 95% of the folks that buy BPS Pro never need to contact us.  We do regular checkups/followups to get feedback from BPS Pro users and most feedback is in the good to awesome range.  If there is anything else we can help you with then yeah let us know what that might be.

    #34655

    bbmedia
    Participant

    I have sent you that quarantine file – please figure out why it repeatedly quarantines a htaccess file that is identical, after autorestore process has been properly dealbt with

    Wow. Do you really think that 5% support from a 90,000 customer base is a good figure? And companies very rarely hear from disgruntled or unsatisfied customers – they just move on. If you’re waiting for them to tell you what they don’t like about your product then it will be a long wait.

    But it is sad that you cannot see it. The feedback from the reviews. The fact that you have been around for as long as ithemes and Wordfence, have a better (only in terms of security) and cheaper Pro product than they do, and yet you are at 90k installs and they are 800k and 1m+ in comparison. This is what you guys just don’t get.

    You have a portion of the web dev market that can be bothered with wading through the it, and the consumers who like to tinker, but that’s it. The rest of the web dev market goes ithemes Pro & Sucuri Pro. But hey, I’ve already been through this with Ed. You just can’t see what you are missing out on, nor why plenty would leave this once it became too onerous to bother with.

    #34657

    AITpro Admin
    Keymaster

    Yeah I hear where you are coming from.  BPS Pro only has a 40K user base.  BPS free has actually lost a lot it’s user base.  To be completely honest with you I believe that BPS Pro is pretty much completed and we probably won’t add anything more to BPS free.  They work very well so no need to “polish the brass” on them anymore.  More importantly our competition in this particular niche has stifled any new growth we could hope to achieve at this point – image outmatched kind of thing and not product capability/functionality outmatched.  So no point in swimming up river.  We created a great product with BPS Pro at a ridiculously cheap price and we’re good with that.  ie great product/great price – we will always continue to support BPS and BPS Pro 100% no matter what recent project is our priority at any particular time.  😉

    #34659

    AITpro Admin
    Keymaster

    What I am seeing in the quarantine log file you sent to us is that your root htaccess file is being quarantined repeatedly.  That problem typically happens when another plugin or theme is using the WP flush_rewrite_rules() function in a way that it should not be used.  The appropriate usage is to use that WP function on plugin activation, deactivation or uninstallation only.  If you have a CGI server type then you can lock your root htaccess file on the B-Core > htaccess File Editor tab page.  If you have a DSO server type then you will need to exclude your root htaccess file from being checked by ARQ IDPS by adding a single file exclude rule on the AutoRestore > Add|Exclude Other Folders & Files tab page.  See this forum topic for the steps to create a single file exclude rule > http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules

Viewing 15 posts - 1 through 15 (of 26 total)

You must be logged in to reply to this topic.