Cornerstone X Theme Visual Editor – 403 error

Home Forums BulletProof Security Pro Cornerstone X Theme Visual Editor – 403 error

This topic contains 5 replies, has 2 voices, and was last updated by  rafaelmagic 2 years, 6 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #24919



    How are you? I am trying to get “X Theme” visual editor Cornerstone working correctly. The admin plugin/skip rule has me stumped.

    [403 GET / HEAD Request: September 10, 2015 - 11:23 pm]
    Event Code: WPADMIN-SBR
    Host Name: my server
    REQUEST_URI: /wp-admin/customize.php?url=
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.22 Safari/537.36

    Head request are white listed and the following plugin bypass is not working. Any idea and thanks?

    #X Theme- CornerStone (plugin/skip)
    RewriteCond %{REQUEST_URI} (customize\.php) [NC]
    RewriteRule . - [S=1]

    AITpro Admin

    Try a wp-admin skip/bypass rule for the customize.php file.  See this similar forum topic:



    The skip rule above was added to wp-admin but the secondary issue was a Query Strings in the wp-admin folder.
    So what does that string do? And isn’t the Skip/plugin rule suppose to white list from that String?
    Also their Cornerstone is preventing the Transients from erasing so I cant do a Manual BPS Pro Upgrade.
    I could let the themes Tech Support know, if you can pretty please tell me how that part is fixed.

    RewriteRule ^(.*)$ - [F]
    Its the last line of the Query Strings. Just Comment it out:
    #RewriteRule ^(.*)$ - [F]



    AITpro Admin

    The line of code you commented out turns off/negates all your htaccess security rules.  Send me an Administrator login to this website.


    AITpro Admin

    This wp-admin skip/bypass rule works.

    # X Theme CornerStone customize.php skip rule
    RewriteCond %{REQUEST_URI} (customize\.php) [NC]
    RewriteRule . - [S=2]

    The reason it was not working for you is because the Skip rule # was incorrect. By Default there is already a Skip rule in the wp-admin htaccess file. When you add another Skip rule it needs to be S=2. On your particular site you already had a Skip rule so this is the correct wp-admin Custom Code Skip rules for your site.

    # Yoast Facebook OpenGraph wp-admin plugin skip/bypass rule
    RewriteCond %{QUERY_STRING} page=wpseo_social&key=(.*) [NC]
    RewriteRule . - [S=3]
    # X Theme CornerStone customize.php skip rule
    RewriteCond %{REQUEST_URI} (customize\.php) [NC]
    RewriteRule . - [S=2]

    Other issues/problems found on this site:
    As soon as I logged in I saw this error message, but it only happened when I first logged in: Error reconnecting to the database.
    This site has an extremely old BPS Pro version installed. I tried to upgrade BPS Pro using the BPS Pro Upload Zip installer. This server or something installed on this server is blocking/ignoring/not allowing the BPS Pro upload zip installation. Do these installation steps so that you do not have to setup BPS Pro again.
    1. Delete the /bulletproof-security/ plugin folder using FTP.
    2. Install the BPS Pro 11 zip file using the WordPress Upload Zip installer.



    Thanks Admin, rookie mistake. Here is the Plugin firewall whitelist, the following is the frontloading java, BPS Pro should add it automatically.

    /cornerstone/assets/js/dist/site/cs-head.min.js, /cornerstone/assets/js/dist/site/cs-body.min.js
Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.