Custom Code in New Installation

Home Forums BulletProof Security Pro Custom Code in New Installation

This topic contains 4 replies, has 2 voices, and was last updated by  Living Miracles 8 months, 1 week ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #34499

    Living Miracles
    Participant

    Hi,

    I installed BPS Pro on a new GoDaddy Managed WordPress site today. While setting up the plugin, I noticed that there was already some code in the Root htaccess File Custom Code boxes (box 11 and 12). I usually don’t use box 11, but this is the code that was already in there before I made any customization:

    11. CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:
    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    #
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*livingmiracles.gr.*
    RewriteRule . - [S=1]

    Is this standard now that there is code pre-added to some Custom Code boxes? I’ve never come across that before when installing/setting up BPS Pro on a new site.

    Thank you so much!

    #34501

    AITpro Admin
    Keymaster

    The new BPS Pro 13+ version Setup Wizard AutoFix feature automatically creates any custom code that is needed.

    #34502

    Living Miracles
    Participant

    Oh, I see! Thank you. The above code, then, can you see what that’s for?

    #34503

    AITpro Admin
    Keymaster

    See the AutoWhitelist help section below. In a nutshell BPS checks which plugins and themes you have installed and then automatically creates fixes, etc. in BPS Custom Code for those plugins and themes.

    https://www.ait-pro.com/aitpro-blog/5457/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-13/

    13:
    • New Option & Feature: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup): This option is turned On by default and can be turned Off on the BPS Setup Wizard Options page. Setup Wizard AutoFix checks which plugins and themes you currently have installed and will display a BPS Setup Wizard AutoFix Notice to run the BPS Setup Wizard if any currently installed plugins or themes require Custom Code whitelist rules or AutoSetup. The BPS Setup Wizard automatically creates BPS Custom Code whitelist rules for known issues with any plugins and themes that need Custom Code whitelist rules. Setup Wizard AutoFix also automatically sets up and cleans up caching plugin’s htaccess code for these WordPress caching plugins: WP Super Cache, W3 Total Cache, Comet Cache Plugin (free & Pro), WP Fastest Cache Plugin (free & Premium), Endurance Page Cache and WP Rocket. Notes: These caching plugins were also tested, but do not require AutoSetup by the BPS Setup Wizard: Cache Enabler plugin and the Hyper Cache plugin. The Cachify plugin was tested, but could not be added to BPS Setup Wizard AutoFix due to a problem with the Cachify plugin creating invalid htaccess code. The Cachify plugin will be added at a later time once the problem is fixed in the Cachify plugin.

    Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) Automation:
    List of plugins and themes that have AutoFixes: Setup Wizard AutoFix

    AutoWhitelist: The Setup Wizard AutoFix feature automatically creates Custom Code whitelist rules for 100+ known issues with plugins and themes. Previous versions of BPS and BPS Pro required doing a manual copy and paste solution to manually add Custom Code whitelist rules to BPS Custom Code.

    AutoSetup: The Setup Wizard AutoFix feature automatically gets htaccess caching code from caching plugins (WP Super Cache, W3 Total Cache, Comet Cache Plugin (free & Pro), WP Fastest Cache Plugin (free & Premium), Endurance Page Cache and WP Rocket) and saves caching plugin’s htaccess code in BPS Custom Code. Previous versions of BPS and BPS Pro required doing a manual copy and paste solution to manually add caching plugin’s htaccess code to BPS Custom Code.

    AutoCleanup: The Setup Wizard AutoFix feature automatically removes any existing caching plugin’s htaccess code in BPS Custom Code and the Root htaccess file if the caching plugin is no longer activated or installed. Example scenario: You have Plugin X Caching plugin installed and decide to try Plugin Y Caching plugin. Setup Wizard AutoFix (AutoCleanup) will automatically remove any existing htaccess code from BPS Custom Code and the Root htaccess file for Plugin X Caching plugin. At the same time Setup Wizard AutoFix (AutoSetup) will automatically create Plugin Y’s Caching code in BPS Custom Code and the Root htaccess file. So instead of having to manually add or remove any caching plugin’s htaccess code in BPS Custom Code, the Setup Wizard AutoFix feature will automatically do that when you run the BPS Setup Wizard.

    AutoFix Debugging: BPS UI|UX Settings page > BPS UI|UX|AutoFix Debug: Turning On the BPS UI|UX|AutoFix Debug option will display: plugin or theme names and the BPS Custom Code text box where plugins or themes should be creating Custom Code whitelist rules. Usage: If the BPS Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) Notice is still being displayed after running the Pre-Installation Wizard and Setup Wizard then the BPS UI|UX|AutoFix Debug option should be turned On to find the exact plugin or theme and the Custom Code text box where the problem is occurring. Example Debug Displayed message: CC Root Text Box 10: WooCommerce Plugin. This option could also be used generally to see which plugins and themes BPS AutoFix is creating Custom Code whitelist rules for and which Custom Code text boxes the AutoFix whitelist rules will be created in.

    #34504

    Living Miracles
    Participant

    Thank you so much!!

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.