Elementor Pro Login – JTC Anti-Spam

Home Forums BulletProof Security Pro Elementor Pro Login – JTC Anti-Spam

Viewing 15 posts - 16 through 30 (of 34 total)
  • Author
    Posts
  • #38563
    AITpro Admin
    Keymaster

    Thanks for the Kudos. One other thing that I forgot to mention is that I did see a 500 error once. I believe that was caused by an excessive page load time and your host server crashed/aborted loading the page. Once you have WP Rocket setup on your site then that should take care of that issue permanently. Typically web hosts either use a 500 or 503 error when the server crashes/aborts website page loads in “overload” situations. If a 500 or 503 error is occurring randomly instead of constantly then it is a server overload/abort/crash due to “overload”.

    #38564
    Petrus
    Participant

    Can I allow WP Rocket to minify or must leave that disabled there too?

    #38565
    AITpro Admin
    Keymaster

    HMTL and CSS minification do not cause any problems for any other plugins or themes that I am aware of.  js minification/compression/combining on the other hand is known to commonly cause problems in a lot of plugins and themes. We have experimented with js minification and it does not significantly improve website performance. Depending on how js minification is being done by a plugin it may break the BPS Pro Plugin Firewall.

    #38568
    Petrus
    Participant

    If we add new pages, do we have to do the following procedure again:

    Next go to the BPS Pro > Plugin Firewall > click the Test Mode button > visit all of the main pages of your websites.
    Wait 5 minutes and then go back to the BPS Pro Plugin Firewall page/section.
    Click the Plugin Firewall AutoPilot accordion tab.
    Change the AutoPilot Mode Cron Check Frequency to 10 minutes.
    Click the Save AutoPilot Options button and then click the Plugin Firewall Activate button.
    Note: Since you were previously using the WP Hide plugin then BPS Pro Plugin Firewall AutoPilot Mode was not able to automatically create Plugin Firewall whitelist rules.
    So it is necessary to force this process by using the Plugin Firewall Test Mode feature.

    We’re going without WP Hide plugin because we now have BPS. Is there a way to ‘fix it’ so that it cah automatically create the whitelist rules again? / Or when we add a new page?

    #38569
    AITpro Admin
    Keymaster

    You only need to run the Plugin Firewall Test Mode once and only for websites where you previously were using the WP Hide plugin.  For a new website that did not have the WP Hide plugin installed previously you would not need to run the Plugin Firewall Test Mode at all. What Test Mode is checking for is frontloading plugin scripts on your website pages that need to be whitelisted in the Plugin Firewall because those frontloading plugin scripts need to be publicly accessible to visitors to the website.  The reason you visit all of your current main website pages is to make sure that Test Mode finds all the frontloading plugin scripts that should be whitelisted. If you add/install a new plugin that has frontloading plugin scripts that need to be whitelisted then the Plugin Firewall AutoPilot Mode cron runs every 10 minutes (or the other time interval option setting that you choose) and will automatically create any new Plugin Firewall whitelist rules that need to be created.

    The Plugin Firewall does not whitelist plugin scripts by website page (new or old) and instead whitelists frontloading plugin scripts by plugin. Typically WordPress plugins that have frontloading plugin scripts will load their plugin scripts on all of your website pages. Some plugins like Contact Form plugins or Google map plugins may only load their plugin scripts on particular website pages.  So that is why you want to visit all of your main website pages to make sure Plugin Firewall Test Mode finds all of the frontloading plugin scripts for a website.

    #38573
    Petrus
    Participant

    Is there any way to obfuscate plugins used on a WordPress site by BPS? WP Hide can do it.
    Our aim is not to prevent bots, we just don’t want people to know what’s under the hood.

    #38574
    AITpro Admin
    Keymaster

    The BPS Pro Plugin Firewall literally protects all of your WordPress plugins.  The Plugin Firewall allows access to your WordPress /plugins/ folder for only your public IP address (all WP Administrators that are logged into the website). Your Plugin Firewall IP address is updated in real-time so if/when it is changed by your ISP your new IP address is automatically updated/whitelisted in the Plugin Firewall.  So you don’t need to hide anything since you have actual real website security = BPS Pro. That includes WordPress plugin protection and every other possible attack vector. 😉  99% of all hacking and spamming is done/automated using bots.  It is very rare that a human hacker will attack a website one on one.

    #38587
    Petrus
    Participant

    Yea it’s not an attack we are worried about. We just don’t want the opposition to be able to see what we used to build our sites. A lot of time and effort went into it and we spent 8 months building each site. It’s because we made sure all plugins can work together, then we resolve js conflicts one by one and optimize. Really demotivating if someone can then just come ans scan to see what plugins you uses so they can replicate it.

    OK that means we have to keep wp hide on, if only to prevent snooping from humans….

    #38588
    Petrus
    Participant

    When WP Hide & Security Enhancer PRO is on, and nosy people try to use scanwp.net or similar sites, they cannot find our plugins used.
    It’s very effective to prevent intermediate skilled competition to see what’s being used to create the website and functionality.
    Would just have been awesome if BPS had this so we can uninstall the other product completely.

    WPS Hide renames the login url… If BPS could do what those plugins do, man it would be awesome.

    No one would need anything else ever! Just giving some feedback lol

    Awesome product!!

    #38591
    AITpro Admin
    Keymaster

    “When WP Hide & Security Enhancer PRO is on, and nosy people try to use scanwp.net or similar sites”. Yep, scanning goes on all day every day all year long til the end of time by hackers and spammers. 😉  Scanning is also automated. Hackers and spammers would not have the time or resources to manually look for websites so they use hacking/spamming delivery systems that launch automated bots that scour the Internet for potential targets.  The bots basically scan, spider, index, etc. and report what they found back to the origin delivery system. A human can also run a manual scan in cases where they are trying to replicate/duplicate your website/plugins/themes, etc.

    Originally you decided to deactivate the WP Hide & Security Enhancer PRO plugin, but I was only suggesting that you turn off js minification in that plugin.  js minification is very problematic and is known to break things in numerous plugins. js minification breaks the BPS Pro Plugin Firewall. So if you choose to keep using js minification then just turn off/deactivate the BPS Pro Plugin Firewall feature.

    We had thought about doing something like hiding WordPress many years ago, but decided that it was just a gimmick feature and not really real website security. Hiding things does make it a little more difficult and time consuming for humans and bots to find things, but the rule is – if something is displayed publicly then it can never really be hidden. The only way to truly hide something is to not have it displayed publicly, which of course would mean that your website would not be publicly displayed.  Google, PayPal, Twitter, facebook, banking websites don’t try to hide anything and instead have website security measures in place to protect their websites. We follow that same type of method with BPS Pro. ie provide real website security features without hiding or changing the default functionality of WordPress, etc.

    Hiding the WordPress login URL also falls into the category of gimmicky. BPS Pro has 2 features that protect the WordPress login page without changing the default functionality of WordPress > Login Security & Monitoring and JTC Anti-Spam|Anti-Hacker.  The most significant benefit of these security features is that they block spambots and hackerbots from auto-registering, auto-logins and auto-posting on a website. ie dealing with the occasional human spammer is very manageable vs dealing with spambot registrations and auto-posting, which can be very time consuming to manage/clean up.

    In summary, the WP Hide & Security Enhancer PRO plugin may cause some unusual issues/problems in other plugins that you are using including BPS Pro.  So you want to thoroughly test things on your website to make sure they are working and if some things are not working then you would need to make some adjustments in either your WP Hide & Security Enhancer PRO plugin and/or other plugins. ie BPS Pro Plugin Firewall or other features and of course other features in other plugins.

    #38603
    Petrus
    Participant

    Hi there, is this error caused by BPS? If so any idea how to resolve it?

    WP Rocket cannot configure itself due to missing writing permissions.
    Affected file/folder: wp-content/advanced-cache.php
    Troubleshoot: How to make system files writeable

    #38604
    Petrus
    Participant

    Never mind, WP Optimize sneakily turned on cache. I only use it for db optimize. Turned cache off and all is good.

    #38605
    Petrus
    Participant

    Any idea how to make this error go away:

    WP Rocket could not modify the .htaccess file due to missing writing permissions.

    Tried running setup wizard as well as follow the instructions to the letter that you gave me for church.pkvstagingserver.com but no go lol

    #38606
    Petrus
    Participant

    Get this every time I try to deactivate WP Rocket:
    WP Rocket has not been deactivated due to missing writing permissions.
    Make wp-config.php writeable and retry deactivation, or force deactivation now:

     

    #38607
    Petrus
    Participant

    At the realization that I sound like I have no idea what I’m doing… I went to check the file permission. It was 0400. Changed it to 0644 and everything’s happy. All WP Rocket errors gone. No idea how it got changed, I certainly did not do it….

Viewing 15 posts - 16 through 30 (of 34 total)
  • You must be logged in to reply to this topic.