Failed to Activate BulletProof Security wp-admin Folder Protection!

Home Forums BulletProof Security Free Failed to Activate BulletProof Security wp-admin Folder Protection!

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #8716

    After creating the default.htaccess and secure.htaccess files, I get this error on activating “website wp-admin folder .htaccess Security Mode”: “Failed to Activate BulletProof Security wp-admin Folder Protection! Your wp-admin folder is NOT protected with BulletProof Security!”
    Activating “Website Root Folder .htaccess Security Mode” gives no problem.

    What can I do to still activate “website wp-admin folder .htaccess Security Mode”? Copying the files by hand?

    #8717
    AITpro Admin
    Keymaster

    Do you have any restrictions on the /wp-admin folder?  Folder permissions, etc.?

    What folder permissions do you see on the Security Status page?

    Example:  wp-admin/ ../wp-admin 705 0705

    #8726

    Folder permissions:

    .htaccess ../.htaccess 644 0666
    wp-config.php ../wp-config.php 644 0666
    index.php ../index.php 644 0644
    wp-blog-header.php ../wp-blog-header.php 644 0644
    root folder ../ 755 0750
    wp-admin/ ../wp-admin 755 0755
    wp-includes/ ../wp-includes 755 0755
    wp-content/ ../wp-content 755 0777
    wp-content/bps-backup/ ../wp-content/bps-backup 755 0755

    I think it’s another problem. Going into the DA panel I’ve searched for the wpadmin-secure.htaccess file in files. It’s owned by apache and not by me. I cannot “reset owner” or rename or move the file.
    Am I right? What can I do about it without going into the DA panel?

    #8728
    AITpro Admin
    Keymaster

    See these one-time manual DSO Setup steps.
    http://forum.ait-pro.com/forums/topic/dso-setup-steps/

    The next version of BPS will be using the WordPress Filesystem API to do this automatically.

    #8740

    Because I got an error on “Activate Website wp-admin Folder .htaccess Security Mode”, I started with step 1.
    I got stuck on step 3. I cannot change folder permissions. Perhaps because I’m not the owner of the several files but “apache” is? I tried to “reset owner”, but that’s also not possible: “An error occured while resetting the file ownership”

    I managed to follow the steps 4, 5 and 7.

    When I want to backup the files, I get the following errors:
    Failed to Backup Your Root .htaccess File! File copy function failed. Check the folder permissions for the /wp-content/bps-backup folder. Folder permissions should be set to 755.

    Failed to Backup Your wp-admin htaccess File! File copy function failed. Check the folder permissions for the /wp-content/bps-backup folder. Folder permissions should be set to 755.

    and

    Failed to Backup Your default.htaccess File!
    Failed to Backup Your secure.htaccess File!
    Failed to Backup Your wpadmin-secure.htaccess File!
    Failed to Backup Your maintenance.htaccess File!
    Failed to Backup Your bp-maintenance.php File!
    Failed to Backup Your bps-maintenance-values.php File!

    Guess now it’s gotten worse :'(

    #8741
    AITpro Admin
    Keymaster

    Try doing step 1.  WordPress also has several other options for DSO Servers that may work for your particular DSO Server configuration.

    http://codex.wordpress.org/Editing_wp-config.php#Override_of_default_file_permissions

    To find out, which Filesystem method WordPress is trying to use for your site you can add this code check to the BPS System Info page.  This will be a new standard check in the next BPS version.  /bulletproof-security/admin/options.php Code line 2183.

    echo __('Operating System', 'bulletproof-security').': <strong>'.PHP_OS.'</strong><br>';
    echo __('WP Filesystem Method', 'bulletproof-security').': <strong>'.get_filesystem_method().'</strong><br>';
    #8742
    AITpro Admin
    Keymaster

    Also the only way to change Ownership is you must be logged in as a root admin.  This cannot be done with an FTP user and requires that you login to the Server directly or use SSH.

    #8746

    WP Filesystem Method: direct

    I’m not the owner of the server, I only have a Direct Admin account login. So I can’t login as root. And I cannot login via SSH.

    I’ve edited the

    define('FS_METHOD', 'ftpext');

    to

    define('FS_METHOD', 'direct');

    But I still get the same errors.

    Since I run a test website and I copied wpadmin-secure.htaccess by hand in the admin folder, I don’t get any errors on the security status page. (Except it can’t make any backups. I don’t get any erros while making the backup, but it still says:)

    Your Root .htaccess file is NOT backed up either because you have not done a Backup yet, an .htaccess file did NOT already exist in your root folder or because of a file copy error. Read the “Current Backed Up .htaccess Files Status Read Me” button for more specific information.

    Your wp-admin .htaccess file is NOT backed up either because you have not done a Backup yet, an .htaccess file did NOT already exist in your /wp-admin folder or because of a file copy error. Read the “Current Backed Up .htaccess Files Status Read Me” button for more specific information

    Because the test site is likely to run ‘better’. I decided to delete the plugin and all it’s content on ftp on the main site. Then I reinstalled it. I found out that I had to put the file permissions of the wp-content folder on 777 for it to run without any errors. The status page says everything is okay now, but I cannot make any backups now, same problems as the test site.

    I decided to leave things as they are now and wait for the new BPS version to come online. Hopefully problems are being solved by then? Thanks for your help tough.

    #8753
    AITpro Admin
    Keymaster

    If the WordPress Filesystem API is using the direct method and things are not automatically working then most likely you would need to add these additional Constants into your wp-config.php file.

    Try this first:

    define('FS_CHMOD_DIR', (0755 & ~ umask()));
    define('FS_CHMOD_FILE', (0644 & ~ umask()));

    Try this next if the first Constants do not work:

    define( 'FS_CHMOD_DIR', 0777 );
    define( 'FS_CHMOD_FILE', 0777 );

    I do not think you would have to add this Constant in the wp-config.php file since WordPress is already trying to use the “direct” Filesystem Method, but if both of these things above do not work then try adding the additional FS_METHOD Constant.

    Try this first:

    define( 'FS_METHOD', 'direct' );
    define('FS_CHMOD_DIR', (0755 & ~ umask()));
    define('FS_CHMOD_FILE', (0644 & ~ umask()));

    Then try this:

    define( 'FS_METHOD', 'direct' );
    define( 'FS_CHMOD_DIR', 0777 );
    define( 'FS_CHMOD_FILE', 0777 );

    The new Automated DSO coding in BPS will attempt to make everything work for every type of DSO configured Servers by using/hooking into the WordPress Filesystem API.  If using the WordPress Filesystem API does not work then BPS will not attempt any other automation methods since they would definitely fail anyway on these particular DSO Server configurations types. We hope to achieve a realistic 90% BPS automation success rate for the many different variations/configurations of DSO configured Servers and expect a 10% BPS automation failure rate.  BPS has a 100% automation success rate for CGI configured Servers, but CGI and DSO are 2 completely different animals.  😉

    #8754
    AITpro Admin
    Keymaster

    Your particular DSO Server configuration would fall under the 10% failure group in the first round of BPS DSO automation code.  We will try to continue to expand the BPS automation code to try and include additional DSO Server configuration types in the next round of DSO automation code, but we expect at best an increase of 8-9% failure rate for other types of DSO Server configurations that are just not possible to automate.

    #9210
    AITpro Admin
    Keymaster

    The DSO Automation project was abandoned due to complications.  See this Topic link below for DSO Setup steps.

    http://forum.ait-pro.com/forums/topic/dso-setup-steps/

Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.