Firewall Breaks BPS Pro and Plugin Menus

[Jenna]

Hello guys, I’m having some trouble with my BPS pro. It seems to be working great until I activate the firewall setting. I’ve checked the plugin dir and yes it has placed the .htaccess file no problem. But after that, the BPS menu and all my other plugin menus go nuts and disappear or look funky. BPS pro is like one long page of txt and no graphics. I’ve looked at your help and at the forums but didn’t find a solution. Thanks!

[AITpro Admin]

If BPS Pro menus are not displaying correctly and other plugin menus are not displaying correctly then the Plugin Firewall Whitelist setup steps were not done correctly.  Please watch this BPS Pro setup video tutorial here:  

http://www.ait-pro.com/aitpro-blog/2841/bulletproof-security-pro/bulletproof-security-pro-overview-video-tutorial/

Please post back here if the problem is still occurring after doing the Plugin Firewall Whitelist steps again.  Thanks.

[Jenna]

Thank you, I respect that answer, kind of. I just don’t totally agree the blond did it wrong. During the setup of the firewall, the scan processes didn’t produce any results. That in turn caused a domino effect in this processes. The plugin white list processes is kluge at best and complex for a greenhorn such as myself. 🙂 If I knew all the file systems and vulnerabilities of said files or plugins, I might know what to change or add manually. But then again, I wouldn’t need a plugin.  I did my best to pick the security logs over and find some gold referring to the plugins, but still no joy after I made some manual edits.

[AITpro Admin]

LOL wow I guess my reply was taken the wrong way.  I did phrase my words in a way that kind of could be interpreted as blame. It was a quickie response (juggling 100 things at once as always) that should have included – if the Plugin Firewall Whitelist scanner is not working on your website for one of the known reasons – Minifying plugin blocks the scanner, copyright protection plugin blocks the scanner, Themes and plugins that embed source code in your pages break the Whitelist scanner entirely.

Typically when the BPS Pro menus are broken themselves then what causes that is that [obsolete-removed] is not clicked before activating the Plugin Firewall BulletProof Mode so I went for the obvious thing first.  There could of course be something else on your site that is causing this problem and or multiple problems.

Please post the contents of your Plugin Firewall htaccess file so I can see if everything looks ok.  Thanks.

[AITpro Admin]

I think the use of the word “kluge” is totally off.  The Plugin Firewall Whitelisting tools are making something that is very complex, very simple and amazingly works flawlessly in 95% of the cases.  When you take into consideration all the millions of scenarios and variables then of course there is going to be a percentage where something is not going to work – 5% scan failure due to something on the site breaking or blocking the Whitelist scanner is very acceptable.

The Plugin Firewall itself is a new radical concept that is doing something pretty amazing that has never been attempted before and doing it perfectly in most cases.  There is a new Plugin Firewall Test Mode in development which will make it much simpler to let someone know right away that something on their website is breaking or blocking the Plugin Firewall Whitelisting scanner and alternative methods of Whitelisting will have to be done due to whatever specific pre-existing issue/currently existing issue/problem/etc is occurring.  But like I said 95% of folks get perfect scan results.  So what I am looking at now is improving the alternative methods of whitelisting when the scanner is blocked or broken on some sites.

And in the cases when a Minifying plugin is being used then the original source code cannot be whitelisted period because the true source of the code is completely lost.  I am still looking at this, but do not honestly see that a working solution can be created due to the what a Minifying plugin is designed to do so at this point the only solutions are to create exceptions for certain plugin scripts and not Minify those particular scripts.  What is alarming to me is that I discovered in researching this issue how easy it is to exploit plugin scripts once they have been minified – some of them lose very signficant built-in security coding safeguards and checking.  My findings were enough to make me very sure that I would never use a Minifying plugin.  LOL

[Jenna]

I agree, you’ve created a heck of a great plugin here. It works great and I think you guys are genius the way it is put together. I feel my Kluge comment was from frustration of attempting to follow along the provided video setup instructions. After pausing 10 times during the video and taking notes. It took 25 min of setup labor and I’ve lost my menu systems on BPS pro. 🙁 Just a suggestion, but maybe the videos could be a little slowed down and have some onscreen text or arrow placement. I know, I’m slow and well aren’t all of us GUI folks?
I went through the firewall processes again, with 1, 2, 3, 4, 5 and for luck I did a small but happy hokie pokie. Still no joy there, I have no menus. Thanks for working with me. Oh, this ” Minify” plugin. I don’t have that and I don’t know what that is. I’m using a few basic very well supported plugins, SEO Yoast and such. But pretty much simple stuff. I don’t understand why the firewall is messing with them or whatever.
Here is the plugin firewall .htaccess info you requested:

[Firewall code removed – copied and pasted to my computer to look at]

[AITpro Admin]

Eureka!  I was looking at this all wrong.  The simple solution with the new Plugin Firewall Test Mode is this.

The Plugin Firewall Test Mode simulates that you are a visitor to the website and will create an IP address that is in your subnet, but different then your actual IP address for testing purposes.

The Plugin Firewall Test Mode will retrieve the Security Log Errors and display them in the correct whitelist format to make it simple to copy and paste them into the Whitelist text area and save the plugin scripts all at the same time.  The Plugin Firewall Test Mode can be used before or after activating the Plugin Firewall because it will work/test independently for any errors that are occuring.

I actually should have taken this approach from the beginning, but I did not foresee the potential issues that are currently causing problems for the Whitelist scanner.

The issue with Minifying plugins will not change because that is an entirely different issue/problem.  You cannot whitelist some plugin scripts that have been minified period.

 

[Jenna]

OK, Can I get that in English? Is there something you want me to try?

[AITpro Admin]

I was just thinking out loud.  The Plugin Firewall Test Mode does not exist yet.  It will in the next BPS Pro version release – BPS Pro 5.6. We just coincidentally were posting above at the same time.  I will look at your Firewall code now to see what I can see.

[AITpro Admin]

Ok after looking at your Whitelist I need to log into your site and just take care of this for you.  Somewhere I have completely confused you in the video tutorial or in my help files so I think the best solution in this case is for me to log in and take care of this.  Also I would like to find out which plugin or theme is blocking the Whitelist scanner on your site.  I have a list I have started and there are 3 plugins and 1 Theme that will cause the whitelist scanner to malfunction.  Anyway once the new Plugin Firewall Test Mode feature is completed in the next BPS Pro version release then this should make getting the correct plugin scripts to whitelist nice and simple so this type of issue would not occur.  Send me an Admin login to the site to edward at ait-pro dot com.  If you are creating a temporary Admin account for me then please use a secure password.  Thanks.

[AITpro Admin]

A manual typo in the Plugin Firewall .htaccess file was most likely the cause of the broken menus as we discussed.  In any case all is working perfectly now.  And too funny that your site just happened to not have any plugin scripts that needed to be whitelisted.  When I add the new Plugin Firewall Test Mode in BPS Pro 5.6 then it will tell you if everything is all good and that no plugin scripts were found that need to be whitelisted.  The current displayed message can be interpreted to mean either there is a problem with returning scan results or no scan results were found.  So that definitely needs to changed to make it absolutely crystal clear one way or the other and the new Test Mode will do just that.

[Jenna]

Thank you much AITpro Master! Our BPS Pro purchase was worth every penny! We will be looking for more of your software genius greatness in the next releases. Be good to you. Jenna!

[AITpro Admin]

LOL AITpro Master.  You crack me up Jenna.  🙂  It was nice chit chatting with you.  We both escaped corporate hell and are much better off for that.  Funny how all my pre-corporate life I wanted a cubicle to call my own.  No amount of money will ever be enough for me to sit in another corporate sweatshop cube ever again.  LOL

[Author]

Posts