GDMW – Go Daddy Managed WordPress Hosting

Home Forums BulletProof Security Pro GDMW – Go Daddy Managed WordPress Hosting

This topic contains 26 replies, has 5 voices, and was last updated by  AITpro Admin 1 year, 4 months ago.

Viewing 15 posts - 1 through 15 (of 27 total)
  • Author
    Posts
  • #17291

    AITpro Admin
    Keymaster

    Go Daddy “Managed WordPress” hosting is a special type of hosting account and is not a regular/standard Go Daddy hosting account.

    First off I am very impressed with the load speeds on Go Daddy “Managed WordPress” hosting.  The “time to first byte” load speed is very impressive as well as overall website page load speeds.  There are some minor restrictions/limitations that come with this special type of hosting account, but that is because this type of hosting account is in a “managed” environment. If you were wondering what “managed” means it means the hosting environment is managed and not that your individual website is managed.

    http://support.godaddy.com/help/article/8943/managed-wordpress-file-editing-limitations
    Managed WordPress File-Editing Limitations
    Hackers love exploiting and defacing WordPress sites, which makes security a priority for everyone using WordPress. To help make Managed WordPress accounts as hack-proof as possible, we impose strict, security-oriented limitations on which files are editable.

    This feature means you can only edit the following directories and files on Managed WordPress accounts:
    /wp-content
    wp-config.php
    .htaccess
    favicon.ico
    You can also edit any directories or files you upload yourself, such as a php.ini file.

    BPS plugin features/options that are restricted or limited on Go Daddy “Managed WordPress” (GDMW) hosting

    The BPS plugin has a Setup Wizard option for Go Daddy “Managed WordPress” hosting.  If you have Go Daddy “Managed WordPress” hosting, which is special type of hosting account and is not a regular/standard Go Daddy hosting account, then select Yes for this option. The Go Daddy Managed WordPress option is an independent option meaning that you do not need to run the Setup Wizard again after selecting Yes and saving this option, but you can of course run the Wizards again at any time. The BPS free plugin also has a “Enable|Disable wp-admin BulletProof Mode” option on the Setup Wizard Options page for Go Daddy “Managed WordPress” hosting. If you have Go Daddy “Managed WordPress” hosting, which is special type of hosting account and is not a regular/standard Go Daddy hosting account, then select “wp-admin BulletProof Mode Disabled” for this option. The Go Daddy Managed WordPress option is an independent option meaning that you do not need to do anything else after selecting “wp-admin BulletProof Mode Disabled” and saving this option.

    WordPress Cron Jobs|BPS Cron Jobs and Cron Schedules
    Issue|Impact:  GDMW hosting disables standard WordPress Cron Jobs and Schedules and instead uses a custom GDMW Cron that runs every 10 minutes.  All BPS cron jobs still work, but you cannot change any cron job run times (schedules) in BPS and cron job timestamps (schedules) will not change because all cron jobs are controlled by and run by the GDMW 10 minute custom server cron job.

    Hidden Plugin Folders|Files Cron (HPF)
    Issue|Impact:  See WordPress Cron Jobs|BPS Cron Jobs and Cron Schedules above.  The HPF Cron Job does not work consistently when left turned On on GDMW hosting due to the custom GDMW Cron that runs every 10 minutes.
    Solution:  Turn the HPF Cron Off.  You can turn the HPF Cron On occaisonally to check your /plugins/ folder, but do not leave the HPF Cron Job turned On permanently.

    wp-admin BulletProof Mode
    Issue|Impact:  The wp-admin folder is restricted so this means that you cannot create a wp-admin .htaccess file.  Since the wp-admin folder is already protected by GDMW hosting then there is no downside/negative impact.
    Solution: Set the Enable|Disable wp-admin BulletProof Mode option on the Setup Wizard Options page to:  wp-admin BulletProof Mode Disabled. This turns off all error checking and status checks for wp-admin htaccess files.

    Maintenance Mode
    Issue|Impact:  Maintenance Mode cannot be used due to the way the template files are created.  Since BPS is primarily a security plugin that also includes Maintenance Mode then this does not take away from the security protection/benefits in BPS.
    Solution:  Find an alternative Maintenance Mode plugin to use.

    Login Security & Monitoring
    Issue|Impact:  Login Security & Monitoring:  Limit Login Attempts is installed by default on GDMW hosting and is not installed as a plugin that can be deactivated.  By default the Limit Login Attempts plugin overrides the BPS Login Security feature.  Since Limit Login Attempts is already protecting the login page with Login Security protection then there is no downside/negative impact.  The BPS Logging Options: “Log All Account Logins” option still logs all logins normally, but login security is handled by Limit Login Attempts.
    Solution:  Select the BPS Logging Options: “Log All Account Logins” option if you would like to log all logins to your website or turn off BPS Login Security.

    BPS Pro plugin features/options that are restricted or limited on Go Daddy “Managed WordPress” (GDMW) hosting

    The BPS Pro plugin has a Setup Wizard option for Go Daddy “Managed WordPress” hosting.  If you have Go Daddy “Managed WordPress” hosting, which is special type of hosting account and is not a regular/standard Go Daddy hosting account, then select Yes for this option. The Go Daddy Managed WordPress option is an independent option meaning that you do not need to run the Wizards again after selecting Yes and saving this option, but you can of course run the Wizards again at any time.  The BPS Pro plugin also has a “Enable|Disable wp-admin BulletProof Mode” option on the Setup Wizard Options page for Go Daddy “Managed WordPress” hosting. If you have Go Daddy “Managed WordPress” hosting, which is special type of hosting account and is not a regular/standard Go Daddy hosting account, then select “wp-admin BulletProof Mode Disabled” for this option. The Go Daddy Managed WordPress option is an independent option meaning that you do not need to do anything else after selecting “wp-admin BulletProof Mode Disabled” and saving this option.

    WordPress Cron Jobs|BPS Pro Cron Jobs and Cron Schedules
    Issue|Impact:  GDMW hosting disables standard WordPress Cron Jobs and Schedules and instead uses a custom GDMW Cron that runs every 10 minutes.  All BPS Pro cron jobs still work, but you cannot change any cron job run times (schedules) in BPS Pro and cron job timestamps (schedules) will not change because all cron jobs are controlled by and run by the GDMW 10 minute custom server cron job.

    Hidden Plugin Folders|Files Cron (HPF)
    Issue|Impact:  See WordPress Cron Jobs|BPS Cron Jobs and Cron Schedules above.  The HPF Cron Job does not work consistently when left turned On on GDMW hosting due to the custom GDMW Cron that runs every 10 minutes.
    Solution:  Turn the HPF Cron Off.  You can turn the HPF Cron On occaisonally to check your /plugins/ folder, but do not leave the HPF Cron Job turned On permanently.

    Plugin Firewall AutoPilot Mode Cron
    Issue|Impact:  See WordPress Cron Jobs|BPS Cron Jobs and Cron Schedules above.  The Plugin Firewall AutoPilot Mode Cron Job does not work consistently when left turned On on GDMW hosting due to the custom GDMW Cron that runs every 10 minutes.
    Solution:  Turn the Plugin Firewall AutoPilot Mode Cron Off.  You can turn the Plugin Firewall AutoPilot Mode Cron On occaisonally to check for Plugin Firewall whitelist rules, but do not leave the Plugin Firewall AutoPilot Mode Cron Job turned On permanently.

    wp-admin BulletProof Mode
    Issue|Impact:  The wp-admin folder is restricted so this means that you cannot create a wp-admin .htaccess file.  Since the wp-admin folder is already protected by GDMW hosting then there is no downside/negative impact.
    Solution: Choose Yes for the Setup Wizard Go Daddy Managed WordPress Hosting option.  This turns off all error checking, status checks, file writing, file creation for wp-admin htaccess files.

    Maintenance Mode
    Issue|Impact:  Maintenance Mode cannot be used due to the way the template files are created.  Since BPS is primarily a security plugin that also includes Maintenance Mode then this does not take away from the security protection/benefits in BPS Pro.
    Solution:  Choose Yes for the Setup Wizard Go Daddy Managed WordPress Hosting option.  Find an alternative Maintenance Mode plugin to use.  The BPS Pro Maintenance Mode menu is hidden when the Go Daddy Managed WordPress Hosting option is set to Yes.

    Login Security & Monitoring *See JTC Anti-Spam|Anti-Hacker information below
    Issue|Impact:  Login Security & Monitoring:  Limit Login Attempts is installed by default on GDMW hosting and is not installed as a plugin that can be deactivated.  By default the Limit Login Attempts plugin overrides the BPS Pro Login Security feature.  Since Limit Login Attempts is already protecting the login page with Login Security protection then there is no downside/negative impact.  The BPS Pro Logging Options: “Log All Account Logins” option still logs all logins normally, but login security is handled by Limit Login Attempts.
    Solution:  Select the BPS Pro Logging Options: “Log All Account Logins” option if you would like to log all logins to your website or turn off BPS Login Security.

    JTC Anti-Spam|Anti-Hacker *See Login Security information above
    Issue|Impact:  JTC Anti-Spam|Anti-Hacker ONLY works if BPS Pro Login Security is turned On.  If you turn Off BPS Pro Login Security then JTC will not work on GDMW hosting.  Recommendation:  Set BPS Pro Login Security Logging Options to: “Log All Account Logins”.  Limit Login Attempts on GDMW hosting will override BPS Pro Login Security, but the log all account logins feature works correctly.
    Solution:  Turn BPS Pro Login Security On and select the BPS Pro Logging Options: “Log All Account Logins” option if you would like to use JTC Anti-Spam|Anti-Hacker on GDMW hosting.

    AutoRestore|Quarantine
    Issue|Impact:  The wp-admin and wp-includes folders are completely restricted on GDMW hosting, which is great since that means they are already protected.  AutoRestore|Quarantine does not check the wp-admin and wp-includes folders on GDMW hosting when the Go Daddy Managed WordPress Hosting Setup Wizard option is set to Yes.  New: The wp-content folder is now also restricted on GDMW hosting, which means that AutoRestore cannot monitor folders or files under the wp-content folder.
    Solution:  Choose Yes for the Setup Wizard Go Daddy Managed WordPress Hosting option.  This will exclude the wp-admin and wp-includes folders from being checked by AutoRestore|Quarantine.  GDMW Hosting wp-admin check is Turned Off and GDMW Hosting wp-includes check is Turned Off is displayed on the AutoRestore page.  Note:  2 gd-config.php files (dynamically updated files) will be quarantined at some point and will need to be excluded from being checked by AutoRestore in the future.  See this video tutorial for how to exclude these individual files from being checked by AutoRestore:  http://forum.ait-pro.com/video-tutorials/#autorestore-quarantine

    F-Lock:  File Lock
    Issue|Impact:  The index.php and wp-blog-header.php files are restricted on GDMW hosting, which is great since that means they are already protected.  These 2 files cannot be locked or unlocked.  These files will not be checked on GDMW hosting when the Go Daddy Managed WordPress Hosting Setup Wizard option is set to Yes.
    Solution:  Choose Yes for the Setup Wizard Go Daddy Managed WordPress Hosting option.  This will exclude the index.php and wp-blog-header.php files from being checked by F-Lock.

    F-Lock:  Folder Lock
    Issue|Impact:  The Folder Lock feature is restricted on GDMW hosting and cannot be used.
    Solution:  Do not turn Folder Lock On on GDMW hosting since it cannot be used on GDMW hosting.  By default Folder Lock scans folders during running the Setup Wizards, but Folder Lock is set to turned Off by default when running the Wizards.

    #28097

    Hannah
    Participant

    [Topic has been merged into this relevant Topic]
    One of my clients just chose to migrate her site from regular shared hosting to Managed WordPress hosting on GoDaddy. I am now having a similar issue. Here is the pre-flight result, everything above and below this is green.
    Error: wp-admin BulletProof Mode cannot be activated.
    If your Server configuration is DSO you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: DSO Setup Steps
    Pass! The default.htaccess Default Mode Master htaccess file was created successfully.
    Your current Root .htaccess file is not locked. In order to ensure that the Setup Wizard completes successfully your files will NOT be locked by BPS Pro F-Lock. Your F-Lock settings will be set to “Turn Off Checking & Alerts”.
    I tried to paste the system info section you asked Simon for above but it keeps reverting to code in Visual mode so I’ll leave it off unless you ask for it.. I’m not sure what to do, so I’ll wait for your reply.

    #28105

    AITpro Admin
    Keymaster

    @ Hannah – See the list of restrictions and limitations above that Go Daddy Managed WordPress Hosting (this is special type of GD Managed hosting and is not standard GD Hosting) has.  Several BPS Pro features are affected.

    #28107

    Hannah
    Participant

    Thank you

    #28108

    Hannah
    Participant

    OK, just sifted through the settings, activated Root folder BPS mode, and I think I have it all right.

    Just one thing seems to be lingering, and that is an issue with the PHP Error log file path.

    BPS says the log file is writable, but there is a discrepancy between the file path seen by the server (which appears to be the old path on regular shared hosting) and the recommended file path, resulting in a error message at the top of the screen “<span style=”color: #fb0101;”>PHP Error Log Path Does Not Match.</span>”

    When it’s set to the recommended path I see the pre-existing errors in the log, but testing with the recommended path does not print the test error to the log file. With this setting I see both the Last Mod time in DB and in the file, and they agree.

    Testing with the path seen by the server generates an error “PHP Error Log File Not Found! Either the PHP Error Log Folder Location has not been set yet or the PHP Error Log Folder Location path that you set is incorrect. Click the Htaccess Protected Secure PHP Error Log Read Me Help button for more info,” and that is all I see in the log. With this setting I see only the Last Mod time in DB, with no time showing for the file at all. I’m pretty sure this path is to the old error log on regular shared hosting.

    I read the Read Me note, but I don’t see anything that addresses this situation specifically so I’m not sure how to proceed.

    #28110

    AITpro Admin
    Keymaster

    Change the php error log path on the ini_set Options page > ini_set PHP Error Log Location Set To: and add the recommended path, click buttons 1 and 2.

    #28111

    Hannah
    Participant

    Yup, that did it! Testing after changing that setting resulted in the correct behavior of the test error, and the Last Mod time in the file updated properly too. Thanks again for all your expertise and understandable, actionable instructions on how to fix things. You’re awesome.

    #30242

    Clint
    Participant

    [Topic has been merged into this relevant Topic]
    Hi, Just started to use BPS Pro and load the bonus codes.

    Can I use the ‘Speed Boost Cache Code’ when hosted on GDMW hosting?

    This special hosting has server cache and forbids WordPress plugin cache tools.

    I understand this is a browser cache tool so may be OK?

    Great plugin 🙂  bit of a learning curve tho! lol

    #30245

    AITpro Admin
    Keymaster

    @ Clint – Yep, the Speed Boost cache code is htaccess Browser caching code and it is allowed/does work on GDMW hosting.  See the beginning of this forum topic for BPS Pro features that are limited or restricted on GDMW hosting.

    We currently have someone with GDMW hosting testing this theory out below.  So if you would be willing to also test this theory out on your website then set the HPF Cron frequency and the Plugin Firewall AutoPilot Mode Cron frequency to 10 minutes and let us know what happens after a day of testing.

    We thought of something that may work with the GDMW custom Cron Job 10 minute schedules. Maybe setting the HPF Cron and Plugin Firewall AutoPilot Mode Cron frequencies to 10 minutes would synchronize BPS cron jobs to the custom GDMW cron job 10 minute schedule. We assume the synchronization theory (if it works at all ), would kick in after the first or second cron job interval. Ie the first time the GDMW cron job is run then in theory the BPS cron job would be rescheduled to 10 minutes and then on the next GDMW cron job run the cron may or may not be synchronized and if this works at all then it may take 2 cron job runs to get the cron schedules to synchronize.

    #30484

    Clint
    Participant

    [Topic has been merged into this relevant Topic]
    Hi,

    I am currently seeing these notifications after attempting an edit to the htaccess custom code (hotlinking).

    • htaccess Files Disabled: Master htaccess file writing is disabled.
    • htaccess Files Disabled: default.htaccess Master file is disabled.

    Under the ‘Security Modes’ tab > Master htaccess Folder (MBM), I am seeing MBM Status: Disabled.
    I have tried the Activate & Deactivate buttons, both offer no change.
    Under the ‘htaccess File Editor’ tab, Autolock is showing ‘OFF’.
    I have tried the Unlock htaccess File button, again with no change.
    FYI: I am on Godaddy WordPress hosting.
    BPS Pro 12.2.  All other items are up to date.
    I’ve tried various searches but can’t find anything relevant.

    Regards, Clint

    #30487

    AITpro Admin
    Keymaster

    @ Clint – Since you have Go Daddy Managed WordPress hosting then you want to use the Go Daddy Managed WordPress Hosting (GDMW) option on the Setup Wizard Options page and select: Yes and change the Enable|Disable htaccess Files Setup Wizard Option setting to: htaccess Files Enabled.  Then run the Pre-Installation Wizard and Setup Wizard again.  You should then be able to use/edit/activate all BPS htaccess files except for the wp-admin htaccess file since Go Daddy Managed WordPress hosting does not allow you to have a wp-admin htaccess file.

    #30602

    bill
    Participant

    [Topic has been merged into this relevant Topic]
    Hi, AITpro.

    I received an email from GD saying that they updated a GDMW website for me and no further action was needed. Being that I’ve had this account for several months and other updates were seamless, I thought nothing else about it. Surprisingly, I started receiving AutoRestore/Quarantined email notifications soon thereafter. Ten files in one notification, 20 in another. When I viewed the listing it was the same 8-10 files:

    wp-login.php, wp-settings.php, wp-signup.php, wp-mail.php, wp-load.php, readme.html, xmlrpc.php, wp-activate.php, wp-links-opml.php.

    Again, being that this was the first update where this occurred, I’ve been deleting the files… but they just return minutes later. And, since the notifications keep coming as well, I figured it was now time to inquire on what I should do.

    Thank you for your time.

    Bill

    #30607

    AITpro Admin
    Keymaster

    @ bill – You do NOT want anything except for WordPress itself to update WordPress files.  WordPress has Automatic Updates, which automatically updates WordPress files.  BPS Pro works seamlessly with WordPress Automatic Updates and WordPress Shiny Updates.  BPS Pro AutoRestore has no way of telling whether Go Daddy or a hacker is adding/modifying files on your website – that is simply just not possible to do.  So if Go Daddy does add/modify WordPress files then you do NOT want to Delete the files from Quarantine and instead want to Restore the files from Quarantine.  This is assuming that the new files were added/modified by Go Daddy and they are new valid WordPress files.  Recommendation:  Only allow WordPress Automatic Updates to install/update WordPress files and do NOT allow anything else to automatically install/update WordPress.

    To resolve the issue of files being repeatedly quarantined, go to the WordPress Dashboard menu > Updates menu > click the Re-Install Now button to reinstall new WordPress files.

    #30616

    bill
    Participant

    Thank you for your response.

    That was actually my first thought/approach when the messages started, but when I went there (“updates”), it didn’t give me the option. It reads: “last checked on *date and time* and has a ‘check again'” button. On my other sites (this is the only GDMW site), it does say/show exactly what you’ve noted.

    Update: I will restore the files, hope for the best and report back with the result.

    #31867

    Hannah
    Participant

    GoDaddy is indeed pushing updates to core files (and plugins). This morning I woke up to the white screen of death on a site I had painstakingly updated last night. The core version had been rolled back to 4.6.1 and there were widespread errors in the public facing site and Admin. Called GoDaddy and the rep said that becuse they push out all updates, they prefer not to have code regarding automatic updates in wp-config.php and removed the code to disable automatic updates from ours. He was surprised they hadn’t updated our site yet, but they were also having a problem with the server – apparently an attack that had everyone’s attention and was affecting all sites in various ways (an example on our end was that the server “forgot” our ftp password so I couldn’t access the site that way). I had a lot of trouble with this core update on various hosts, though. It included three new directories and ARQ quarantined them immediately, so two of the first three sites I updated went down. Once I figured out what was happening I was able to get through the rest by backing up, turning off ARQ first, carefully updating everything one at a time, then running the Pre-Flight Wizard and Setup Wizard and backing up again. I’d like to know how to set BPS Pro/ARQ so it’s best prepared handle this GDMW update policy…I hate to turn off ARQ but can’t imagine a site surviving an automated update scenario like this one.

Viewing 15 posts - 1 through 15 (of 27 total)

You must be logged in to reply to this topic.