Gmail oauth Plugin – GMAIL SMTP Help

[Ephraim]

I must admit that I’m completely new at this. So I tried to copy what was done in the wp-admin .htaccess file comments.

I am trying to run the script to authorize oauth to use gmail for sending messages.

I am getting a 403 error which is clearly blocked by BPS.

Here is the URL that it’s supposed to run… mywebsite.com/wp-admin/options-general.php?page=gmail-smtp-settings&action=oauth_grant

What I copied was this…

RewriteCond %{REQUEST_URI} (options-general\.php|post\.php) [NC]
RewriteRule . - [S=2]

Which clearly didn’t do the job… and well… I don’t understand what it’s actually doing. (Hey, at least I admit it)

What the log file actually says:

[403 GET Request: 9 May 2022 - 9:33 am]
BPS: 6.1
WP: 5.9.3
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: x.x.x.x #correct IP
Host Name: x.x.x.x.in-addr.arpa #correct IP
SERVER_PROTOCOL: HTTP/2.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://accounts.google.com/
REQUEST_URI: /wp-admin/options-general.php?page=gmail-smtp-settings&action=oauth_grant&code=4/YabbaDabbaDoo&scope=https://mail.google.com/
QUERY_STRING: page=gmail-smtp-settings&action=oauth_grant&code=4/YabbaDabbaDoo&scope=https://mail.google.com/
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36

Can someone give me an idea of what I need to do to get this working or point me in the right direction?

Thank You!

[AITpro Admin]

What is needed to fix this is a Query String skip/bypass rule.

1. Go to BPS > htaccess File Options > Custom Code tab > wp-admin htaccess File Custom Code accordion tab.
Paste the Gmail SMTP Plugin wp-admin Query String skip/bypass rule below in wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the Save wp-admin Custom Code button. Note: If you see an error or are unable to save your custom htaccess code due to ModSecurity installed on your host server then click the Encrypt Custom Code button first and then click the Save wp-admin Custom Code button to bypass/evade ModSecurity.
3. Go to the BPS Setup Wizard page and run the Setup Wizard.

# Gmail SMTP Plugin wp-admin Query String skip/bypass rule
RewriteCond %{QUERY_STRING} page=gmail-smtp-settings(.*) [NC]
RewriteRule . - [S=2]

Related Topic:  https://forum.ait-pro.com/forums/topic/wpadmin-sbr-403-error-in-piotnet-form-pro-with-google-sheet-oauth2-0-problem/

[Ephraim]

Thank you! Really. Sorry to ramble along a little more, but I’m just not experienced enough and I want to do this right instead of the mix that I paid someone to put in for me.

Well… that “almost” worked perfectly. After running the setup wizard I was locked out by an error 500. My provider fixed it. I think they put in a new version of .htaccess. But after that, everything worked.

Except, now I have the notice that my .htaccess file isn’t protected. And while I want to run the setup wizard again, I’m afraid of getting locked out. So, what should I do to ensure that error 500 doesn’t happen again, before I rerun the wizard?

Second problem is I have a Script|file Owner Mismatch and I will deal with that, after the first problem is fixed.

Third problem is that I paid someone to set up WP protections. I’m guessing that they installed too many. Do I need anything more than BPS/BPS Pro? (Do you want me to name the plugins that are installed?)

(PS: I bought a Pro licence… I just want to get it all cleaned up before I install Pro… or should I install Pro and then get it all cleaned up?)

 

[AITpro Admin]

Your web host deleted the BPS root htaccess file.  A 500 error when running the Setup Wizard means that you have invalid htaccess code in at least 1 of the BPS Custom Code text boxes.

1. Go to BPS > htaccess File Options > Custom Code tab
2. Click the Delete button. That will delete all of your custom htaccess code in all of Custom Code text boxes.
3. Copy the Gmail SMTP Plugin Query String skip/bypass rule below directly from this forum topic (do NOT paste the htaccess code to Word or anything else) and then paste the Gmail SMTP Plugin rule into this wp-admin File Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES.
Important Note:  The wp-admin Custom Code text boxes are under the wp-admin htaccess File Custom Code accordion tab/button.
4. Click the Save wp-admin Custom Code button.
5. Go to the BPS Setup Wizard page and run the Setup Wizard.

# Gmail SMTP Plugin wp-admin Query String skip/bypass rule
RewriteCond %{QUERY_STRING} page=gmail-smtp-settings(.*) [NC]
RewriteRule . - [S=2]

For the Script|file Owner Mismatch problem the solution is here > https://forum.ait-pro.com/forums/topic/scriptfile-owner-user-id-mismatch-notice-on-all-sites-but-no-mismatches/#post-40893

For your 3rd question I have one simple statement > “BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 10+ years and is installed on over 60,000 websites worldwide. Not a single one of those 60,000+ websites in 10+ years has been hacked”.  Or in other words, if you have BPS Pro installed then you do not need any other security plugins.

[Ephraim]

I had the 500 error after running the wizard. The wizard ended with no errors (that I saw).

I just checked the custom code

The .htaccess custom code has only 1 entry in section 1.

# PHP/php.ini handler htaccess code
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml

For the wp-admin .htaccess code, section 3 has the following…

# Yoast SEO Query String skip/bypass rule
RewriteCond %{QUERY_STRING} page=wpseo_social&key=(.*) [NC]
RewriteRule . - [S=3]

# post.php skip/bypass rule
RewriteCond %{REQUEST_URI} (post\.php) [NC]
RewriteRule . - [S=2]

# Gmail SMTP Plugin wp-admin Query String skip/bypass rule
RewriteCond %{QUERY_STRING} page=gmail-smtp-settings(.*) [NC]
RewriteRule . - [S=2]

Section 4 has a section entitled “BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS” which is quite long all other sections are empty.

I now installed BPS Pro (and activated) but I haven’t run the “Pre-Installation” wizard nor the “Setup Wizard”. But I have removed most of the other “Security” plugins. The only one that I haven’t yet removed is “All in one WP Security” only because it redirects my login page and well… I want to have everything in place before I remove it. But all others are finally removed. 🙂

[Ephraim]

PS: host is actually inmotionhosting. In case it makes any difference (or you were wondering).

I am having one weirdness but it relates to elementor. 3 plugins that when running seem to keep elementor from running properly. But I’m still trying to tackle that. It has nothing to do with BPS. 🙂

[AITpro Admin]

Maybe the php handler htaccess code is what is causing the 500 error?  It might be outdated or invalid for InMotion hosting.  Try these steps below and let me know what happens.

Comment out the php handler htaccess code with a # sign:  #AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
Click the Save Root Custom Code button.
Go to the Setup Wizard page and run the Pre-Installation Wizard and Setup Wizard.

I’d be happy to login to your site and make sure the same 500 error does not occur again when running the Setup Wizard. If you want me to figure out the problem then send a WordPress Administrator login to:  info at ait-pro dot com.

[AITpro Admin]

The original problem with Gmail SMTP was fixed using the wp-admin Query String skip/bypass rule. The 500 error was caused by this htaccess code, which is not valid for CGI server types:  php_value max_execution_time 300.  This code is only valid for DSO server types.  The Script|file Owner Mismatch problem was caused by an old corrupted DB Backup folder that was dated back to 2015.  Deleted the corrupt DB Backup folder to resolve the problem.

[Author]

Posts