htaccess Files Disabled – Setup Wizard Enable|Disable htaccess Files

Home Forums BulletProof Security Pro htaccess Files Disabled – Setup Wizard Enable|Disable htaccess Files

This topic contains 31 replies, has 7 voices, and was last updated by  AITpro Admin 3 weeks, 2 days ago.

Viewing 15 posts - 16 through 30 (of 32 total)
  • Author
    Posts
  • #33095

    Hannah
    Participant

    Well, I got all that straightened out, but I’m still having trouble with css and js errors in Admin. The styling in BPS Pro is not there, so the great accordions that condense the content are not working. Jetpack’s page is blank, and the Updraft page’s menu tabs are dead. Something must not be redirecting properly even though I replaced the Really Simple SSL redirect code with the recommended code from the page referenced above. I know you can help me get this site working happily again.

    #33097

    AITpro Admin
    Keymaster

    @ hannah – Which website is this?  Does this website have Cloudflare or the EPC plugin installed?  Most likely something is breaking the BPS Pro Plugin Firewall or you need to add additional IP addresses for the additional things you have installed such as Reverse Proxy IP addresses (cloudflare).  Do BPS Pro troubleshooting step #3:  https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting  Or you could be missing necessary code in your Root htaccess file or your Root htaccess file code is still fubar.

    #33104

    Hannah
    Participant

    Hi there…didn’t get a notification of your reply again. This site is https://joanpechanec.com. Yes, it does have Cloudflare, but not the EPC (InMotion Hosting is not a member of the EIG group). The Cloudflare plugin is deactivated, as is the js minification.

    This situation seems to get better and then reverts to the same problem. I’m getting that 500 error again though the bad code you brought to my attention before has been removed from htaccess. In fact, I’m using the default htaccess with only three redirects, and the forward-facing site is ok, I just don’t have the SSL redirects I need to make sure people only access the site via https (it was working, but after disabling Cloudflare css and html minification I got a major redirect loop and the SSL redirect code has not succeeded since then…maybe if I wait a day I can try again and it won’t fail. For some reason htaccess sometimes needs to catch up with itself it seems-even when clearing browser and Cloudflare caches). A fair amount of the admin stuff is still fubar (Jetpack page is not entirely blank but the dashboard and settings are not displaying; Updraft backup/restore’s admin tabs are still dead (though I should mention that I can start a backup run and it works), and AddThis social sharing is css-scrambled the way BPS Pro was before), with the exception of BPS Pro. That was resolved when I did diagnostic step #3, and has remained intact after reactivating Plugin Firewall BulletProof Mode. Jetpack came back, though css-scrambled, for a moment after I deactivated/reactivated the plugin, but then reverted back to blank screen. I don’t know if that’s helpful info or not but it seemed worth mentioning.

    I seem to remember a fairly robust collection of plugin scripts that had been whitelisted earlier, but when this all started they were all lost and now there are only three, even after clicking around the site and admin to try and force t things to be whitelisted. I haven’t gone so far as to do regex whitelist items for all the plugins.

    I did whitelist the Cloudflare IP address associated with the site, but I don’t know if that’s the same thing as the Reverse Proxy IP addresses you mentioned.

    Diagnostic procedures 1 & 2 had no effect, nor did anything else but #3’s positive effect on the BPS Pro admin display (which made working with it soooo much easier!). I did all the diagnostics except those toward the end that weren’t applicable. I can send you the notes I wrote as I was doing them if that would help.  My poor client is so ready to send out an email to her followers about the 19 paintings we just added to her site, but as long as every time I activate the BPS Pro

    My poor client is so ready to send out an email to her followers about the 19 paintings we just added to her site, but as long as every time I activate the BPS Pro htaccess file and the site again fails to load properly, her email has to be put off again.

    Sorry to be such a PITA. I wish I had more time to learn more about htaccess than I pick up by working through issues with you here. It clearly is a powerful file, and I appreciate your expertise more than you can imagine.

    #33106

    AITpro Admin
    Keymaster

    @ hannah – Gonna do a “ok well” and go the extra mile.  This is obviously way outside of scope of tech support that we offer for free.  So send a WP Login to this site so we can get this mess figured out. 😉

    #34145

    jenni101
    Participant

    Hi there,

    Our host just moved our site to  new server/totally new location and although the site worked fine from the front-end the backend was inaccessible. Our hostind company then disabled the site htaccess file (by re-naming it) leaving the root htaccess file, and all was worked again.

    Our site is in it’s own folder, so we originally had an htaccess file in the root and one in it’s own folder.

    I’ve just rerun the pre-setup wizard, and it says that our site can’t now have an htaccess file, so thought I should check here before running the setup wizrd proper. Info for the site is:-

    Website|Server|Opcode Cache|Accelerators|IP Info|Apache Modules|Directives

    Website Root URL: http://www.trevorpenfold.com/tpphoto
    Document Root Path: /home/trevorpe/public_html
    WP ABSPATH: /home/trevorpe/public_html/tpphoto/
    Parent Directory: /home/trevorpe/public_html
    Server|Website IP Address: 43.245.53.11
    Host by Address: aldwin.hosts.net.nz
    DNS Name Server: ns2.freeparking.co.nz
    Proxy X-Forwarded-For IP Address: 131.203.131.144
    Server Type: Apache/2.4.27 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: litespeed CGI Host Server Type
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    500:500:200: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded
    cURL: cURL Extension is Loaded
    Zend Engine Version: 2.6.0
    Zend Guard|Optimizer: Zend Guard Loader Extension is Loaded
    ionCube Loader: ionCube Loader Extension is Loaded Version: 100001
    Suhosin: Suhosin-Extension is Loaded
    APC: APC Extension is Not Loaded
    eAccelerator: eAccelerator Extension is Not Loaded
    XCache: XCache Extension is Loaded but Not Enabled
    Varnish: Varnish Extension is Not Loaded
    Memcache: Memcache Extension is Not Loaded
    Memcached: Memcached Extension is Not Loaded

    Can you see any reason why we can’t have a site htaccess file now?

    Many thanks j

    #34146

    AITpro Admin
    Keymaster

    @ jenni101 – The htaccess file/code tests show that htaccess files and code are not allowed on this server.  It appears that your host has disabled using htaccess file by using AllowOverride None in the host server httpd.conf file.  You can either choose not to use htaccess files on your website or you will need to contact your host and ask them to allow/enable htaccess files for your website.

    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    500:500:200: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded

    This is what you would normally see when a host server does allow htaccess files/code:
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
    403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    200: mod_rewrite Module is Loaded

     

    #34156

    jenni101
    Participant

    @aitpro – many thanks. Will try to get them to allow it for us.

    #34172

    jenni101
    Participant

    Hi again,

    OK our hosts confirm that there is no block on using htaccess files, so I enabled htaccess in the htaccess settings, and then reran the pre-setup wizard and all OK. The ran the wizard and again all OK.

    I then setup the MMode (again all working correctly when tested from another IP) and then logged out, BUT as soon as I did this it now returns a 403 forbidden page for the backend login (and yes I had added my IP address for the MM and had only enabled front end MM), AND the MM doesn’t appear to be working on all the pages – weird!

    So I’m stumped! This was where I was at the start, when I had to disable the htaccess files in order to access the backend, or even the Xternal tools page.

    Can you suggest anything I should try?

    Many thanks.

    #34173

    AITpro Admin
    Keymaster

    @ jenni101 – Sounds like maybe you have added some custom htaccess code to BPS Custom Code that blocks your login page and wp-admin area.  Delete your root and wp-admin htaccess files, login to your site, check BPS Custom Code for any custom code that you have added that blocks either the login page or wp-admin area and either delete it or edit it, save your changes and activate Root and/or wp-admin BulletProof Modes.

    #34433

    jenni101
    Participant

    @AITpro – thanks for your advice, which I have at last had a chance to check up on. After reading through your info on CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION it seems that our new server is one of those that produces a 403 error for the admin login page, as removing this code additional code in my .htaccess custom code has sorted out the problem. A good reminder to check through all of your resources regularly!

    Cheers j

    #34556

    RAW
    Participant

    Hi BPS Staff,

    I’ve just migrated a site to a new server. Hoping you have a solution for htaccess issues. Home page works fine http://www.braveworld.cc, but receiving errors on all other pages. I’ve scanned other posts on this, but not yet clear on how to resolve… Receiving this error msg:

    Warning: file_put_contents(/home/braveworld/public_html/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess): failed to open stream: Permission denied in /home/braveworld/public_html/wp-content/plugins/bulletproof-security/admin/core/core-htaccess-code.php on line 532
    Warning: copy(/home/braveworld/public_html/.htaccess): failed to open stream: Permission denied in /home/braveworld/public_html/wp-content/plugins/bulletproof-security/admin/core/core-htaccess-code.php on line 548The file /home/braveworld/public_html/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess is not writable or does not exist. Check that the file is named secure.htaccess and that the file exists in the /bulletproof-security/admin/htaccess master folder. If this is not the problem click HERE to go the the BulletProof Security Forum

    _______________________________________

    1) in wizard setup – htaccess was enabled – This is not a new setup, plugin up to date – everything set at defaults
    2) I’ve confirmed that all htaccess files are there
    3) permissions are 644 – tested higher permission settings, and BPS plugin disabled, no changes
    4) I have access to Web Host Manager Server, so I can make changes there… I’m absolute novice tho

    Any help on this would be appreciated!

    All the best,
    Russell

    #37526

    lincoln stoller
    Participant

    In the Setup Wizard screen I see:

    “BPS has detected that htaccess files cannot be used on your website/server. Click this htaccess Files Disabled Forum Topic link for more information before running the Wizards.

    and as

    … this is NOT a first time BPS installation (I already had BPS installed previously) and I HAVE previously run the Wizards and I AM seeing the htaccess Files Disabled Notice…

    here is the information requested at the start of this thread:

    WP Filesystem API Method: direct
    Server API: cgi-fcgi CGI Host Server Type
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    500:500:200: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded
    403: mod_security2 Module is Loaded|Enabled
    DISABLE_WP_CRON constant:
    Standard WP Crons are not disabled on your website.
    Total Plugins Installed: 31
    Total Must-Use Plugins Installed: 3
    Total Plugins Activated: 27

    File Path
    Folder Path
    Recommended
    Permissions
    Current
    Permissions
    Script Owner
    User ID (UID)
    File Owner
    User ID
    ../ 705 0775 4542 4542
    ../.htaccess 404 0644 4542 4542
    ../wp-config.php 400 0664 4542 4542
    ../index.php 400 0664 4542 4542
    ../wp-blog-header.php 400 0664 4542 4542
    ../wp-admin 705 0775 4542 4542
    ../wp-includes 705 0775 4542 4542
    ../wp-content 705 0775 4542 4542
    ../wp-content/plugins 705 0775 4542 4542
    #37530

    AITpro Admin
    Keymaster

    @ lincoln stoller – It sounds like something has changed about your web host server. Try enabling htaccess files on the Setup Wizard Options tab page > Enable|Disable htaccess Files > change the option setting to > htaccess Files Enabled. Email the backed up root htaccess file that is located here > /wp-content/bps-backup/master-backups/root.htaccess-[Timestamp]. If you are not sure which backed up root htaccess file to send to me then send me all the recent backed up root htaccess files by date and time Timestamps. Email to: info at ait-pro dot com.

    Is this a Dedicated hosting server?
    When did the problem start occurring?
    What has changed around the time the problem started occurring?  A web host change made by your web host?  A change made by you?
    What version of BPS Pro do you have installed?

    #37943

    Geoff
    Participant

    If this is NOT a first time BPS installation (you already had BPS installed previously) and you HAVE previously run the Wizards and you ARE seeing the htaccess Files Disabled Notice…

    The above applies to me and I have had a BPS generated htaccess file before. Below is the information requested.

    Website|Server|Opcode Cache|Accelerators|IP Info|Apache Modules|Directives	 	
    Website Root URL: https://firstgenfirebird.org
    Server Type: Apache/2.4.18 (Ubuntu)
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: cgi-fcgi CGI Host Server Type
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
    403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    200: mod_rewrite Module is Loaded
    200: mod_security Module is not Loaded|Enabled
    
    File Path
    Folder Path	Recommended
    Permissions	Current
    Permissions	Script Owner
    User ID (UID)	File Owner
    User ID
    
    
    ../wp-content	705	0705	same	same
    ../wp-content/plugins	705	0755	same	same
    

    Geoff

    #37944

    AITpro Admin
    Keymaster

    @ Geoff – Try enabling htaccess files on the Setup Wizard Options tab page > Enable|Disable htaccess Files > change the option setting to > htaccess Files Enabled.  Let me know if that works.

Viewing 15 posts - 16 through 30 (of 32 total)

You must be logged in to reply to this topic.