Installing WP Smush.it with BPS Pro

[Young Master]

I love to use WP Smush.it for optimizing my images but this plugin stopped working since the day I installed BPS Pro on my website. While troubleshooting the cause of the problem, I decided to test this plugin today in a site which has never been installed BPS Pro and the plugin worked just fine without any problems or errors. Will you please provide an instruction on how to install WP Smush.it wordpress plugin in a website with BPS Pro installed in it. Thanks.

 

[AITpro Admin]

Please explain in exact specific details using the exact technical names for settings or anything else.  Please post any BPS Pro Security Log errors.  Please post all relevant details about what you are doing and what is not working – in exact specific detail.

[Young Master]

This Plugin doesnt have any kind of settings. All you have to do is just install the plugin then are ready to go.  By default Every image you add to a page or post will be automatically run through Smush.it behind the scenes. You don’t have to do anything different. You can also run your existing images through Smush.it via the WordPress Media Library. Click on the Smush.it now! link for any image you’d like to smush. Also this plugin has  got an option for bulk smushing of images. The problems is that whenever I try to smush image one by one either by clicking at the media library or bulk smush it the browser takes long time to load and nothing changes. No successful smushed images. All I get are php error logs and I will post them here as follows.

WordPress database error MySQL server has gone away for query SELECT meta_id FROM wp_postmeta WHERE meta_key = '_wp_attachment_metadata' AND post_id = 2769 made by do_action('admin_action_wp_smushit_manual'), call_user_func_array, WpSmushit->smushit_manual, wp_update_attachment_metadata, update_post_meta, update_metadata
[29-Apr-2013 20:47:45 UTC] WordPress database error MySQL server has gone away for query INSERT INTO `wp_postmeta` (`post_id`,`meta_key`,`meta_value`) VALUES (2769,'_wp_attachment_metadata','a:6:{s:5:\"width\";i:600;s:6:\"height\";i:466;s:4:\"file\";s:18:\"2013/04/856529.jpg\";s:5:\"sizes\";a:9:{s:9:\"thumbnail\";a:5:{s:4:\"file\";s:16:\"856529-50x38.jpg\";s:5:\"width\";i:50;s:6:\"height\";i:38;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}s:6:\"medium\";a:5:{s:4:\"file\";s:18:\"856529-193x150.jpg\";s:5:\"width\";i:193;s:6:\"height\";i:150;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}s:5:\"large\";a:5:{s:4:\"file\";s:18:\"856529-500x388.jpg\";s:5:\"width\";i:500;s:6:\"height\";i:388;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}s:14:\"post-thumbnail\";a:5:{s:4:\"file\";s:17:\"856529-100x77.jpg\";s:5:\"width\";i:100;s:6:\"height\";i:77;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}s:14:\"blog-thumbnail\";a:5:{s:4:\"file\";s:18:\"856529-150x116.jpg\";s:5:\"width\";i:150;s:6:\"height\";i:116;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}s:17:\"sidebar-thumbnail\";a:5:{s:4:\"file\";s:16:\"856529-50x50.jpg\";s:5:\"width\";i:50;s:6:\"height\";i:50;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}s:8:\"ad-thumb\";a:5:{s:4:\"file\";s:16:\"856529-75x75.jpg\";s:5:\"width\";i:75;s:6:\"height\";i:75;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}s:8:\"ad-small\";a:5:{s:4:\"file\";s:18:\"856529-100x100.jpg\";s:5:\"width\";i:100;s:6:\"height\";i:100;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}s:9:\"ad-medium\";a:5:{s:4:\"file\";s:18:\"856529-250x250.jpg\";s:5:\"width\";i:250;s:6:\"height\";i:250;s:9:\"mime-type\";s:10:\"image/jpeg\";s:10:\"wp_smushit\";s:10:\"No savings\";}}s:10:\"image_meta\";a:10:{s:8:\"aperture\";i:0;s:6:\"credit\";s:0:\"\";s:6:\"camera\";s:0:\"\";s:7:\"caption\";s:0:\"\";s:17:\"created_timestamp\";i:0;s:9:\"copyright\";s:0:\"\";s:12:\"focal_length\";i:0;s:3:\"iso\";i:0;s:13:\"shutter_speed\";i:0;s:5:\"title\";s:0:\"\";}s:10:\"wp_smushit\";s:10:\"No savings\";}') made by do_action('admin_action_wp_smushit_manual'), call_user_func_array, WpSmushit->smushit_manual, wp_update_attachment_metadata, update_post_meta, update_metadata, add_metadata

[AITpro Admin]

If you do not see any errors in your Security Log then most likely BPS is not blocking this plugin.  It is possible though, but very unlikely.  Php errors typically mean there is a problem with a plugin’s coding or your site’s coding or something is not setup correctly on your site.

With that said, since you are saying that this plugin does something with Media Uploads then you can try to whitelist the WordPress media-upload.php file – this is a logical guess based on what you have told me.

Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES:and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.

# media-upload.php skip/bypass rule
RewriteCond %{REQUEST_URI} (media-upload\.php) [NC]
RewriteRule . - [S=2]

[Young Master]

Thank you very much. I will try that out and I will give you feedback.

[AITpro Admin]

I am guessing so it has a 50/50 chance of doing anything.  After BPS Pro 5.8 is released tomorrow I will test WP Smush.it sometime this week.

[Young Master]

Ok. Then I will wait until u test it.

[AITpro Admin]

Hmm I just thought of something obvious.  If WP Smush.it is doing something with your image files in your /uploads folder then try deactivating Uploads Anti-Exploit Guard and test Smush.it.

[AITpro Admin]

You may be waiting a long time so go ahead and try deactivating UAEG and then the wp-admin fix.  My schedule changes constantly and things get pushed back constantly.

Example:  BPS Pro 5.8 with Login Security was supposed to be completed 4 months ago and it is just now getting completed.  The coding work took 4 days spread out over 5 months.  10 minutes of coding work and then 5 hours of answering questions, 15 minutes of coding work and then 6 hours of answering questions, etc == 4-5 months to complete something that only takes 4 days.  😉

[AITpro Admin]

Everything gets put on a list including plugin testing.  If something with higher priority pops up then lower priority things get pushed farther down that list.  😉

[Young Master]

Well thank you very much for your advice. I will perform those test then I will give you feedback. I cant wait to see the new version of BPS Pro. Am so excited. 🙂

[AITpro Admin]

Yep, BPS Pro Login Security is the bomb.  It does everything I have wanted, but have never found in any other plugins that perform login security.  Merry X-mas to me and to you.  LOL

[Young Master]

Ha ha haaa!!! Merry Christmas to you too bro. I guess I wont have to use wordfence anymore for the login security since it uses a large amout of memory.

[AITpro Admin]

WP Smushit testing is completed and there are several whitelisting steps that need to be done to give the smushit website permanent unrestricted access to your website or to give the smushit website temporary access you would do the steps shown under Recommended below.

Recommended:
When you want to smush images…
1. Deactivate Root Folder BulletProof Mode.
2. Deactivate the wp-admin BulletProof Mode.
3. Deactivate the Plugin Firewall BulletProof Mode.
4. Deactivate Uploads Anti-Exploit Guard (UAEG) BulletProof Mode.
5. Smush images.
6. Activate Root BulletProof Mode, wp-admin BulletProof Mode, Plugin Firewall BulletProof Mode and UAEG BulletProof Mode.

NOT Recommended:
Since you are allowing another website domain to have access to several protected folders on your website these whitelisting steps will allow the smushit.com domain unrestricted access to these areas of your website.

Notes:  smushit times out regularly with or without BPS Pro, but the image smush is being completed successfully.  The timeout problem has nothing to do with BPS Pro and is some kind of issue with the smushit website or something else.

1. A Plugin Firewall whitelist rule needs to be added directly to your Plugin Firewall .htaccess file for the smushit.com domain.  Use the BPS Pro .htaccess editor to edit your Plugin Firewall .htaccess file and add this whitelist rule shown below for the smushit.com domain.

<FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$">
Order Allow,Deny
Allow from env=whitelist
Allow from ait-pro.com
Allow from smushit.com
Allow from 173.201.92.1
# BEGIN PUBLIC IP
Allow from xx.xx.xx.xx
# END PUBLIC IP
</FilesMatch>

2. A whitelist rule needs to added to your Uploads .htaccess file.  Use the BPS pro .htaccess editor to edit your Uploads .htaccess file and add this whitelisting code show below.

SetEnvIf Referer "^http://www.smushit.com/" whitelist
<FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
Order Deny,Allow
Allow from env=whitelist
Deny from all
#Allow from example.com
</FilesMatch>

3. A wp-admin .htaccess skip/bypass rule needs to be added to wp-admin Custom Code plugin fixes.  Add this code below, save it and activate the wp-admin BulletProof Mode again.

# Smushit skip/bypass
RewriteCond %{QUERY_STRING} action=wp_smushit_manual(.*) [NC,OR]
RewriteCond %{QUERY_STRING} page=wp-smushit-bulk(.*) [NC]
RewriteRule . - [S=2]

4. A root .htaccess skip/bypass rule needs to be added to Root Custom Code plugin fixes.
1. Copy this code below to this Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

# WP Smushit skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-smushit/ [NC]
RewriteRule . - [S=13]

[MMG]

Adding these Smushit rules just boosted my Yslow score from 72 to 89.

Thanks for your work.

[Author]

Posts