ManageWP wp-admin 500 error

Home Forums BulletProof Security Free ManageWP wp-admin 500 error

Tagged: 

This topic contains 40 replies, has 3 voices, and was last updated by  Alex Laxton 3 weeks, 1 day ago.

Viewing 15 posts - 16 through 30 (of 41 total)
  • Author
    Posts
  • #6613

    Aventura
    Participant

    OK so first I tried to fix the logs – disabled every plugin (bar managewp) and tried again. No luck.

    So I tried your new suggestion and got a new error, 403: http://img163.imageshack.us/img163/3856/managewpnewerror.png

    Thank you for all your help so far – currently I still have the customcode in the htaccess whitelisting the plugin folder but HEAD is still in the filtered request methods just to clarify the current setup.

    #6614

    AITpro Admin
    Keymaster

    Deactivating / disabling plugins does not necessarily remove everything.  Example:  The Sucuri plugin creates an .htaccess file in your wp-content folder when you use/choose the wp-content one-click hardening option.  The only way to remove that .htaccess file is to FTP to your website and delete it.  I believe the same is true of some options/features in Better WP Security and of course BPS requires that you deactivate BulletProof Modes instead of deactivating the BulletProof Security plugin.

    Moving on since some progress appears to be happening with the 403 error instead of seeing a 500 error.

    Delete your wp-admin .htaccess file if it is not already deleted at this point.  And yep, remove HEAD.  Let me know what happens at this point and we can move on to the next thing.

    #6615

    Aventura
    Participant

    OK So…

    HEAD removed AND no wp-admin htaccess but Bulletproof is ON = WORKS

    (inc. whitelist and commenting out from earlier)

    #6616

    AITpro Admin
    Keymaster

    Ok so the issue/problem is a combination of things.  HEAD definitely needs to be removed.  We know that.  Now activate wp-admin BulletProof Mode and let me know what happens.

    #6617

    Aventura
    Participant

    Back to original 500 error with admin htaccess back on

    #6618

    AITpro Admin
    Keymaster

    I forgot to tell you to remove HEAD from the wp-admin .htaccess file.  Remove HEAD and let me know what happens.

    #6619

    Aventura
    Participant

    That makes more sense – same 500 error

    #6620

    AITpro Admin
    Keymaster

    Ok now let’s narrow down which security rules are causing the issue.

    The most likely security rules are going to be these below.  Comment all of these out in your wp-admin .htaccess file.

    #RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    #RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    #RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    #RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    #RewriteCond %{QUERY_STRING} http\: [NC,OR]
    #RewriteCond %{QUERY_STRING} https\: [NC,OR]
    #6622

    Aventura
    Participant

    OK its one of them.

    Should I re add the commented out lines in bulletprood htaccess root?

    #6623

    AITpro Admin
    Keymaster

    Yep, ok let’s see if it is the User Agent security rule.  It may be that ManageWP uses wget or cURL.

    Uncomment ONLY this rule and test …

    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

    …if it is not that one then uncomment them 1 by 1 until you find the problem rule.

    #6624

    AITpro Admin
    Keymaster

    Once we find out which rule or rules is the issue/problem then you will do the same thing in the Root .htaccess file that works for the wp-admin .htaccess file.

    #6626

    Aventura
    Participant

    The culprit:
    #RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

    Should I undo the changes to the root htaccess file now or only some?

    Thanks again so much for all your help

     

    #6627

    AITpro Admin
    Keymaster

    It may also be that just the wp-admin .htaccess file is going to be the issue, but most likely whatever is done in the wp-admin .htaccess file will also need to be done in the root .htaccess file.

    #6628

    AITpro Admin
    Keymaster

    Ok now comment out ONLY this rule in both your Root (you can uncomment all the other rules you commented out in the root .htaccess file) and wp-admin .htaccess files and test.  Then uncomment this rule in your root .htaccess file and test.

    #6630

    Aventura
    Participant

    My Bad – whatever order I did something in it appears my root file is already using a fully uncommented version that also includes HEAD. So currenty the only changes are: whitelist of plugin, removal of head and comment out one rule in wp admin file. To be thorough I added HEAD back to admin file and it worked. I also commented out custom plugin whitelist and it still works. So it looks like its just that one line that broke it – what does that line do out of interest?

Viewing 15 posts - 16 through 30 (of 41 total)

You must be logged in to reply to this topic.