Topic: ManageWP wp-admin 500 error | BulletProof Security Forum

ManageWP wp-admin 500 error

Tagged: ManageWP

This topic has 40 replies, 3 voices, and was last updated 4 years, 5 months ago by Alex Laxton.

Viewing 15 posts - 16 through 30 (of 41 total)

← 1 2 3 →

Author

Posts
June 3, 2013 at 1:07 pm #6613
Aventura
Participant

OK so first I tried to fix the logs – disabled every plugin (bar managewp) and tried again. No luck.

So I tried your new suggestion and got a new error, 403: http://img163.imageshack.us/img163/3856/managewpnewerror.png

Thank you for all your help so far – currently I still have the customcode in the htaccess whitelisting the plugin folder but HEAD is still in the filtered request methods just to clarify the current setup.
June 3, 2013 at 1:17 pm #6614
AITpro Admin
Keymaster

Deactivating / disabling plugins does not necessarily remove everything. Example: The Sucuri plugin creates an .htaccess file in your wp-content folder when you use/choose the wp-content one-click hardening option. The only way to remove that .htaccess file is to FTP to your website and delete it. I believe the same is true of some options/features in Better WP Security and of course BPS requires that you deactivate BulletProof Modes instead of deactivating the BulletProof Security plugin.

Moving on since some progress appears to be happening with the 403 error instead of seeing a 500 error.

Delete your wp-admin .htaccess file if it is not already deleted at this point. And yep, remove HEAD. Let me know what happens at this point and we can move on to the next thing.
June 3, 2013 at 1:28 pm #6615
Aventura
Participant

OK So…

HEAD removed AND no wp-admin htaccess but Bulletproof is ON = WORKS

(inc. whitelist and commenting out from earlier)
June 3, 2013 at 1:49 pm #6616
AITpro Admin
Keymaster

Ok so the issue/problem is a combination of things. HEAD definitely needs to be removed. We know that. Now activate wp-admin BulletProof Mode and let me know what happens.
June 3, 2013 at 1:51 pm #6617
Aventura
Participant

Back to original 500 error with admin htaccess back on
June 3, 2013 at 1:54 pm #6618
AITpro Admin
Keymaster

I forgot to tell you to remove HEAD from the wp-admin .htaccess file. Remove HEAD and let me know what happens.
June 3, 2013 at 1:58 pm #6619
Aventura
Participant

That makes more sense – same 500 error
June 3, 2013 at 2:05 pm #6620
AITpro Admin
Keymaster
Ok now let’s narrow down which security rules are causing the issue.

The most likely security rules are going to be these below. Comment all of these out in your wp-admin .htaccess file.
```
#RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
#RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
#RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
#RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
#RewriteCond %{QUERY_STRING} http\: [NC,OR]
#RewriteCond %{QUERY_STRING} https\: [NC,OR]
```
June 3, 2013 at 2:09 pm #6622
Aventura
Participant

OK its one of them.

Should I re add the commented out lines in bulletprood htaccess root?
June 3, 2013 at 2:14 pm #6623
AITpro Admin
Keymaster
Yep, ok let’s see if it is the User Agent security rule. It may be that ManageWP uses wget or cURL.

Uncomment ONLY this rule and test …
```
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
```
…if it is not that one then uncomment them 1 by 1 until you find the problem rule.
June 3, 2013 at 2:15 pm #6624
AITpro Admin
Keymaster

Once we find out which rule or rules is the issue/problem then you will do the same thing in the Root .htaccess file that works for the wp-admin .htaccess file.
June 3, 2013 at 2:20 pm #6626
Aventura
Participant

The culprit:
#RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

Should I undo the changes to the root htaccess file now or only some?

Thanks again so much for all your help
June 3, 2013 at 2:20 pm #6627
AITpro Admin
Keymaster

It may also be that just the wp-admin .htaccess file is going to be the issue, but most likely whatever is done in the wp-admin .htaccess file will also need to be done in the root .htaccess file.
June 3, 2013 at 2:22 pm #6628
AITpro Admin
Keymaster

Ok now comment out ONLY this rule in both your Root (you can uncomment all the other rules you commented out in the root .htaccess file) and wp-admin .htaccess files and test. Then uncomment this rule in your root .htaccess file and test.
June 3, 2013 at 2:29 pm #6630
Aventura
Participant

My Bad – whatever order I did something in it appears my root file is already using a fully uncommented version that also includes HEAD. So currenty the only changes are: whitelist of plugin, removal of head and comment out one rule in wp admin file. To be thorough I added HEAD back to admin file and it worked. I also commented out custom plugin whitelist and it still works. So it looks like its just that one line that broke it – what does that line do out of interest?
Author

Posts

Viewing 15 posts - 16 through 30 (of 41 total)

← 1 2 3 →

You must be logged in to reply to this topic.

BulletProof Security Forum

ManageWP wp-admin 500 error

Search Forums

Topic Tags