MemberPress plugin htaccess code

Home Forums BulletProof Security Pro MemberPress plugin htaccess code

Tagged: 

Viewing 15 posts - 1 through 15 (of 26 total)
  • Author
    Posts
  • #4005
    J Garner
    Participant

    Hi,

    I have just installed a plugin called MemberPress on one of my sites. The plug-in uses an htaccess rule to manage its own rules:

    # BEGIN MemberPress Rules
    RewriteRule memberpress\/lock\.php$ - [L]
    RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
    RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
    RewriteRule . /wp-content/plugins/memberpress/lock.php [L]
    # END MemberPress Rules

    I am not sure where this should / can be inserted using the custom code system in BPS Pro. I tried putting it in both:
    1) CUSTOM CODE TOP
    and
    2) CUSTOM CODE PLUGIN FIXES

    when I tried 1) I was getting the BPS pro 403 page and when I tried 2) I also get 403 Forbidden page error (the BPS Pro one)
    I then realised that I had some code left over from WP Supercache

    Note: I have this in CUSTOM CODE BOTTOM following the advice about WP Super Cache install with BPS

    # A2592000 = 30 days
    # A86400 = 1 day
    ExpiresActive On
    ExpiresByType image/gif A2592000
    ExpiresByType image/jpeg A2592000
    ExpiresByType image/jpg A2592000
    ExpiresByType image/png A2592000
    ExpiresByType image/x-icon A2592000
    ExpiresByType text/css A86400
    ExpiresByType text/javascript A86400
    ExpiresByType application/x-shockwave-flash A2592000
    #
    <FilesMatch "\.(gif|jpe?g|png|ico|css|js|swf)$">
    Header set Cache-Control "public"

    However I removed the above code and tried putting the MemberPress code in the first field but that didn’t work either and I still was getting 403 errors.

    So at the moment I have removed all the custom code but can’t get the MemberPress Plugin rules system to work.
    Any ideas?
    Thanks

    #4007
    AITpro Admin
    Keymaster

    The MemberPress site does not have any help information regarding anything technical / the .htaccess code so I will take some logical guesses.

    The most logical guess is that the MemberPress .htaccess code would go directly after the beginning of this code in your root .htaccess file, which is the start of the WordPress Rewrite Loop – this is the same thing as adding this code to the Custom Code Plugin “fixes” text box.

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    RewriteRule memberpress\/lock\.php$ – [L]
    RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
    RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
    RewriteRule . /wp-content/plugins/memberpress/lock.php [L]

    The caching .htaccess code would not make a difference either way and can either be left in the bottom Custom Code text box or removed.

    #4010
    J Garner
    Participant

    Hi, Well I did do that during my tests but each time I put the member press code in either the first or the second field in the custom code form I get the 403 error. Is there any other way I  an test to help provide further information that might point in the right direction?

    #4011
    AITpro Admin
    Keymaster

    Oh you already tried Plugin Fixes.  This htaccess code is a bit strange to me.  It almost looks as if it is supposed to replace standard WordPress .htaccess code, which would not be a good thing at all.  Try this experiment.

    Deactivate Root Folder BulletProof Mode and unlock your root .htaccess file.
    Then deactivate and activate the MemberPress plugin and check your root .htaccess file.
    Does the MemberPress .htaccess code replace the default .htaccess code or does it add to it/add to the existing root .htaccess file code?

    Also you want to make sure that you are seeing accurate current new results with new .htaccess code by clearing your Browser Cache and if you have a caching plugin then clear that cache as well.

    #4015
    AITpro Admin
    Keymaster

    This is another possibility.  Break the code up so that the conditions are a standard plugin skip/bypass rule and skip 14 RewriteRules to the its RewriteRule highlighted in yellow.

    RewriteRule memberpress\/lock\.php$ – [L]
    RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
    RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
    RewriteRule . - [S=14]
    ...
    ...
    ...
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    RewriteRule . /wp-content/plugins/memberpress/lock.php [L]
    #4016
    J Garner
    Participant

    Hi there,

    So this is what I get when I follow the above steps:

    # BULLETPROOF PRO 5.D DEFAULT .HTACCESS
    
    # If you edit the line of code above you will see error messages on the BPS Security Status page
    # WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
    # This is a standard generic htaccess file that does NOT provide any website security
    # The DEFAULT .HTACCESS file should be used for testing and troubleshooting purposes only
    
    # BEGIN WordPress
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    
    # BEGIN MemberPress Rules
    RewriteRule memberpress\/lock\.php$ - [L]
    RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
    RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
    RewriteRule . /wp-content/plugins/memberpress/lock.php [L]
    # END MemberPress Rules
    # END WordPress
    #4018
    AITpro Admin
    Keymaster

    Ok so it is intended as stand alone .htaccess code.  Are you seeing 403 errors?  Also check your Security Log file and post the 403 error related to this plugin.  And my second logical guess would most likely work since the rewriterule is outside the loop.

    #4020
    J Garner
    Participant

    I think I pressed the send button just a few seconds after you 😉

    Can you tell me where I should be adding the code above, is that directly in the htaccess file or is there a place to add skip or bypass rules?

    #4022
    AITpro Admin
    Keymaster

    Post the 403 error from your Security Log first so I can see what is being blocked.

    #4023
    J Garner
    Participant

    Sorry I had brain freeze and took me some time to switch all the things on properly

    So with Root Folder BulletProof Mode deactivated the page “http: //domainaname.com/account/?action=home”  works

    However when I switch BPS back on I get the 403 error and this:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - 10 April, 2013 - 03:11 <<<<<<<<<<<
    REMOTE_ADDR: xxx.xxx.xxx.xxx
    Host Name: yyy.yyy.yyy.yyy
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: xxx.xxx.xxx.xxx
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //domainaname.com/account/?action=home
    REQUEST_URI: /account/?action=payments
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

    which doesn’t mean anything to me (not that I read error logs a lot)…

    #4024
    AITpro Admin
    Keymaster

    Hmm or another possibility – create a skip/bypass rule for this plugin in the Plugin Fixes Custom Code text box…

    # MemberPress skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/memberpress/ [NC]
    RewriteRule . - [S=13]

    …and then add the MemberPress htaccess code to the Bottom Custom Code Text box.

    RewriteRule memberpress\/lock\.php$ – [L]
    RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
    RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
    RewriteRule . /wp-content/plugins/memberpress/lock.php [L]

     

    #4026
    J Garner
    Participant

    Sorry the page I ask for is “http://domainaname.com/account/?action=payments” while on the page “http://domainaname.com/account/?action=home” not that it makes much difference

    #4027
    AITpro Admin
    Keymaster

    yeah I do not see any connection with the error you posted and the .htaccess code.  Try what I suggested above and see what happens

    #4028
    AITpro Admin
    Keymaster

    There is another possibility and that is to use a skip/rule based on the /account URI.

    # account directory skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/account/(.*)$ [NC]
    RewriteRule . - [S=13]

     

     

    #4029
    J Garner
    Participant

    OK seems to be working now.

    It was my mistake as I was putting

    RewriteRule memberpress\/lock\.php$ – [L]
    RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
    RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
    RewriteRule . /wp-content/plugins/memberpress/lock.php [L]

    in “CUSTOM CODE TOP”

    when I should have been putting the above code in “CUSTOM CODE BOTTOM”

    I ended up putting

    # MemberPress skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/memberpress/ [NC]
    RewriteRule . - [S=13]

    in CUSTOM CODE PLUGIN FIXES

    Do you think it is worth putting the

    # account directory skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/account/(.*)$ [NC]
    RewriteRule . - [S=14]

    after the first one as well or not?

    1) I posted tha above code (each bypass rule separately in the order as you described then all as above) in the “CUSTOM CODE PLUGIN FIXES” of the custom code tab and each time the memberpress code in “CUSTOM CODE BOTTOM”.
    2) Then activated Bulletproof mode for root folder
    3) Then the same activated it for wp-admin folder

    Note I also have “/memberpress/js/(.*).js” in the Firewall whitelist

    Thanks for lending me your brains and putting up with my mistakes !

Viewing 15 posts - 1 through 15 (of 26 total)
  • You must be logged in to reply to this topic.