MemberPress plugin htaccess code

[J Garner]

Hi,

I have just installed a plugin called MemberPress on one of my sites. The plug-in uses an htaccess rule to manage its own rules:

# BEGIN MemberPress Rules
RewriteRule memberpress\/lock\.php$ - [L]
RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
RewriteRule . /wp-content/plugins/memberpress/lock.php [L]
# END MemberPress Rules

I am not sure where this should / can be inserted using the custom code system in BPS Pro. I tried putting it in both:
1) CUSTOM CODE TOP
and
2) CUSTOM CODE PLUGIN FIXES

when I tried 1) I was getting the BPS pro 403 page and when I tried 2) I also get 403 Forbidden page error (the BPS Pro one)
I then realised that I had some code left over from WP Supercache

Note: I have this in CUSTOM CODE BOTTOM following the advice about WP Super Cache install with BPS

# A2592000 = 30 days
# A86400 = 1 day
ExpiresActive On
ExpiresByType image/gif A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/png A2592000
ExpiresByType image/x-icon A2592000
ExpiresByType text/css A86400
ExpiresByType text/javascript A86400
ExpiresByType application/x-shockwave-flash A2592000
#
<FilesMatch "\.(gif|jpe?g|png|ico|css|js|swf)$">
Header set Cache-Control "public"

However I removed the above code and tried putting the MemberPress code in the first field but that didn’t work either and I still was getting 403 errors.

So at the moment I have removed all the custom code but can’t get the MemberPress Plugin rules system to work.
Any ideas?
Thanks

[AITpro Admin]

The MemberPress site does not have any help information regarding anything technical / the .htaccess code so I will take some logical guesses.

The most logical guess is that the MemberPress .htaccess code would go directly after the beginning of this code in your root .htaccess file, which is the start of the WordPress Rewrite Loop – this is the same thing as adding this code to the Custom Code Plugin “fixes” text box.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

RewriteRule memberpress\/lock\.php$ – [L]
RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
RewriteRule . /wp-content/plugins/memberpress/lock.php [L]

The caching .htaccess code would not make a difference either way and can either be left in the bottom Custom Code text box or removed.

[J Garner]

Hi, Well I did do that during my tests but each time I put the member press code in either the first or the second field in the custom code form I get the 403 error. Is there any other way I  an test to help provide further information that might point in the right direction?

[AITpro Admin]

Oh you already tried Plugin Fixes.  This htaccess code is a bit strange to me.  It almost looks as if it is supposed to replace standard WordPress .htaccess code, which would not be a good thing at all.  Try this experiment.

Deactivate Root Folder BulletProof Mode and unlock your root .htaccess file.
Then deactivate and activate the MemberPress plugin and check your root .htaccess file.
Does the MemberPress .htaccess code replace the default .htaccess code or does it add to it/add to the existing root .htaccess file code?

Also you want to make sure that you are seeing accurate current new results with new .htaccess code by clearing your Browser Cache and if you have a caching plugin then clear that cache as well.

[AITpro Admin]

This is another possibility.  Break the code up so that the conditions are a standard plugin skip/bypass rule and skip 14 RewriteRules to the its RewriteRule highlighted in yellow.

RewriteRule memberpress\/lock\.php$ – [L]
RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
RewriteRule . - [S=14]
...
...
...
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteRule . /wp-content/plugins/memberpress/lock.php [L]

[J Garner]

Hi there,

So this is what I get when I follow the above steps:

# BULLETPROOF PRO 5.D DEFAULT .HTACCESS

# If you edit the line of code above you will see error messages on the BPS Security Status page
# WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
# This is a standard generic htaccess file that does NOT provide any website security
# The DEFAULT .HTACCESS file should be used for testing and troubleshooting purposes only

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# BEGIN MemberPress Rules
RewriteRule memberpress\/lock\.php$ - [L]
RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
RewriteRule . /wp-content/plugins/memberpress/lock.php [L]
# END MemberPress Rules
# END WordPress

[AITpro Admin]

Ok so it is intended as stand alone .htaccess code.  Are you seeing 403 errors?  Also check your Security Log file and post the 403 error related to this plugin.  And my second logical guess would most likely work since the rewriterule is outside the loop.

[J Garner]

I think I pressed the send button just a few seconds after you 😉

Can you tell me where I should be adding the code above, is that directly in the htaccess file or is there a place to add skip or bypass rules?

[AITpro Admin]

Post the 403 error from your Security Log first so I can see what is being blocked.

[J Garner]

Sorry I had brain freeze and took me some time to switch all the things on properly

So with Root Folder BulletProof Mode deactivated the page “http: //domainaname.com/account/?action=home”  works

However when I switch BPS back on I get the 403 error and this:

>>>>>>>>>>> 403 GET or Other Request Error Logged - 10 April, 2013 - 03:11 <<<<<<<<<<<
REMOTE_ADDR: xxx.xxx.xxx.xxx
Host Name: yyy.yyy.yyy.yyy
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: xxx.xxx.xxx.xxx
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //domainaname.com/account/?action=home
REQUEST_URI: /account/?action=payments
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

which doesn’t mean anything to me (not that I read error logs a lot)…

[AITpro Admin]

Hmm or another possibility – create a skip/bypass rule for this plugin in the Plugin Fixes Custom Code text box…

# MemberPress skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/memberpress/ [NC]
RewriteRule . - [S=13]

…and then add the MemberPress htaccess code to the Bottom Custom Code Text box.

RewriteRule memberpress\/lock\.php$ – [L]
RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
RewriteRule . /wp-content/plugins/memberpress/lock.php [L]

 

[J Garner]

Sorry the page I ask for is “http://domainaname.com/account/?action=payments” while on the page “http://domainaname.com/account/?action=home” not that it makes much difference

[AITpro Admin]

yeah I do not see any connection with the error you posted and the .htaccess code.  Try what I suggested above and see what happens

[AITpro Admin]

There is another possibility and that is to use a skip/rule based on the /account URI.

# account directory skip/bypass rule
RewriteCond %{REQUEST_URI} ^/account/(.*)$ [NC]
RewriteRule . - [S=13]

 

 

[J Garner]

OK seems to be working now.

It was my mistake as I was putting

RewriteRule memberpress\/lock\.php$ – [L]
RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-comments-post.php|xmlrpc.php)
RewriteRule . /wp-content/plugins/memberpress/lock.php [L]

in “CUSTOM CODE TOP”

when I should have been putting the above code in “CUSTOM CODE BOTTOM”

I ended up putting

# MemberPress skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/memberpress/ [NC]
RewriteRule . - [S=13]

in CUSTOM CODE PLUGIN FIXES

Do you think it is worth putting the

# account directory skip/bypass rule
RewriteCond %{REQUEST_URI} ^/account/(.*)$ [NC]
RewriteRule . - [S=14]

after the first one as well or not?

1) I posted tha above code (each bypass rule separately in the order as you described then all as above) in the “CUSTOM CODE PLUGIN FIXES” of the custom code tab and each time the memberpress code in “CUSTOM CODE BOTTOM”.
2) Then activated Bulletproof mode for root folder
3) Then the same activated it for wp-admin folder

Note I also have “/memberpress/js/(.*).js” in the Firewall whitelist

Thanks for lending me your brains and putting up with my mistakes !

[Author]

Posts