P3 Plugin Performance Profiler – 403 error

Home Forums BulletProof Security Pro P3 Plugin Performance Profiler – 403 error

Tagged: , ,

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • March 13, 2017 at 11:04 am #32679
    George Mohan
    Participant

    How can i fix this error. i use P3 (Plugin Performance Profiler) to check plugin performance , but after the scan result i got error 403 when i try to back my plugin page or any other admin panel pages.

    [403 GET Request: March 13, 2017 - 10:45 PM]
BPS: .54.5
WP: 4.7.3
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 162.158.166.201
Host Name: 162.158.166.201
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 116.68.110.57
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-admin/tools.php?page=p3-profiler&p3_action=view-scan&current_scan=1&name=scan_2017-03-12_8d41c888.json%27%20defer
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; rv:51.0) Gecko/20100101 Firefox/51.0
    March 13, 2017 at 11:17 am #32682
    AITpro Admin
    Keymaster

    Try whitelisting the P3 (Plugin Performance Profiler) tools.php file in your wp-admin htaccess file.

    Note:  The single quote code character %27 on the end of the Query String is what is being blocked.  When I test the P3 plugin I do not see that code character.

    1. Copy this code below to this BPS wp-admin Custom Code text box:  3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and click the wp-admin Folder BulletProof Mode Activate button.

    Note: The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.

    # P3 plugin tools.php skip/bypass rule
RewriteCond %{REQUEST_URI} (tools\.php) [NC]
RewriteRule . - [S=2]
    March 14, 2017 at 3:36 am #32711
    George Mohan
    Participant

    Thanks for your valuable support . But its our side mistake, because we forget to add below code in BPS wp-admin Custom Code text box 4.CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:Modify Query String Exploit code here .

    Now its working fine, no need to  add skip/bypass rule.

    # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS



    # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.