file_exists(): open_basedir restriction in effect. File() is not within the allowed path(s)

[Haiko Nieuwoudt]

Good day

For some reason, on two of our sites hosted on Hetzner / konsoleH, the pre-installation wizard completes (if cUrl scan is turned off), but the setup wizard never completes. They are also the only two sites which, after installing BPS Pro, display a PHP error at the top. Here follows an excerpt from the error log:

[19-Aug-2016 06:30:02 UTC] PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/www/users/.htaccess) is not within the allowed path(s):
/usr/www/wwws/users/sanddxqvtc:/usr/wwws/users/sanddxqvtc:/usr/www/users/sanddxqvtc:/usr/home/sanddxqvtc:/usr/local/rmagic:/usr/www/users/he/_system_:/usr/share/php:/usr/local/lib/php:/tmp:/usr/bin:/usr/local/bin:/usr/local/share/www:/usr/www/share/www:/usr/share/misc) 
in /usr/www/users/sanddxqvtc/wp-content/plugins/bulletproof-security/includes/general-functions.php on line 838

Please help. We are trying to secure our sites as soon as possible, as three of our other sites have already been hacked.

[AITpro Admin]

You can install BPS Pro on websites that were already hacked prior to installing BPS Pro, but BPS will not automatically cleanup hacked websites.  Since some of your sites are hacked under your hosting account then you need to assume the worst case scenario that your entire hosting account (all websites) are compromised. You can try to clean up individual websites, but if your hosting account is hacked then the sites will be re-hacked again by hidden hacker files under your hosting account.  I recommend that you do the steps in this forum topic link to cleanup all of your sites and your entire hosting account:   http://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

Is this htaccess file: /usr/www/users/.htaccess a BPS htaccess file or an additional htaccess file that you created/added in the /users/ folder?
or maybe it is a hacker .htaccess file that was added/created in the /users/ folder. Download a copy of the /usr/www/users/.htaccess file and post it in your reply so I can take a look at it. You could add the /usr/www/users/ path in your open_basedir settings in your php.ini file, BUT I do not think you want to do that and instead will most likely just need to delete the /usr/www/users/.htaccess file.

Your hosting account root folder is: /usr/www/users/sanddxqvtc/. So BPS will create the BPS root htaccess file in this folder: usr/www/users/sanddxqvtc/.htaccess and not the /users/ folder, which is most likely a protected server folder that BPS cannot write to anyway.

[AITpro Admin]

Additional IMPORTANT Notes & Info:  I am assuming that the reason the Setup Wizard is not completing successfully is because your sites were already hacked before installing BPS Pro, but there could be other reasons for why the Setup Wizard is not completing successfully.  Run the Pre-Installation Wizard and Setup Wizard again and copy all of the “Pre-Installation Wizard Checks|Scans|Settings have completed” information and post that information in your reply.  It sounds like the Setup Wizard is completely hanging, but if you see the “BPS Pro Setup Verification & Error Checks” for the Setup Wizard then post that information in your reply.  If you would like for us to login to 1 of these sites and figure out why the Setup Wizard is not completing then send a WordPress Administrator login to 1 of these sites and an FTP login to this hosting account to:  info at ait-pro dot com.  Note:  We do not offer hacked website cleanup services.  So if the Setup Wizard problem is being caused by something else and is not being caused by your website being hacked then we can get the Setup Wizard working.  We can do some basic forensic/assessment of the hacked website, but once again we do not offer to cleanup hacked websites/hosting accounts.

IMPORTANT:  If you do install BPS Pro on a hacked website and backup files to AutoRestore backup then there is a very good chance that hacker files will be backed up to AutoRestore backup files.  So ideally you should first cleanup your hacked sites/hosting account and then install BPS Pro after they are cleaned up.  If you do decide to install BPS Pro on these hacked sites and then do your hack cleanup, you need to go to AutoRestore and turn off AutoRestore while you are replacing any files manually so that if hacker files have been saved to AutoRestore backup then you do NOT want those hacker files to be autorestored from AutoRestore backup.  Before turning AutoRestore back on do these steps:

Click the Root Files > Delete Backup Files button
Click the wp-admin Files > Delete Backup Files button
Click the wp-includes Files > Delete Backup Files button
Click the wp-content Files > Delete Backup Files button
Click the Root Files > Backup Files button
Click the wp-admin Files > Backup Files button
Click the wp-includes Files > Backup Files button
Click the wp-content Files > Backup Files button
Turn AutoRestore back On.

By doing these steps you are deleting any previously backed up files in AutoRestore backup before you completed your website cleanup and manual file replacements and then you are backing up new files after completion of any manual file replacements.  These steps ensure that only good/clean files exist in AutoRestore backup.

[Haiko Nieuwoudt]

Good day

Thanks so much for answering. The sites we are trying to install this on have not been hacked yet. Here is the info for “Pre-Installation Wizard Checks|Scans|Settings have completed”:

Pass! Compatible Server Configuration: Server API: CGI | WP Filesystem API Method: direct.
Pass! PHP Configuration Memory Limit is set to: 128M
mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: No
Pass! PHP/php.ini handler htaccess code check: Not in use, required or needed for your website/Server
Pass! secure.htaccess Root Master file htaccess creation.
Pass! Root Folder BulletProof Mode activation.
Pass! Root .htaccess file backup Successful!
Pass! wp-admin BulletProof Mode activation.
Pass! wp-admin .htaccess file backup Successful!
Pass! The default.htaccess Master htaccess file was created successfully.
Your current Root .htaccess file is not locked. In order to ensure that the Setup Wizard completes successfully your files will NOT be locked by BPS Pro F-Lock. Your F-Lock settings will be set to "Checking & Alerts Off".
Pass! The cURL Extension is Loaded/Installed on your website/Server.
AutoRestore|Quarantine plugins folder Exclude Rule DB Option saved or updated Successfully!
AutoRestore|Quarantine w3tc-config folder Exclude Rule DB Option saved or updated Successfully!
AutoRestore|Quarantine plugins folder Exclude Rule created or updated Successfully!
AutoRestore|Quarantine w3tc-config folder Exclude Rule created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/plugins/bulletproof-security/includes/class.php File created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/master-backups/class.php File copied to backup Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/includes/class.php File copied to ARQ backup Successfully!
Plugin Firewall cURL Scanner Successfully Scanned: 31 Pages & Posts
Plugin Firewall bps_pfw_paypal DB Option created or updated Successfully!
Plugin Firewall bps_pfw_google DB Option created or updated Successfully!
Plugin Firewall bps_pfw_amazon DB Option created or updated Successfully!
Plugin Firewall bps_pfw_authorizenet DB Option created or updated Successfully!
Plugin Firewall bps_pfw_whitelist DB Option created or updated Successfully!
Plugin Firewall bps_pfw_allow_from DB Option created or updated Successfully!

The “Verification & Error Checks” gets up to here and then hangs:

BulletProof Security Pro Synchronize WordPress Version
bps_wp_version DB Option created or updated Successfully!
bps_wp_version_last_modified_time DB Option created or updated Successfully!

BulletProof Security Pro Database Tables Setup
sand_bpspro_arq_quarantine DB Table created Successfully!
sand_bpspro_arq_exclude DB Table created Successfully!
sand_bpspro_seclog_ignore DB Table created Successfully!
sand_bpspro_login_security DB Table created Successfully!
sand_bpspro_dbm_monitor DB Table created Successfully!
sand_bpspro_db_backup DB Table created Successfully!
sand_bpspro_folder_lock DB Table created Successfully!

BulletProof Security Pro Core Folders Setup
/usr/www/users/sanddxqvtc/wp-content/bps-backup Folder created Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/master-backups Folder created Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/autorestore Folder created Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/quarantine Folder created Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/logs Folder created Successfully!

BulletProof Security Pro Core Files Setup
/usr/www/users/sanddxqvtc/wp-content/bps-backup/.htaccess File created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/master-backups/.htaccess File created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/logs/autorestore_log.txt File created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/logs/string_replacer_log.txt File created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/logs/http_error_log.txt File created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/logs/bps_php_error.log File created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/master-backups/Login-Security-Alert-Reset.txt File created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/plugins/bulletproof-security/admin/htaccess/db_monitor_log.txt File created or updated Successfully!

BulletProof Security DB Monitor Setup
bps_db_monitor_cron DB Option created or updated Successfully!
bps_db_monitor_cron_frequency DB Option created or updated Successfully!
bps_db_monitor_cron_table_created_check DB Option created or updated Successfully!
bps_db_monitor_cron_end DB Option created or updated Successfully!
DB Monitor DB Options created or updated Successfully!

BulletProof Security DB Backup Setup
/usr/www/users/sanddxqvtc/wp-content/bps-backup/backups_qC3bvs6QTEUlmxR Folder created Successfully!
bps_db_backup DB Option created or updated Successfully!
bps_db_backup_description DB Option created or updated Successfully!
bps_db_backup_folder DB Option created or updated Successfully!
bps_db_backup_download_link DB Option created or updated Successfully!
bps_db_backup_job_type DB Option created or updated Successfully!
bps_db_backup_frequency DB Option created or updated Successfully!
bps_db_backup_start_time_hour DB Option created or updated Successfully!
bps_db_backup_start_time_weekday DB Option created or updated Successfully!
bps_db_backup_start_time_month_date DB Option created or updated Successfully!
bps_db_backup_email_zip DB Option created or updated Successfully!
bps_db_backup_delete DB Option created or updated Successfully!
bps_db_backup_status_display DB Option created or updated Successfully!

BulletProof Security Pro Uploads Anti-Exploit Guard (UAEG) Setup
/usr/www/users/sanddxqvtc/wp-content/uploads/.htaccess File created or updated Successfully!

BulletProof Security Pro Hidden Plugin Folders|Files (HPF) Setup
bps_hidden_plugins_cron DB Option created or updated Successfully!
bps_hidden_plugins_cron_frequency DB Option created or updated Successfully!
bps_hidden_plugins_cron_email DB Option created or updated Successfully!
bps_hidden_plugins_cron_alert DB Option created or updated Successfully!
bps_hidden_plugins_check DB Option created or updated Successfully!
Hidden Plugin Folders|Files (HPF) DB Options created or updated Successfully!

BulletProof Security Pro Security Log User Agent Filter Setup
Security Log User Agent Filter Check Successful! 0 User Agent Filters to update.

BulletProof Security Pro Log Files Database Options Setup
bulletproof_security_options_ARCM_log DB Option created or updated Successfully!
bulletproof_security_options_Security_log DB Option created or updated Successfully!
bulletproof_security_options2 DB Option created or updated Successfully!
bulletproof_security_options_elog DB Option created or updated Successfully!
bulletproof_security_options_DBM_log DB Option created or updated Successfully!
bulletproof_security_options_DBB_log DB Option created or updated Successfully!

BulletProof Security Pro ini_set Options Setup
bps_iniSet_ErrorReporting DB Option created or updated Successfully!
bps_iniSet_LogErrors DB Option created or updated Successfully!
bps_iniSet_ErrorLog DB Option created or updated Successfully!
bps_iniSet_LogErrorsMaxLen DB Option created or updated Successfully!
bps_iniSet_MemoryLimit DB Option created or updated Successfully!
bps_iniSet_session_cookie_httponly DB Option created or updated Successfully!
bps_iniSet_session_use_only_cookies DB Option created or updated Successfully!
bps_iniSet_session_cookie_secure DB Option created or updated Successfully!
bps_iniSet_IgnoreRepeatedErrors DB Option created or updated Successfully!
bps_iniSet_IgnoreRepeatedSource DB Option created or updated Successfully!
bps_iniSet_AllowUrlInclude DB Option created or updated Successfully!
bps_iniSet_DefineSyslogVar DB Option created or updated Successfully!
bps_iniSet_DisplayErrors DB Option created or updated Successfully!
bps_iniSet_DisplayStartupErrors DB Option created or updated Successfully!
bps_iniSet_ImplicitFlush DB Option created or updated Successfully!
bps_iniSet_MagicQuotesRuntime DB Option created or updated Successfully!
bps_iniSet_MaxExecutionTime DB Option created or updated Successfully!
bps_iniSet_MysqlConnectTimeout DB Option created or updated Successfully!
bps_iniSet_MysqlTraceMode DB Option created or updated Successfully!
bps_iniSet_ReportMemleaks DB Option created or updated Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/autorestore/root-files Folder created Successfully!
ini_set Options created in wp-config.php Successfully!
/usr/www/users/sanddxqvtc/wp-content/bps-backup/autorestore/root-files/wp-config.php copied to AutoRestore Backup Successfully!

BulletProof Security Pro S-Monitor Monitoring and Alerting Options Setup
bps_first_launch DB Option created or updated Successfully!
bps_security_status DB Option created or updated Successfully!
bps_SecLog_entry DB Option created or updated Successfully!
bps_autorestore_status DB Option created or updated Successfully!
bps_plugin_firewall_status DB Option created or updated Successfully!
bps_UAEG_status DB Option created or updated Successfully!
bps_login_security_status DB Option created or updated Successfully!
bps_flock_status DB Option created or updated Successfully!
bps_HUD_alerts DB Option created or updated Successfully!
bps_PHP_ELogLoc_set DB Option created or updated Successfully!
bps_PHP_ELog_error DB Option created or updated Successfully!
bps_phpini_created DB Option created or updated Successfully!
bps_login_security_alerts DB Option created or updated Successfully!
bps_jtc_antispam_status DB Option created or updated Successfully!
bps_dbm_status DB Option created or updated Successfully!
bps_dbm_alerts DB Option created or updated Successfully!
bps_dbb_status DB Option created or updated Successfully!
bps_flock_FL_alerts DB Option created or updated Successfully!
bps_isl_status DB Option created or updated Successfully!
bps_ace_status DB Option created or updated Successfully!

BulletProof Security Pro S-Monitor Email Alerting & Log File Options Setup
bps_send_email_to DB Option created or updated Successfully!
bps_send_email_from DB Option created or updated Successfully!
bps_send_email_cc DB Option created or updated Successfully!
bps_send_email_bcc DB Option created or updated Successfully!
bps_login_security_email DB Option created or updated Successfully!
bps_autorestore_email DB Option created or updated Successfully!
bps_arq_log_size DB Option created or updated Successfully!
bps_arq_log_email DB Option created or updated Successfully!
bps_security_log_email DB Option created or updated Successfully!
bps_security_log_size DB Option created or updated Successfully!
bps_security_log_emailL DB Option created or updated Successfully!
bps_error_log_email DB Option created or updated Successfully!
bps_php_log_size DB Option created or updated Successfully!
bps_php_log_email DB Option created or updated Successfully!
bps_upgrade_email DB Option created or updated Successfully!
bps_dbm_email DB Option created or updated Successfully!
bps_dbm_log_email DB Option created or updated Successfully!
bps_dbm_log_size DB Option created or updated Successfully!
bps_dbb_log_email DB Option created or updated Successfully!
bps_dbb_log_size DB Option created or updated Successfully!
bps_flock_email DB Option created or updated Successfully!
bps_arq_cron_frequency_email DB Option created or updated Successfully!
bps_arq_cron_next_email DB Option created or updated Successfully!
bps_hpf_email DB Option created or updated Successfully!

BulletProof Security Pro Login Security & Monitoring Options Setup
bps_max_logins DB Option created or updated Successfully!
bps_lockout_duration DB Option created or updated Successfully!
bps_manual_lockout_duration DB Option created or updated Successfully!
bps_max_db_rows_display DB Option created or updated Successfully!
bps_login_security_OnOff DB Option created or updated Successfully!
bps_login_security_logging DB Option created or updated Successfully!
bps_login_security_errors DB Option created or updated Successfully!
bps_login_security_remaining DB Option created or updated Successfully!
bps_login_security_pw_reset DB Option created or updated Successfully!
bps_login_security_sort DB Option created or updated Successfully!
bulletproof_security_options_login_alerts DB Option created or updated Successfully!

BulletProof Security Pro JTC Anti-Spam|Anti-Hacker Options Setup
bps_tooltip_captcha_key DB Option created or updated Successfully!
bps_tooltip_captcha_hover_text DB Option created or updated Successfully!
bps_tooltip_captcha_title DB Option created or updated Successfully!
bps_tooltip_captcha_logging DB Option created or updated Successfully!
bps_jtc_login_form DB Option created or updated Successfully!
bps_jtc_register_form DB Option created or updated Successfully!
bps_jtc_lostpassword_form DB Option created or updated Successfully!
bps_jtc_comment_form DB Option created or updated Successfully!
bps_jtc_buddypress_register_form DB Option created or updated Successfully!
bps_jtc_buddypress_sidebar_form DB Option created or updated Successfully!
bps_jtc_administrator DB Option created or updated Successfully!
bps_jtc_editor DB Option created or updated Successfully!
bps_jtc_author DB Option created or updated Successfully!
bps_jtc_contributor DB Option created or updated Successfully!
bps_jtc_subscriber DB Option created or updated Successfully!
bps_jtc_comment_form_error DB Option created or updated Successfully!

BulletProof Security Pro F-Lock Options Setup
bps_lock_root_htaccess DB Option created or updated Successfully!
bps_lock_wpconfig DB Option created or updated Successfully!
bps_lock_index_php DB Option created or updated Successfully!
bps_lock_wpblog_header DB Option created or updated Successfully!
bps_lock_root_htaccess_dr DB Option created or updated Successfully!
bps_lock_index_php_dr DB Option created or updated Successfully!
bps_lock_root_htaccess_gwiod DB Option created or updated Successfully!
bps_lock_index_php_gwiod DB Option created or updated Successfully!
bps_root_htaccess_autolock DB Option created or updated Successfully!
bps_folder_lock_cron DB Option created or updated Successfully!
bps_folder_lock_cron_frequency DB Option created or updated Successfully!
bps_folder_lock_cron_end DB Option created or updated Successfully!
bulletproof_security_options_flock_FL_alerts DB Option created or updated Successfully!

I will be sending details to that email address. Please be careful in there!

[AITpro Admin]

After logging into your site I found where the problem is occurring.  The Setup Wizard is hanging at the F-Lock Options setup due to a another problem somewhere else with the Global variable Server Document Root path not being seen correctly on your website.

Ok here is the deal. When I check your phpinfo() information using the BPS Pro P-Security PHPInfo Viewer your Document Root setting for your server in your PHP configuration file is correct: _SERVER["DOCUMENT_ROOT"] /usr/www/users/sanddxqvtc

The value that is returned for this code in BPS code:  $_SERVER['DOCUMENT_ROOT']; is: /usr/www/users, which is obviously incorrect and it should be: /usr/www/users/sanddxqvtc.  It could be an Apache vhosts configuration problem since at the PHP Server configuration level in phpinfo the Document Root path is correct.  Example vhosts DocumentRoot configuration mistake:

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/www/users"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>

So something is wrong somewhere else that is throwing off or changing the Server Document global variable value to: /usr/www/users Since your phpinfo variable value is correct then it appears that something installed on your website is changing the Server Document global variable value.

Instead of modifying BPS Pro code, which is fine/correct and does not need to be corrected or fixed, what needs to happen instead is either of these 3 things:
1. Contact your host and find out what is changing the Server Document Root global value to: /usr/www/users on your website
from: /usr/www/users/sanddxqvtc
2. Add the /usr/www/users path to your open_basedir directive setting: /usr/www/users: has been added below to all of your paths.

open_basedir = /usr/www/users:/usr/www/wwws/users/sanddxqvtc:/usr/wwws/users/sanddxqvtc:/usr/www/users/sanddxqvtc:/usr/home/sanddxqvtc:/usr/local/rmagic:
/usr/www/users/he/_system_:/usr/share/php:/usr/local/lib/php:/tmp:/usr/bin:/usr/local/bin:/usr/local/share/www:/usr/www/share/www:/usr/share/misc

3. Disable/turn off open_basedir

So BPS Pro code does not need to be fixed or changed and I do not think creating a workaround solution is a good idea. The root problem needs to fixed or figured out instead of changing/modifying BPS Pro code to work with this mistake/problem.

I am logged out of your site and disconnected from FTP.
Please contact your host to get this problem figured out/fixed.

The BPS Pro Setup Wizard setup completed everything except for the AutoRestore file backups. So do these manual steps to complete the AutoRestore file backups.

1. Go to AutoRestore.
2. Backup files by clicking ALL 4 of the Backup Files (Quick Setup) buttons. Root Files, wp-admin Files, wp-includes Files and wp-content Files Backup Files buttons.
3. Turn AutoRestore On.

[Haiko Nieuwoudt]

Thanks very much, will try to sort it out with the hosts! After trying to install BPS Pro on more of our sites, there are seven (all of which use the Hetzner platform) which produce the exact same errors.

[Haiko Nieuwoudt]

So wait, about that last part – is BPS Pro at least working on this site now that I have followed those steps? Can I install it on the other sites with this problem in the same way?

[AITpro Admin]

Yes, you can just finish the last setup step manually by doing the AutoRestore file backup steps I posted above.  I checked your site thoroughly and all BPS Pro setup steps completed successfully except for the last Setup Wizard setup step, which is the AutoRestore file backup.  So I think it is better just to do the AutoRestore file backup steps manually vs modifying BPS code to workaround whatever the root problem is on your server/site.  The modifications I would have to make would be to disable things in BPS Pro since there is not a problem with the BPS Pro code and the problem is with your server configuration or something else that is returning the wrong Document Root path at your website level.  This problem will also affect WordPress itself and other plugins and themes so it needs to be fixed or you are going to run into other problems with things that are installed on your sites/server.

Also I added some additional technical information about the problem that is occurring on your server/site.  So have your host support folks look at my reply here so they know exactly what problem is occurring:  http://forum.ait-pro.com/forums/topic/php-error-file_exists-open_basedir-restriction-in-effect-on-htaccess-prevents-setup-wizard/#post-30637  I believe the problem is going to be an Apache vhosts configuration file mistake. I posted an example of vhosts config code using your invalid DocumentRoot path as an example above.

[AITpro Admin]

I have copied the email response from your web host that you sent to us directly via email to keep all troubleshooting information in one place.

Dear Haiko

Thank you for your e-mail.

I have investigated and can confirm that the Apache configuration file entries of all the domains listed has been set correctly.
(The domains are spread over different servers and it would be highly unlikely that a configuration problem exists on all of them.)

The people on the support forum mention that something on the website might be changing the Server Document global variable. Have you looked into the other plugins on the website(s), or perhaps considered contacting WordPress support directly for advice on whether it is the CMS itself that might be the cause of the issue?

If you can perhaps manually set up the plugin to use the correct document root (/usr/www/users/DOMAIN_FTP_USER), then you should be able to install it successfully.

Ok so let’s eliminate that this problem is being caused by a plugin or your theme on your website.  Do these troubleshooting steps below:

1. Deactivate all of your plugins except for BPS Pro.
2. Go to the BPS Pro System Info page > Check the Document Root Path: to see if it is now correct.  The path should be:  /usr/www/users/sanddxqvtc
3. If the Document Root Path is correct then activate your plugins one by one and then reload/refresh the BPS Pro System Info page after activating each plugin to find the plugin that is causing the Server Document Root path problem on your website.
4. If the Document Root Path is NOT correct after deactivating all of your plugins then switch your Theme to another theme (WordPress 2016, etc) and reload/refresh the BPS Pro System Info page to see if your Theme is causing the Server Document Root path problem on your website.

Important Note:  Since your hosting account and/or server and several of your websites were hacked prior to installing BPS Pro then it is possible that the Server Document Root variable value being incorrect on your server/website and any other problems are being caused by hacker code or scripts in your hosting account somewhere or your hosting server itself could be compromised/hacked.

Also just an important reminder:  The logical order of steps should be this.  Since your hosting account and/or server and several of your websites were hacked prior to installing BPS Pro then you should do the steps in this forum topic link below first to cleanup your entire hosting account and make there are not hacker files or code anywhere under your hosting account.  Then you would install BPS Pro on your websites.  You can install BPS Pro on hacked websites/servers/hosting accounts, but if a hacker controls your entire hosting account then the hacker will most likely just disable BPS Pro or the hacker code/files on your site will just break or change things in general so they are not working correctly.  Most hacker scripts/code are poorly coded and they are known to break things and cause errors.

http://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

[Haiko Nieuwoudt]

Thanks again for the help. Before doing what you suggested with the plugins, when I go to System Info, the document root path is correct. But the Parent directory is showing the one which creates the PHP error. Could that be it? Should I now attempt to deactivate the plugins and see if that changes the parent directory?

[AITpro Admin]

Very interesting.  The System Info page uses this global variable code to get the Document Root folder:  $_SERVER['DOCUMENT_ROOT'] and all BPS code also uses this exact same code to get the Document Root folder.  So logically that means the there is something wrong with this particular PHP server build/compile itself or maybe the problem is that your root htaccess file is missing php handler htaccess code that should be there, but it is not there. The link below has a list of all the php handlers that Hetzner hosting has available.

https://wiki.hetzner.de/index.php/KonsoleH:PHP-Konfiguration/en

Important!:  Connect to your site via FTP so that if php handler htaccess code causes a problem or the site crashes then you will need to delete the root htaccess file to be able to get back into your site.
Very Important!  Turn Off AutoRestore before trying different PHP handler htaccess code so that AutoRestore does not restore htaccess files if you need to manually delete them via FTP.  Also post this System Info information below about your website/server:

Server Type: Apache
Operating System: Linux
WP Filesystem API Method: direct
Server API: cgi-fcgi CGI Host Server Type

Try the php7.0 handler first:
1. Copy this php7.0 php handler htaccess code below to this BPS Root Custom Code text box:   CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
2. Click the Save Root Custom Code button.
3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.

Action application/x-httpd-php70 /cgi-sys/php70-fcgi-starter.fcgi
AddType application/x-httpd-php70 .php .php70

4. Go to the BPS System Info page and check that the PHP version your server/website is using is PHP7.x
5. If your site crashes then delete your root htaccess file via FTP and do the same steps above and try adding the PHP5.6 handler htaccess code in BPS Custom Code.

Action application/x-httpd-php56 /cgi-sys/php56-fcgi-starter.fcgi
AddType application/x-httpd-php56 .php .php56

[Jason]

[Topic has been merged into this relevant Topic]
Hi

I’ve just installed BPS Pro on a new site build and for some reason the Setup Wizard Processing graphic just stayed forever, it seemed to lock up and only a refesh would remove it.

I’ve also noticed the following PHP warning, appearing every five seconds in the log:

[02-Dec-2016 17:58:45 UTC] PHP Warning:  file_exists(): open_basedir restriction in effect. File(/var/www/vhosts/URLEDITED.com/index.php) is not within the allowed path(s): (/var/www/vhosts/URLEDITED.com/httpdocs:/tmp:/usr/share/pear) in /var/www/vhosts/URLEDITED.com/httpdocs/wp-content/plugins/bulletproof-security/includes/general-functions.php on line 1188

A forum search later and wondered if its the same issue as outlined here? http://forum.ait-pro.com/forums/topic/php-error-file_exists-open_basedir-restriction-in-effect-on-htaccess-prevents-setup-wizard/

It does seem to have stalled at exactly the same place as the other user and I’ve now manually sorted the Auto Restore.

However, I’m stumped by the PHP error. I thought it could be due to plugin “WP Fastest Cache” but having disabled, deleted cache and then gone through BPS Pro setup again it didn’t sort the error.

Also, I’ve installed BPS Pro on the same host and not had this issue before hence starting a new post (although feel free to merge).

As a note the site is clean, never been hacked – in fact its a new, clean, build.

Would be great if you could advise on the PHP issue?

Pre-Setup Test

Pass! Compatible Server Configuration: Server API: DSO | WP Filesystem API Method: direct.
Pass! PHP Configuration Memory Limit is set to: 128M
mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: No
Pass! PHP/php.ini handler htaccess code check: Not in use, required or needed for your website/Server
Pass! secure.htaccess Root Master file htaccess creation.
Pass! Root Folder BulletProof Mode activation.
Pass! Root .htaccess file backup Successful!
Pass! wp-admin BulletProof Mode activation.
Pass! wp-admin .htaccess file backup Successful!
Pass! The default.htaccess Default Mode Master htaccess file was created successfully.
Pass! The cURL Extension is Loaded/Installed on your website/Server.
AutoRestore|Quarantine plugins folder Exclude Rule DB Option saved or updated Successfully!
AutoRestore|Quarantine plugins folder Exclude Rule created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/plugins/bulletproof-security/includes/class.php File created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/master-backups/class.php File copied to backup Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/includes/class.php File copied to ARQ backup Successfully!
Plugin Firewall cURL Scanner Successfully Scanned: 7 Pages & Posts
Plugin Firewall bps_pfw_paypal DB Option created or updated Successfully!
Plugin Firewall bps_pfw_google DB Option created or updated Successfully!
Plugin Firewall bps_pfw_amazon DB Option created or updated Successfully!
Plugin Firewall bps_pfw_authorizenet DB Option created or updated Successfully!
Plugin Firewall bps_pfw_whitelist DB Option created or updated Successfully!
Plugin Firewall bps_pfw_allow_from DB Option created or updated Successfully!

Setup Wizard

BulletProof Security Pro Synchronize WordPress Version

bps_wp_version DB Option created or updated Successfully!
bps_wp_version_last_modified_time DB Option created or updated Successfully!
BulletProof Security Pro Database Tables Setup

mb2016_bpspro_arq_quarantine DB Table created Successfully!
mb2016_bpspro_arq_exclude DB Table created Successfully!
mb2016_bpspro_seclog_ignore DB Table created Successfully!
mb2016_bpspro_login_security DB Table created Successfully!
mb2016_bpspro_dbm_monitor DB Table created Successfully!
mb2016_bpspro_db_backup DB Table created Successfully!
mb2016_bpspro_folder_lock DB Table created Successfully!
BulletProof Security Pro Core Folders Setup

/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup Folder created Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/master-backups Folder created Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/autorestore Folder created Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/quarantine Folder created Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/logs Folder created Successfully!
BulletProof Security Pro Core Files Setup

/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/.htaccess File created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/master-backups/.htaccess File created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/logs/autorestore_log.txt File created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/logs/string_replacer_log.txt File created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/logs/http_error_log.txt File created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/logs/bps_php_error.log File created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/master-backups/Login-Security-Alert-Reset.txt File created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/plugins/bulletproof-security/admin/htaccess/db_monitor_log.txt File created or updated Successfully!
BulletProof Security DB Monitor Setup

bps_db_monitor_cron DB Option created or updated Successfully!
bps_db_monitor_cron_frequency DB Option created or updated Successfully!
bps_db_monitor_cron_table_created_check DB Option created or updated Successfully!
bps_db_monitor_cron_end DB Option created or updated Successfully!
DB Monitor DB Options created or updated Successfully!
BulletProof Security DB Backup Setup

/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/backups_K691E9lWyECbVR2 Folder created Successfully!
bps_db_backup DB Option created or updated Successfully!
bps_db_backup_description DB Option created or updated Successfully!
bps_db_backup_folder DB Option created or updated Successfully!
bps_db_backup_download_link DB Option created or updated Successfully!
bps_db_backup_job_type DB Option created or updated Successfully!
bps_db_backup_frequency DB Option created or updated Successfully!
bps_db_backup_start_time_hour DB Option created or updated Successfully!
bps_db_backup_start_time_weekday DB Option created or updated Successfully!
bps_db_backup_start_time_month_date DB Option created or updated Successfully!
bps_db_backup_email_zip DB Option created or updated Successfully!
bps_db_backup_delete DB Option created or updated Successfully!
bps_db_backup_status_display DB Option created or updated Successfully!
BulletProof Security Pro Uploads Anti-Exploit Guard (UAEG) Setup

/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/uploads/.htaccess File created or updated Successfully!
BulletProof Security Pro Security Log User Agent Filter Setup

Security Log User Agent Filter Check Successful! 0 User Agent Filters to update.
BulletProof Security Pro Log Files Database Options Setup

bulletproof_security_options_ARCM_log DB Option created or updated Successfully!
bulletproof_security_options_Security_log DB Option created or updated Successfully!
bulletproof_security_options2 DB Option created or updated Successfully!
bulletproof_security_options_elog DB Option created or updated Successfully!
bulletproof_security_options_DBM_log DB Option created or updated Successfully!
bulletproof_security_options_DBB_log DB Option created or updated Successfully!
BulletProof Security Pro ini_set Options Setup

bps_iniSet_ErrorReporting DB Option created or updated Successfully!
bps_iniSet_LogErrors DB Option created or updated Successfully!
bps_iniSet_ErrorLog DB Option created or updated Successfully!
bps_iniSet_LogErrorsMaxLen DB Option created or updated Successfully!
bps_iniSet_MemoryLimit DB Option created or updated Successfully!
bps_iniSet_session_cookie_httponly DB Option created or updated Successfully!
bps_iniSet_session_use_only_cookies DB Option created or updated Successfully!
bps_iniSet_session_cookie_secure DB Option created or updated Successfully!
bps_iniSet_IgnoreRepeatedErrors DB Option created or updated Successfully!
bps_iniSet_IgnoreRepeatedSource DB Option created or updated Successfully!
bps_iniSet_AllowUrlInclude DB Option created or updated Successfully!
bps_iniSet_DefineSyslogVar DB Option created or updated Successfully!
bps_iniSet_DisplayErrors DB Option created or updated Successfully!
bps_iniSet_DisplayStartupErrors DB Option created or updated Successfully!
bps_iniSet_ImplicitFlush DB Option created or updated Successfully!
bps_iniSet_MagicQuotesRuntime DB Option created or updated Successfully!
bps_iniSet_MaxExecutionTime DB Option created or updated Successfully!
bps_iniSet_MysqlConnectTimeout DB Option created or updated Successfully!
bps_iniSet_MysqlTraceMode DB Option created or updated Successfully!
bps_iniSet_ReportMemleaks DB Option created or updated Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/autorestore/root-files Folder created Successfully!
ini_set Options created in wp-config.php Successfully!
/var/www/vhosts/markbeaumontonline.com/httpdocs/wp-content/bps-backup/autorestore/root-files/wp-config.php copied to AutoRestore Backup Successfully!
BulletProof Security Pro S-Monitor Monitoring and Alerting Options Setup

bps_first_launch DB Option created or updated Successfully!
bps_security_status DB Option created or updated Successfully!
bps_SecLog_entry DB Option created or updated Successfully!
bps_autorestore_status DB Option created or updated Successfully!
bps_plugin_firewall_status DB Option created or updated Successfully!
bps_UAEG_status DB Option created or updated Successfully!
bps_login_security_status DB Option created or updated Successfully!
bps_flock_status DB Option created or updated Successfully!
bps_HUD_alerts DB Option created or updated Successfully!
bps_PHP_ELogLoc_set DB Option created or updated Successfully!
bps_PHP_ELog_error DB Option created or updated Successfully!
bps_phpini_created DB Option created or updated Successfully!
bps_login_security_alerts DB Option created or updated Successfully!
bps_jtc_antispam_status DB Option created or updated Successfully!
bps_dbm_status DB Option created or updated Successfully!
bps_dbm_alerts DB Option created or updated Successfully!
bps_dbb_status DB Option created or updated Successfully!
bps_flock_FL_alerts DB Option created or updated Successfully!
bps_isl_status DB Option created or updated Successfully!
bps_ace_status DB Option created or updated Successfully!
BulletProof Security Pro S-Monitor Email Alerting & Log File Options Setup

bps_send_email_to DB Option created or updated Successfully!
bps_send_email_from DB Option created or updated Successfully!
bps_send_email_cc DB Option created or updated Successfully!
bps_send_email_bcc DB Option created or updated Successfully!
bps_login_security_email DB Option created or updated Successfully!
bps_autorestore_email DB Option created or updated Successfully!
bps_arq_log_size DB Option created or updated Successfully!
bps_arq_log_email DB Option created or updated Successfully!
bps_security_log_email DB Option created or updated Successfully!
bps_security_log_size DB Option created or updated Successfully!
bps_security_log_emailL DB Option created or updated Successfully!
bps_error_log_email DB Option created or updated Successfully!
bps_php_log_size DB Option created or updated Successfully!
bps_php_log_email DB Option created or updated Successfully!
bps_upgrade_email DB Option created or updated Successfully!
bps_dbm_email DB Option created or updated Successfully!
bps_dbm_log_email DB Option created or updated Successfully!
bps_dbm_log_size DB Option created or updated Successfully!
bps_dbb_log_email DB Option created or updated Successfully!
bps_dbb_log_size DB Option created or updated Successfully!
bps_flock_email DB Option created or updated Successfully!
bps_arq_cron_frequency_email DB Option created or updated Successfully!
bps_arq_cron_next_email DB Option created or updated Successfully!
BulletProof Security Pro Login Security & Monitoring Options Setup

bps_max_logins DB Option created or updated Successfully!
bps_lockout_duration DB Option created or updated Successfully!
bps_manual_lockout_duration DB Option created or updated Successfully!
bps_max_db_rows_display DB Option created or updated Successfully!
bps_login_security_OnOff DB Option created or updated Successfully!
bps_login_security_logging DB Option created or updated Successfully!
bps_login_security_errors DB Option created or updated Successfully!
bps_login_security_remaining DB Option created or updated Successfully!
bps_login_security_pw_reset DB Option created or updated Successfully!
bps_login_security_sort DB Option created or updated Successfully!
bulletproof_security_options_login_alerts DB Option created or updated Successfully!
BulletProof Security Pro JTC Anti-Spam|Anti-Hacker Options Setup

bps_tooltip_captcha_key DB Option created or updated Successfully!
bps_tooltip_captcha_hover_text DB Option created or updated Successfully!
bps_tooltip_captcha_title DB Option created or updated Successfully!
bps_tooltip_captcha_logging DB Option created or updated Successfully!
bps_jtc_login_form DB Option created or updated Successfully!
bps_jtc_register_form DB Option created or updated Successfully!
bps_jtc_lostpassword_form DB Option created or updated Successfully!
bps_jtc_comment_form DB Option created or updated Successfully!
bps_jtc_buddypress_register_form DB Option created or updated Successfully!
bps_jtc_buddypress_sidebar_form DB Option created or updated Successfully!
bps_jtc_administrator DB Option created or updated Successfully!
bps_jtc_editor DB Option created or updated Successfully!
bps_jtc_author DB Option created or updated Successfully!
bps_jtc_contributor DB Option created or updated Successfully!
bps_jtc_subscriber DB Option created or updated Successfully!
bps_jtc_comment_form_error DB Option created or updated Successfully!
BulletProof Security Pro F-Lock Options Setup

bps_lock_root_htaccess DB Option created or updated Successfully!
bps_lock_wpconfig DB Option created or updated Successfully!
bps_lock_index_php DB Option created or updated Successfully!
bps_lock_wpblog_header DB Option created or updated Successfully!
bps_lock_root_htaccess_dr DB Option created or updated Successfully!
bps_lock_index_php_dr DB Option created or updated Successfully!
bps_lock_root_htaccess_gwiod DB Option created or updated Successfully!
bps_lock_index_php_gwiod DB Option created or updated Successfully!
bps_root_htaccess_autolock DB Option created or updated Successfully!
bps_folder_lock_cron DB Option created or updated Successfully!
bps_folder_lock_cron_frequency DB Option created or updated Successfully!
bps_folder_lock_cron_end DB Option created or updated Successfully!
bulletproof_security_options_flock_FL_alerts DB Option created or updated Successfully!

Thanks
Jason

[AITpro Admin]

@ Jason – Did you manually edit/change the “URLEDITED.com” in the php error that you posted or is that the actual php error?

[Jason]

Yeh, I removed the site URL as its a client website and didn’t want it appearing in searches.

I was just writing an updated. I’d installed version 11.8 of BPS Pro and have now updated to latest release, should have done that before but forgot.

However, having updated the entire WordPress admin area is now grey with only the menu visible. I’ve gone in via FTP and renamed the BPS Pro folder which has brought everything back in the admin area.

Currently BPS Pro is now disabled as I can’t see anything in the admin and checking server error log

[AITpro Admin]

@ Jason – Ouch.  Yeah that is bad news if you had WordPress 4.6+ installed.  BPS Pro 12+ versions had a massive amount of new code written for all the massive changes in WP 4.6.  Ok so let’s deal with this new problem and then tackle the original problem with open_basedir.  How did you update/upgrade BPS Pro?  Did you update BPS Pro on the WordPress Plugins page?

[Author]

Posts