Better WP Security – Conflict with All-in-One Event Calendar

[HCE]

When I’m logged in to my WP Dashboard the calendar displays properly.  When I’m logged out, the display is distorted.  I think this has something to do with the wp-admin .htaccess file.
Please advise.  Thank you!

[AITpro Admin]

Check the BPS Security Log page for any errors directly related to the All-in-One Event Calendar plugin and post that error here.  Thanks.

[HCE]

Hi!  Thanks for the quick reply.  I just checked the security log and nothing is currently there.  In attempts to trouble shoot the issue I reactivated all the security modes.  Would this have cleared out any security logs?
What else do you suggested?  Can I send you a private message or email with the link to my site so you can take a better look at the issue?

[AITpro Admin]

Go to the BPS htaccess File Editor tab page, click on the “Your Current Root htaccess File” tab, scroll down in your root .htaccess file and look for this code below.  Your actual code may look slightly different than this code below.  Do you see this code?  If so, are there pound signs # in front of this code?  If so, then remove the pound signs.

ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
ErrorDocument 401 default
ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
ErrorDocument 404 /404.php

[HCE]

I do see this code.  There are no pound signs in front of this code.  However, this code does include “wp-content” and I changed the name of my content directory.  I edited this code to replace “wp-content” with the new directory name, and now all my pages are returning a 403 page.  I did log in to cPanel and edited this .htaccess file back to “wp-content”, but the 403 pages are still showing.  Please advise.

[HCE]

The 403 page includes this:
 
“Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.”

[AITpro Admin]

Are you saying that you are using a hiding method of trying to hide your wp-content folder by renaming it to something other than wp-content?  The only time you would need to change the wp-content folder path is if your WordPress wp-content folder name was named something else in an attempt to hide it (which does not really work to hide from Bots by the way 😉 ).  Delete the .htaccess file in your website root folder, log back into your site and activate Root folder BulletProof Mode again.

I will install and test the All-in-One Event Calendar plugin and post the results back here.

[HCE]

I used the Better WP Security plugin to change the content directory.  It renamed it so it’s no longer wp-content.  It’s not just hidden, it’s completely renamed. 

[HCE]

I did as you instructed above and the pages of my site are now showing again.  Thank you.
Any assistance you can provide on getting this calendar to display properly when logged out, as it displays properly when logged in, would be greatly appreciated! 

[AITpro Admin]

Not a real big fan of trying to hide things by renaming them, but it probably helps in some way so each to his/her own ;).  Any way back to the issue.  I installed the All-in-One Event Calendar plugin, but was unable to do testing since it requires upgrading from the Lite version to the Standard version.  The Standard version coding has API Server connection coding in it so since this upgrade did not come from WordPress.org then I am not allowed to install the upgrade to test it. So yep send me an email with a link to your website and I will see if I can see what the issue is.  Thanks.

[HCE]

Thanks for all your efforts!  I can send you the zip file with the standard version, so you can install it manually, if you’d like.  What email address should I send the link to?

[AITpro Admin]

I actually downloaded the Standard version.  Before we can install anything on the testing Servers we have to scan the code and the All-in-One Event Calendar plugin code contains API Server connection coding.  This in itself is perfectly fine, but before we are allowed to install anything that makes a connection to an unkown API Server that code has to be thoroughly inspected, which would take some time.  I put in a request to have the code inspected, but usually that takes a week before it is OK’d to install and test.

Send your website link to info at ait-pro dot com.  Please do not send login information or create a login account for us.  I am only allowed to look at the front of your website and am not allowed to login to the website.  Thanks.

[HCE]

Got it!  Sending that email now.

[HCE]

I just sent the email.  Please confirm you have received it.  Thanks!

[AITpro Admin]

Hmm interesting.  I thought the issue/problem would have something to do with the WordPress admin-ajax.php file and it does, but it looks like you have the Wordfence plugin installed and it is blocking the calendar.  Will post an image in a second so you can see what I see in Firebug.

[Author]

Posts