Better WP Security – Conflict with All-in-One Event Calendar

Home Forums BulletProof Security Free Better WP Security – Conflict with All-in-One Event Calendar

This topic contains 38 replies, has 2 voices, and was last updated by  AITpro Admin 6 years, 7 months ago.

Viewing 15 posts - 1 through 15 (of 39 total)
  • Author
    Posts
  • #2159

    HCE
    Participant

    When I’m logged in to my WP Dashboard the calendar displays properly.  When I’m logged out, the display is distorted.  I think this has something to do with the wp-admin .htaccess file.
    Please advise.  Thank you!

    #2160

    AITpro Admin
    Keymaster

    Check the BPS Security Log page for any errors directly related to the All-in-One Event Calendar plugin and post that error here.  Thanks.

    #2162

    HCE
    Participant

    Hi!  Thanks for the quick reply.  I just checked the security log and nothing is currently there.  In attempts to trouble shoot the issue I reactivated all the security modes.  Would this have cleared out any security logs?
    What else do you suggested?  Can I send you a private message or email with the link to my site so you can take a better look at the issue?

    #2164

    AITpro Admin
    Keymaster

    Go to the BPS htaccess File Editor tab page, click on the “Your Current Root htaccess File” tab, scroll down in your root .htaccess file and look for this code below.  Your actual code may look slightly different than this code below.  Do you see this code?  If so, are there pound signs # in front of this code?  If so, then remove the pound signs.

    ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
    ErrorDocument 401 default
    ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 /404.php
    #2166

    HCE
    Participant

    I do see this code.  There are no pound signs in front of this code.  However, this code does include “wp-content” and I changed the name of my content directory.  I edited this code to replace “wp-content” with the new directory name, and now all my pages are returning a 403 page.  I did log in to cPanel and edited this .htaccess file back to “wp-content”, but the 403 pages are still showing.  Please advise.

    #2167

    HCE
    Participant

    The 403 page includes this:
     
    “Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.”

    #2168

    AITpro Admin
    Keymaster

    Are you saying that you are using a hiding method of trying to hide your wp-content folder by renaming it to something other than wp-content?  The only time you would need to change the wp-content folder path is if your WordPress wp-content folder name was named something else in an attempt to hide it (which does not really work to hide from Bots by the way 😉 ).  Delete the .htaccess file in your website root folder, log back into your site and activate Root folder BulletProof Mode again.

    I will install and test the All-in-One Event Calendar plugin and post the results back here.

    #2169

    HCE
    Participant

    I used the Better WP Security plugin to change the content directory.  It renamed it so it’s no longer wp-content.  It’s not just hidden, it’s completely renamed. 

    #2170

    HCE
    Participant

    I did as you instructed above and the pages of my site are now showing again.  Thank you.
    Any assistance you can provide on getting this calendar to display properly when logged out, as it displays properly when logged in, would be greatly appreciated! 

    #2171

    AITpro Admin
    Keymaster

    Not a real big fan of trying to hide things by renaming them, but it probably helps in some way so each to his/her own ;).  Any way back to the issue.  I installed the All-in-One Event Calendar plugin, but was unable to do testing since it requires upgrading from the Lite version to the Standard version.  The Standard version coding has API Server connection coding in it so since this upgrade did not come from WordPress.org then I am not allowed to install the upgrade to test it. So yep send me an email with a link to your website and I will see if I can see what the issue is.  Thanks.

    #2173

    HCE
    Participant

    Thanks for all your efforts!  I can send you the zip file with the standard version, so you can install it manually, if you’d like.  What email address should I send the link to?

    #2174

    AITpro Admin
    Keymaster

    I actually downloaded the Standard version.  Before we can install anything on the testing Servers we have to scan the code and the All-in-One Event Calendar plugin code contains API Server connection coding.  This in itself is perfectly fine, but before we are allowed to install anything that makes a connection to an unkown API Server that code has to be thoroughly inspected, which would take some time.  I put in a request to have the code inspected, but usually that takes a week before it is OK’d to install and test.

    Send your website link to info at ait-pro dot com.  Please do not send login information or create a login account for us.  I am only allowed to look at the front of your website and am not allowed to login to the website.  Thanks.

    #2175

    HCE
    Participant

    Got it!  Sending that email now.

    #2176

    HCE
    Participant

    I just sent the email.  Please confirm you have received it.  Thanks!

    #2178

    AITpro Admin
    Keymaster

    Hmm interesting.  I thought the issue/problem would have something to do with the WordPress admin-ajax.php file and it does, but it looks like you have the Wordfence plugin installed and it is blocking the calendar.  Will post an image in a second so you can see what I see in Firebug.

    wordfence-admin-ajax-error

Viewing 15 posts - 1 through 15 (of 39 total)

You must be logged in to reply to this topic.