Better WP Security – Conflict with All-in-One Event Calendar

[AITpro Admin]

Ok at this point take BPS out of the equation completely doing the BPS troubleshooting steps below.  If the problem is still occurring then the issue/problem is related to Wordfence and not BPS.

http://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
3. If an issue/problem is related to Login Security turn Off Login Security on the Login Security & Monitoring page.
4. If an issue/problem is related to ISL or ACE see this forum topic: http://forum.ait-pro.com/forums/topic/idle-session-logout-isl-and-authentication-cookie-expiration-ace/

[HCE]

Hello!
Sorry for the delay.  I just did as you instructed above, and the distorted display of the calendar still persists.  Any further recommendations?  Thanks!

[AITpro Admin]

Ok then you will need to add a wp-admin admin-ajax.php plugin/file skip/bypass rule to the BPS wp-admin Custom Code.

1. Add the admin-ajax.php skip/bypass rule below to this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and Activate wp-admin Folder BulletProof Mode.

Note:  The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1].  If you have other wp-admin skip/bypass rules already then either combine them or add this skip/bypass rule separately above the other rules and change the skip #.  Example:  If you already have skip #’s 2 and 3 then this rule would be skip rule #4.

# admin-ajax.php skip/bypass rule
RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
RewriteRule . - [S=2]

[HCE]

Ok, so should I reactive the BPS modes first, or enter this code and then reactivate? 

[AITpro Admin]

Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code box on the BPS Custom Code page first – CUSTOM CODE WPADMIN PLUGIN FIXES: and then activate BulletProof Mode for your wp-admin folder again.

[HCE]

Ok, I added the code to the CUSTOM CODE WPADMIN PLUGIN FIXES.  Then I activated the wp-admin Folder .htaccess Security Mode.  Do I also now reactivate the Root Folder .htaccess Security Mode, as I deactivated bulletproof Mode, per the initial instructions.  Or do I restore it?  (Sorry, I just want to make sure I do this right.)

[AITpro Admin]

This skip/bypass rule only applies to the wp-admin .htaccess file and does not apply to the root .htaccess file.  Just activate BulletProof Mode for your Root folder again.  After you have done this then you can create new Backup files instead of Restoring the old ones.

[HCE]

Ok, I entered the custom code, reactivated the root and wp-admin, but the distorted display still persists.  Can you check it out?

[AITpro Admin]

Hmm actually I read your response wrong.  If you deactivated Root and wp-admin Folder BulletProof Modes and neither the Root or wp-admin .htaccess files were activated then BPS is not blocking the All-in-One Event Calendar plugin.  The only thing I found with Firebug was that the Wordfence plugin is blocking the All-in-One Event Calendar plugin. Have you checked your BPS Security Log yet?  Do you see any log entries regarding the All-in-One Event Calendar or the path to the calendar with  /event in the path/URI? Try deactivating the Wordfence plugin and see if the All-in-One Event Calendar displays correctly.

[HCE]

There is nothing in the error log.  But entering that code you gave me seems to have corrected one aspect.  While the display of the calendar is still distorted, clicking on “Week”, “Day”, “Month”, etc. now works, whereas it wasn’t working before…

[AITpro Admin]

Deactivate the Wordfence plugin and see what happens.

[AITpro Admin]

Also Wordfence allows you to whitelist pages, actions, etc.  So if at some point Wordfence blocked this and you did not whitelist it then Wordfence is still blocking the calendar from displaying correctly.  I really only know general things about Wordfence and do not know any more than this little bit of info about that plugin.

[HCE]

I just deactivated WordFence, but same issue.  Should I remove the custom code on BPS?

[AITpro Admin]

Deactivate Root Folder BulletProof Mode again.  This will mean that both BPS and Wordfence are not a factor/causing the problem and the problem is either directly in the All-in-One Event Calendar or another plugin that you have installed or your Theme is causing the problem. The next logical troubleshooting steps are to deactivate all plugins except for the All-in-One Calendar and test. If the problem is still occurring then you will need to temporarily switch to the WordPress 2011 or 2012 Theme to see if the problem is your Theme itself.

[HCE]

I deleted the WordFence plugin all together and the issue persists.  Why would it display properly when I’m logged in to my WP Dashboard but not display properly when logged out? 

[Author]

Posts