Plugin Firewall – Read Me First Troubleshooting

Home Forums BulletProof Security Pro Plugin Firewall – Read Me First Troubleshooting

This topic contains 63 replies, has 17 voices, and was last updated by  AITpro Admin 1 year, 2 months ago.

Viewing 15 posts - 31 through 45 (of 64 total)
  • Author
    Posts
  • #30932

    AITpro Admin
    Keymaster

    @ Max – There are a handful of known things that break the BPS Pro Plugin Firewall, which then cause the UI or other secondary things to be screwed up.  Try either of these fixes at the very beginning of this Topic:  “Fix all general Plugin Firewall issues/problems:” or “Fix all general Plugin Firewall issues/problems and Proxy server configuration mistakes:” if you have a Proxy.  If the steps listed under each of these “fix all” solutions do not work then send a WP Admin login to this site to:  info at ait-pro dot com so I can figure out and fix what is breaking the BPS Pro Plugin Firewall and then causing the secondary combo problems.

    #30933

    AITpro Admin
    Keymaster

    @ Max – I put together a list of the most common things that break the BPS Pro Plugin Firewall with solutions below:

    Incapsula or other Proxies, in-house proxies:
    Typically this fix will work for problems caused by Proxies

    Fix all general Plugin Firewall issues/problems and Proxy server configuration mistakes:
    Additional steps to fix both general Plugin Firewall issues/problems and to compensate for an additional Proxy server configuration mistake (whitelist the Proxy IP Address). Note: This only applies to Proxy server issues/problems. Use the steps above unless specifically instructed to use these steps below to fix/whitelist a Proxy server IP address problem.

    1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
    2. Go to the Plugin Firewall page.
    3. Click the Plugin Firewall Additional Whitelist Tools accordion tab.
    4. Enter Proxy server IP address: xxx.xxx.xxx.xxx in the Whitelist by Hostname (domain name) and IP Address text box.
    5. Click the Save Hostname and IP Address Rules button.
    6. Click the Plugin Firewall BulletProof Mode Deactivate button.
    7. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
    8. Click the Save Whitelist Options button.
    9. Click the Plugin Firewall Test Mode button.
    10. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
    11. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
    12. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
    13. Click the Plugin Firewall Activate button.

    Other plugins or themes loading their js scripts in BPS plugin pages:
    the Script|Style Loader Filter (SLF) In BPS Plugin Pages option under Setup > UI|UX Settings > SLF On setting may or may not fix
    the problem. In some cases the Plugin Firewall cannot be used with some plugins or themes if BPS cannot prevent them from breaking
    the Plugin Firewall.

    Maintenance Mode plugins or themes:
    depending on how the Maintenance Mode feature is designed|works, it can prevent the Plugin Firewall from working correctly.
    So the temporary workaround is to keep the Plugin Firewall turned Off while the site is in Maintenance Mode and then once the site is out of
    Maintenance Mode then the Plugin Firewall can be activated|turned on.

    Minification of plugin scripts:

    Minify Plugins: If you are using a Minify plugin then you will probably not see Security Log entries / alerts. Most if not all minifying plugins allow you to choose to exclude plugin scripts that you do not want to minify. If you want to use the BPS Pro Plugin Firewall then you can choose not to minify particular plugin scripts so that you can use both minifying and the Plugin Firewall together. It is recommended that you turn Off/deactivate minifying to get the plugin scripts that need to be whitelisted in the Plugin Firewall. After you have added those plugin scripts to your Plugin Firewall whitelist you can then exclude those same plugin scripts from being minified in your minify plugin and turn On/activate your Minify plugin.

    #31408

    tonyw
    Participant

    [Topic has been merged into this relevant Topic]
    Ok, I accept my own lack of knowledge is probably the main issue here, but I have tried in vain for several days to figure out whats happening.

    Summary;

    Dedicated server, WP (updated) and several plugins install as you might expect, plus a premium theme Grand News, Tweet wheel pro – both of which were fine with free BPS.

    Adding the Pro version has caused a few problems – Tweet Wheel pro – was setup and running – but the admin panel was no longer accessible, I followed instructions for finding and whitelisting – to no avail (but i accept i might be totally wrong with the diagnosis), in desperation i disabled all the BPS functions – still it didnt work – totally uninstalling BPS hasnt cured it either.

    Also “some” admin features of the theme are no longer accessible – as per above – even removing BPS, all the htaccess files and using a default htaccess hasnt restored the functions.

    I am trying to avoid going back a week on the backup as so much content has been added – but i maybe forced to do so, I am hoping you guys can offer advice on getting things back working and how to use the software properly.

    TIA

    #31410

    tonyw
    Participant

    [Topic has been merged into this relevant Topic]
    Thanks for the prompt response, referring me back to things i have read and cant really interpret or make any use of however, might be what i expected, but hoped wouldn’t happen.

    I will simply delete the plug in and review it as such. I appreciate your own knowledge far exceeds my own, but when the information is so complex as to render it useless to the user, that defeats the object?

    I realise this will be another comment simply deleted – and if it is, then this matter is closed and I will cut my lossess.

    #31411

    AITpro Admin
    Keymaster

    @ tonyw – This sounds like a Plugin Firewall issue/problem.  So I have moved your post here.  Do BPS Pro troubleshooting step #3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button.  http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting  So if this isolates the problem then we can move forward with other troubleshooting steps. Let me know what happens after doing step #3.

    #31413

    AITpro Admin
    Keymaster

    @ tonyw – I moved your additional post here.  Would you like for me to login to your site and figure this out?  If so, create a temporary WP Administrator login to your site and send it to:  info at ait-pro dot com and I’ll figure out whatever is going on. 😉

    #31414

    tonyw
    Participant

    i have been through all of these things – but not being fully au fait with all the terms, how is reading it all again – i have tried for 5 days solid 5 hours or more a day – but getting nowhere , hence coming to you. I have removed as much as I can see of BPS and the site is still broken.

    I have had to change the permissions on my root htaccess 3 times as I was completely locked out of the site.

    I am sure its down to config, but I cant figure it out and me going round in circles reading the same stuff that i still dont really understand, isnt going to help – I am not blaming you or your product, but its not good to me if i cant get it work or learn to work it? you see my point?

     

    #31415

    AITpro Admin
    Keymaster

    @ tonyw – I sent you an email so we can continue working on whatever the problem is directly via email.

    #31420

    Douglas42
    Participant

    [Topic has been merged into this relevant Topic]
    Hello BPS team,

    First of all, I’ve been using BPS for a year now. Great plugin, thank you for your work!

    Here’s my problem:
    I noticed that the plugins directory’s .htaccess file (/wp-content/plugins) contained the following rule:

    # FORBID REMOTE ACCESS TO THESE PLUGIN FILE TYPES FROM ANYONE EXCEPT YOU
    RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$ [NC]
    # BEGIN PUBLIC IP
    RewriteCond %{REMOTE_ADDR} !^<IP ADDRESS>$
    # END PUBLIC IP
    RewriteRule ^(.*)$ - [F]

    I didn’t add this rule. And it was preventing javascript plugins from working properly in frontoffice.

    Is it a default rule added at each BPS Pro installation?
    Does a BPS Pro component automaticly add rules to htaccess files? In which case?

    Thank you.

    #31422

    AITpro Admin
    Keymaster

    @ Douglas42 – That Plugin Firewall htaccess code is just part of the standard htaccess file.  Plugin Firewall AutoPilot Mode automatically creates whitelist rules for js and other frontloading files on your website.  Which version of BPS Pro do you have installed?  Do you have Plugin Firewall AutoPilot Mode turned On?

    #31822

    Paul
    Participant

    On fresh install new site i keep getting /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=12.5 as error in Security Log and losing all formatting on admin side

    #31825

    AITpro Admin
    Keymaster

    @ Paul – See the “Troubleshooting: Reset|Clear The Plugin Firewall (fixes most if not all Plugin Firewall issues/problems)” help section at the beginning of this forum topic.

    #31826

    Paul
    Participant

    have tried this, but still get /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js and lose all formatting om admin page

    #31828

    AITpro Admin
    Keymaster

    @ Paul – Try reinstalling WordPress > Dashboard menu > Updates > Re-Install Now button.  Try manually reinstalling BPS Pro 12.5 (if you have an old version of BPS Pro installed then that could be the problem):  https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/  Other things that break the Plugin Firewall: https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/page/3/#post-30933  If none of these things work then probably something else you have installed is breaking the Plugin Firewall.  If you want me to figure out the problem then send me a WordPress Administrator login to this website to:  info at ait-pro dot com.

    #32085

    Alex
    Participant

    [Topic has been merged into this relevant Topic]
    Hi, i am getting similar issues with 403 errors on sites where i am trying to run plugins with bulletproof installed.

    I am getting errors such as this: 403 error on these resources: http://80.244.187.39/~comdronic/

    http://80.244.187.39/~comdronic/wp-content/plugins/sharify/sharify-style.php
    http://80.244.187.39/~comdronic/wp-content/plugins/snazzy-maps/snazzymaps.js?ver=1.1.2
    http://80.244.187.39/~comdronic/wp-content/plugins/mapifypro-master/assets/js/jquery.touchSwipe.min.js?ver=4.7

    And on this site: http://80.244.187.39/~hydracareco/

    It will not allow the carousel to run (on some about 50% of browsers) i have tried to disable bulletproof plugin but it still doesnt work because i think it leaves htaccess in place?. If i check on a proxy it is still blocking some js files from loading. I have also tried disabling mod security and firewall on server in case it was that.

    I have spoken to the host and divi theme developers and they seem to think it is related to BPS.

    Kind regards

Viewing 15 posts - 31 through 45 (of 64 total)

You must be logged in to reply to this topic.