Home › Forums › BulletProof Security Pro › Plugin Firewall Help Info
Tagged: Plugin Firewall
- This topic has 63 replies, 17 voices, and was last updated 6 years, 5 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
@ Max – There are a handful of known things that break the BPS Pro Plugin Firewall, which then cause the UI or other secondary things to be screwed up. Try either of these fixes at the very beginning of this Topic: “Fix all general Plugin Firewall issues/problems:” or “Fix all general Plugin Firewall issues/problems and Proxy server configuration mistakes:” if you have a Proxy. If the steps listed under each of these “fix all” solutions do not work then send a WP Admin login to this site to: info at ait-pro dot com so I can figure out and fix what is breaking the BPS Pro Plugin Firewall and then causing the secondary combo problems.
AITpro AdminKeymaster@ Max – I put together a list of the most common things that break the BPS Pro Plugin Firewall with solutions below:
Incapsula or other Proxies, in-house proxies:
Typically this fix will work for problems caused by ProxiesFix all general Plugin Firewall issues/problems and Proxy server configuration mistakes:
Additional steps to fix both general Plugin Firewall issues/problems and to compensate for an additional Proxy server configuration mistake (whitelist the Proxy IP Address). Note: This only applies to Proxy server issues/problems. Use the steps above unless specifically instructed to use these steps below to fix/whitelist a Proxy server IP address problem.1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
2. Go to the Plugin Firewall page.
3. Click the Plugin Firewall Additional Whitelist Tools accordion tab.
4. Enter Proxy server IP address: xxx.xxx.xxx.xxx in the Whitelist by Hostname (domain name) and IP Address text box.
5. Click the Save Hostname and IP Address Rules button.
6. Click the Plugin Firewall BulletProof Mode Deactivate button.
7. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
8. Click the Save Whitelist Options button.
9. Click the Plugin Firewall Test Mode button.
10. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
11. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
12. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
13. Click the Plugin Firewall Activate button.Other plugins or themes loading their js scripts in BPS plugin pages:
the Script|Style Loader Filter (SLF) In BPS Plugin Pages option under Setup > UI|UX Settings > SLF On setting may or may not fix
the problem. In some cases the Plugin Firewall cannot be used with some plugins or themes if BPS cannot prevent them from breaking
the Plugin Firewall.Maintenance Mode plugins or themes:
depending on how the Maintenance Mode feature is designed|works, it can prevent the Plugin Firewall from working correctly.
So the temporary workaround is to keep the Plugin Firewall turned Off while the site is in Maintenance Mode and then once the site is out of
Maintenance Mode then the Plugin Firewall can be activated|turned on.Minification of plugin scripts:
Minify Plugins: If you are using a Minify plugin then you will probably not see Security Log entries / alerts. Most if not all minifying plugins allow you to choose to exclude plugin scripts that you do not want to minify. If you want to use the BPS Pro Plugin Firewall then you can choose not to minify particular plugin scripts so that you can use both minifying and the Plugin Firewall together. It is recommended that you turn Off/deactivate minifying to get the plugin scripts that need to be whitelisted in the Plugin Firewall. After you have added those plugin scripts to your Plugin Firewall whitelist you can then exclude those same plugin scripts from being minified in your minify plugin and turn On/activate your Minify plugin.
tonywParticipant[Topic has been merged into this relevant Topic]
Ok, I accept my own lack of knowledge is probably the main issue here, but I have tried in vain for several days to figure out whats happening.Summary;
Dedicated server, WP (updated) and several plugins install as you might expect, plus a premium theme Grand News, Tweet wheel pro – both of which were fine with free BPS.
Adding the Pro version has caused a few problems – Tweet Wheel pro – was setup and running – but the admin panel was no longer accessible, I followed instructions for finding and whitelisting – to no avail (but i accept i might be totally wrong with the diagnosis), in desperation i disabled all the BPS functions – still it didnt work – totally uninstalling BPS hasnt cured it either.
Also “some” admin features of the theme are no longer accessible – as per above – even removing BPS, all the htaccess files and using a default htaccess hasnt restored the functions.
I am trying to avoid going back a week on the backup as so much content has been added – but i maybe forced to do so, I am hoping you guys can offer advice on getting things back working and how to use the software properly.
TIA
tonywParticipant[Topic has been merged into this relevant Topic]
Thanks for the prompt response, referring me back to things i have read and cant really interpret or make any use of however, might be what i expected, but hoped wouldn’t happen.I will simply delete the plug in and review it as such. I appreciate your own knowledge far exceeds my own, but when the information is so complex as to render it useless to the user, that defeats the object?
I realise this will be another comment simply deleted – and if it is, then this matter is closed and I will cut my lossess.
AITpro AdminKeymaster@ tonyw – This sounds like a Plugin Firewall issue/problem. So I have moved your post here. Do BPS Pro troubleshooting step #3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button. http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting So if this isolates the problem then we can move forward with other troubleshooting steps. Let me know what happens after doing step #3.
AITpro AdminKeymaster@ tonyw – I moved your additional post here. Would you like for me to login to your site and figure this out? If so, create a temporary WP Administrator login to your site and send it to: info at ait-pro dot com and I’ll figure out whatever is going on. 😉
tonywParticipanti have been through all of these things – but not being fully au fait with all the terms, how is reading it all again – i have tried for 5 days solid 5 hours or more a day – but getting nowhere , hence coming to you. I have removed as much as I can see of BPS and the site is still broken.
I have had to change the permissions on my root htaccess 3 times as I was completely locked out of the site.
I am sure its down to config, but I cant figure it out and me going round in circles reading the same stuff that i still dont really understand, isnt going to help – I am not blaming you or your product, but its not good to me if i cant get it work or learn to work it? you see my point?
AITpro AdminKeymaster@ tonyw – I sent you an email so we can continue working on whatever the problem is directly via email.
Douglas42Participant[Topic has been merged into this relevant Topic]
Hello BPS team,First of all, I’ve been using BPS for a year now. Great plugin, thank you for your work!
Here’s my problem:
I noticed that the plugins directory’s .htaccess file (/wp-content/plugins) contained the following rule:# FORBID REMOTE ACCESS TO THESE PLUGIN FILE TYPES FROM ANYONE EXCEPT YOU RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$ [NC] # BEGIN PUBLIC IP RewriteCond %{REMOTE_ADDR} !^<IP ADDRESS>$ # END PUBLIC IP RewriteRule ^(.*)$ - [F]
I didn’t add this rule. And it was preventing javascript plugins from working properly in frontoffice.
Is it a default rule added at each BPS Pro installation?
Does a BPS Pro component automaticly add rules to htaccess files? In which case?Thank you.
AITpro AdminKeymaster@ Douglas42 – That Plugin Firewall htaccess code is just part of the standard htaccess file. Plugin Firewall AutoPilot Mode automatically creates whitelist rules for js and other frontloading files on your website. Which version of BPS Pro do you have installed? Do you have Plugin Firewall AutoPilot Mode turned On?
PaulParticipantOn fresh install new site i keep getting /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=12.5 as error in Security Log and losing all formatting on admin side
AITpro AdminKeymaster@ Paul – See the “Troubleshooting: Reset|Clear The Plugin Firewall (fixes most if not all Plugin Firewall issues/problems)” help section at the beginning of this forum topic.
PaulParticipanthave tried this, but still get /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js and lose all formatting om admin page
AITpro AdminKeymaster@ Paul – Try reinstalling WordPress > Dashboard menu > Updates > Re-Install Now button. Try manually reinstalling BPS Pro 12.5 (if you have an old version of BPS Pro installed then that could be the problem): https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/ Other things that break the Plugin Firewall: https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/page/3/#post-30933 If none of these things work then probably something else you have installed is breaking the Plugin Firewall. If you want me to figure out the problem then send me a WordPress Administrator login to this website to: info at ait-pro dot com.
AlexParticipant[Topic has been merged into this relevant Topic]
Hi, i am getting similar issues with 403 errors on sites where i am trying to run plugins with bulletproof installed.I am getting errors such as this: 403 error on these resources: http://80.244.187.39/~comdronic/
http://80.244.187.39/~comdronic/wp-content/plugins/sharify/sharify-style.php http://80.244.187.39/~comdronic/wp-content/plugins/snazzy-maps/snazzymaps.js?ver=1.1.2 http://80.244.187.39/~comdronic/wp-content/plugins/mapifypro-master/assets/js/jquery.touchSwipe.min.js?ver=4.7
And on this site: http://80.244.187.39/~hydracareco/
It will not allow the carousel to run (on some about 50% of browsers) i have tried to disable bulletproof plugin but it still doesnt work because i think it leaves htaccess in place?. If i check on a proxy it is still blocking some js files from loading. I have also tried disabling mod security and firewall on server in case it was that.
I have spoken to the host and divi theme developers and they seem to think it is related to BPS.
Kind regards
-
AuthorPosts
- You must be logged in to reply to this topic.