Plugin Firewall Help Info

[AITpro Admin]

@ Alex – It appears that these sites are under development since you are using a typical development IP address and tilde identifier in place of the final completed Live production domain name/URL.  Deactivate/turn Off the Plugin Firewall while your site’s are under development.  When your sites go Live you can activate the Plugin Firewall again.  Also you mentioned a Proxy.  If you are using a Proxy then go to the beginning of this forum topic and read the Proxy|VPN help info under this help section:  Fix all general Plugin Firewall issues/problems and Proxy server configuration mistakes:

For future reference:  BPS Pro troubleshooting steps are here:  https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting.  Additionally the BPS Security Log as a primary BPS troubleshooting tool:  https://forum.ait-pro.com/video-tutorials/#security-log-firewall

[Bill Ko]

[Topic has been merged into this relevant Topic]
Is there a way to scan and whitelist all current plugins?  No matter what I do, having the Plugin Firewall BulletProof Mode (PFW) activated breaks my site… turning it off, everything runs great.  I’ve tried clearing the whitelist and setting the the autopilot mode to 1 min, but still does not resolve the problems.  Please kindly advise.  Is having the PFW off completely still keep the site secure?

[AITpro Admin]

@ Bill Ko – Do you have the most current version of BPS Pro installed – BPS Pro 12.6?  The BPS Pro Plugin Firewall is a very important security feature since it protects all of your plugin files from being accessed publicly/externally.  Scanning is no longer needed since Plugin Firewall AutoPilot Mode will automatically find all plugin scripts that need to be whitelisted and has self-fixing capability if old or invalid whitelist rules are found.

Common things that can interfere with/break the Plugin Firewall are: Proxy servers/configuration mistakes and/or minification of js scripts using a minification plugin or plugin feature.  Do you have a Proxy server?  Are you using a VPN/Proxy Browser?  Post a link to your website or you can send your website URL to:  info at ait-pro dot com.  I will take a look at the frontend of your website for any clues to the cause of the problem.

[Jack Wilson]

[We do allow spam/spam links as long as they are relevant to: website security, WordPress or WordPress Plugins or Themes. Your spam comments and spam link have been deleted since they are not relevant to any of these things]

[Hannah]

[Topic has been moved to this relevant Topic]
I’m having a little trouble on one site with BPS Pro. I’m running BPS Pro v. 13.2 and WordPress (4.8.1), the theme and all plugins are up to date. For some reason it seems like BPS is blocking itself, or parts of itself – at least that is what the security log appears to indicate. The only way to keep the site running normally is to deactivate the PFW, and I can’t find anything wrong with the htaccess file.. Removing the custom code and several other troubleshooting measures recommended here don’t make a difference in the site’s behavior. Here are the the security log entries from working with the site last week. I”ve been told previously that I should NOT whitelist BPS Pro, so I’m not sure what to do.:

[403 GET Request: August 3, 2017 - 9:46 am]
BPS Pro: 13.2
WP: 4.8.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 108.162.245.200
Host Name: 108.162.245.200
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 2600:6c55:7a00:1aa9:9fa:7ce5:67a6:f78a
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://joan's site.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=13.2
QUERY_STRING: ver=13.2
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0

[403 GET Request: August 3, 2017 - 9:46 am]
BPS Pro: 13.2
WP: 4.8.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 108.162.245.248
Host Name: 108.162.245.248
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 2600:6c55:7a00:1aa9:9fa:7ce5:67a6:f78a
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://joan's site.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=13.2
QUERY_STRING: ver=13.2
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0

[403 GET Request: August 3, 2017 - 9:46 am]
BPS Pro: 13.2
WP: 4.8.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 108.162.246.141
Host Name: 108.162.246.141
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 2600:6c55:7a00:1aa9:9fa:7ce5:67a6:f78a
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://joan's site.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-accordion.js?ver=13.2
QUERY_STRING: ver=13.2
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0

Please advise…and thank you!

[AITpro Admin]

@ Hannah – It appears that either Cloudflare or something else on this site is breaking the BPS Pro Plugin Firewall.  Try these steps below.  If they do not work then send me a WordPress Administrator login to this site:  info at ait-pro dot com.

Fix all general Plugin Firewall issues/problems and Proxy server configuration mistakes:
Note this fix also applies to using a VPN|Proxy when you are logged into your website.
Additional steps to fix both general Plugin Firewall issues/problems and to compensate for an additional Proxy server configuration mistake (whitelist the Proxy IP Address). Note: This only applies to Proxy server issues/problems. Use the steps above unless specifically instructed to use these steps below to fix/whitelist a Proxy server IP address problem.

1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
2. Go to the Plugin Firewall page.
3. Click the Plugin Firewall Additional Whitelist Tools accordion tab.
4. Enter Proxy server IP address: xxx.xxx.xxx.xxx in the Whitelist by Hostname (domain name) and IP Address text box.
5. Click the Save Hostname and IP Address Rules button.
6. Click the Plugin Firewall BulletProof Mode Deactivate button.
7. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
8. Click the Save Whitelist Options button.
9. Click the Plugin Firewall Test Mode button.
10. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
11. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
12. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
13. Click the Plugin Firewall Activate button.

[Hannah]

Hi there, just wanted to post an update on this site and its situation. The procedure you gave me to do works, but it “comes undone” every so often and has to be redone. Should I send you admin login credentials so you can check it out, or might you have some other advise for me to follow? Thank you so much.

[AITpro Admin]

@ Hannah – Intermittent problems or problems that start happening all of a sudden are typically going to be related to things like: php memory/cache/caching plugins/CDN’s/VPN’s/Proxy’s/Load Balancers/Host server problems (new security measures added on Host server (Mod Security, etc.), DNS server/DNS configuration problem, MySQL server timeout, server overloaded, etc.), /Browser problems (corrupt cache, Sessions, Cookies, add-on, extension)/ISP (connectivity)/CloudFlare, Incapsula, etc.

If the problem is currently occurring then send me a login to this website.  If the problem is not currently occurring then do not send me a login to this website and instead send me a login to this website when the problem occurs again.

[David Luiz]

[We do allow spam/spam links as long as they are relevant to: website security, WordPress or WordPress Plugins or Themes. Your spam comments and spam link have been deleted since they are not relevant to any of these things]

[Paul]

My auto restore keeps quranteening the robots.txt even though it is backed up and correct

[AITpro Admin]

@ Paul – Create an AutoRestore single file exclude rule for your robots.txt file > http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules

[Paul]

Thanks think that has done the job, why would it think robots.txt has changed, even if i ftp it shows as being modified but it hasn’t

[Paul]

Actually still saying it has quarantined the file but if I ftp it is still there added this to be excluded /home/xxxx/public_html/robots.txt should it be under the non wordpress or wordpress files? maybe that is why

[AITpro Admin]

@ Paul – The single file exclude rule tool on the AutoRestore > Add|Exclude Other Folders & Files> Exclude Folders & Files option setting > Exclude an Individual File > allows you to create an exclude rule for individual files.  The other wp-content tool on the > Exclude wp-content Folders tab page is just for excluding folders under the WordPress wp-content folder.

[Tina Dubinsky]

Hi,

I noticed the other night when trying to solve my other issue re Gutenberg, that all my whitelist rules had disappeared for the same website. I’ve been trying to get them to reappear or stick since and have followed the above troubleshooting steps.

So PFW status is currently set to Autopilot 15 min. After trying the Tester I now have a list of plugins to add from the Security Log alert. The tester did not add anything, so I manually added one (/autoptimize/classes/static/toolbar.js) and activated the plugins list.

I then went to the set up wizard.

Did the preinstallation. Saw that the the rule I had manually added was there in the list for whitelisting. (I have cURL Scans turned off as it seems to overload the server most times.)

Plugin Firewall Whitelist Rules Created or Updated Successfully: /autoptimize/classes/static/toolbar.js

Everything else was okay so I ran the Set up:

Plugin Firewall Whitelist Rules created or updated – no whitelist rules were found.

And I have a blank plugin file folder again.

I do use Optimize which minifies javascript. Although I have used it in the past and its been fine, I also redid the troubleshooting steps and unticked this option but I still get the same issue.

I have five other websites with similar configurations, but it’s just this one that I’m having issues with regarding the plugin rules not staying when I rune the Wizard.  All but one of the other sites use the same theme  and work fine with Autoptimize set to optimize javascript code (with exceptions seal.js, js/jquery/jquery.js, jquery.js). So I don’t think this is an issue?

The problem with this affected site seemed to have started about the time I deactivated and uninstalled Guttenberg (as I found out a premium plugin for my theme was not yet compatible). I did not try installing or testing Guttenberg on the others.

I tried using the debug method but I don’t think that provides anything useful? (see below).

Please help, I’m a bit lost as to what to do now.

[UI|UX Debug info deleted since it is not relevant to the issue/problem]

[Author]

Posts