Plugin Firewall Help Info

[AITpro Admin]

Nope, js minification will ALWAYS break the BPS Pro Plugin Firewall.  There are no exceptions to that > https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/.  CSS and HTML minification can speed up a very poorly built theme/site that is not optimized.  You really never want to use js minification because it is going to cause problems and not really improve website performance significantly.  If you have a well built theme/site that is optimized for performance then minification will not improve website performance at all.  Ideally you want to optimize your site/theme the right way instead of using minification, which is an “after the fact” band-aid.  ie go through your theme code and optimize it for performance, which is a pain in the neck since when you upgrade a theme you will have to redo all of your optimizations, unless of course you are using a very well built theme that is focused on performance vs offering lots of unnecessary features (bells and whistles), etc. , which will definitely decrease website performance.

UI|UX Debug is only used to check for plugins and themes that are loading their scripts in BPS Pro plugin pages and breaking things functionally and visually in the BPS Pro plugin.

So the answer/solution is simple > Do not use js minification or deactivate the BPS Pro Plugin Firewall.

[Tina Dubinsky]

okay

[Tina Dubinsky]

As previously mentioned, I had tried using BPS with the JS function off, but I’ve now fully deactivated the plugin that optimized the js scripts.

I previously mentioned that with the js function off, BPS Pro Plugin Firewall Whitelist still wasn’t working,.

So, I went ahead and uninstalled and reinstalled BPS PRO.  Setup options are set to Autofix with cURL scanner on.

After the first (re)install it whiltelisted only two plugins.

I’ve since used the Test mode which I think may have added a handful more. And I’ve activated autopilot mode. But now the “BPS Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) Notice” is constantly on. And when I run the wizard, nothing extra is being added. However, the security log is capturing a number of plugins that need to be added but are not being automatically added.

I’m also getting REQUEST_URI: /?wc-ajax=get_refreshed_fragments  showing up in my logs, but the custom code to stop this from showing is in the custom htaccess… and the ARQ now seems to have turned off on me after I used the last Wizard Setup.

I didn’t really find your last post to be helpful since the information on Plugin firewall includes how to use a minify plugin with BPS Pro.

“Notes:
If you are using a Minify plugin then you will not see any Security Log entries due to the general way that a minifying plugin works. Most if not all Minify plugins allow you to exclude plugin scripts from being minified. You will need to create exclude rules in your Minify plugin for whatever plugin scripts cannot be minified in order for them to be whitelisted successfully in the Plugin Firewall.”

I know I wasn’t using the minify plugin correctly. But I’m guessing the advice above in notes is now not relevant?

I’m not a coder, I rely on easy to understand documentation, plugins and themes that work along with helpful support. That’s why I originally purchased BPS Pro and paid for a Premium WordPress Plugin that markets itself as lightweight.

Cheers

-Tina

[AITpro Admin]

Ok at this point send me an Admin login to this site so I can figure out what is going on:  info at ait-pro dot com

[pdlc]

HI,

site WPress + WooCommerce  up to date.

Problem with the plugins firewall htaccess  :

The BPS Pro Hidden Plugin Folders|Files (HPF) Cron has detected hacker code in the plugins firewall htaccess file. I delete the hacker code and activate the setupwizard, but the hacker  code come back again and again.

what to do?

Thanks for your help,

Monica

[AITpro Admin]

Most likely the Plugin Firewall .htaccess file does not contain hacker code and instead has been modified/altered in a way that BPS does not recognize it as a legitimate BPS Plugin Firewall .htaccess file.

Go to the Htaccess File Options page > htaccess File Editor tab page > click the Plugin htaccess tab and copy and paste your Plugin Firewall htaccess code in your forum reply.

[pdlc]

below : part of the hacker code, I’ve hidden the ip

��������������������������������������������������������������������������161.47$
# END PUBLIC IP
# BEGIN ADDITIONAL ROLES IP
RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.122$
RewriteCond %{REMOTE_ADDR} !^xxx.xxx.xxx.208$
RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.122$
RewriteCond %{REMOTE_ADDR} !^xxx.xxx.xxx.47$
# END ADDITIONAL ROLES IP
# BEGIN ADDITIONAL ROLES IP
RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.122$
# END ADDITIONAL ROLES IP
# BEGIN ADDITIONAL ROLES IP
RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.122$
# END ADDITIONAL ROLES IP
# BEGIN ADDITIONAL ROLES IP
RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.122$
# END ADDITIONAL ROLES IP
# BEGIN ADDITIONAL ROLES IP
RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.122$
# END ADDITIONAL ROLES IP
RewriteRule ^(.*)$ - [F]

[AITpro Admin]

That does not look like hacker code to me. It instead looks like hidden formatting characters in the .htaccess file. Send me a WordPress Admin login to this website if deactivating and activating the Plugin Firewall does not fix the problem. email: info@ait-pro.com

[Author]

Posts