WooCommerce – multiple users logging in

Home Forums BulletProof Security Pro WooCommerce – multiple users logging in

Tagged: 

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • August 14, 2014 at 5:21 am #16797
    Chris Casalena
    Participant

    We have an e-commerce (Woocommerce) website with about 20 different shop managers around the country who each at any time have access to the shop backend to be able to ‘redeem’ couchers / coupons. There are quite a few plugins on this site as well. I want to add BPPro to the site but really worried about conflicts and shop managers not being able to login / have to send new login details / training for each etc. Can you advise how best to do this?

    August 14, 2014 at 6:43 am #16805
    AITpro Admin
    Keymaster

    Disregard: This topic is no longer valid. Several things in WooCommerce have changed.
    See this new Topic regarding WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/

    BPS Pro and WooCommerce work fine together.  What User Roles do the shop managers have?  Administrator, Editor, Author, Contributor, Subscriber or a Custom Role?

    Every security feature in BPS Pro can be turned on or off for troubleshooting.  The BPS Pro Security Log logs anything legitimate that is being blocked so that a whitelist rule can be created for whatever that might be.

    http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    August 14, 2014 at 6:54 am #16806
    Chris Casalena
    Participant

    shop managers – I’m going to have to read up on how to ‘white list’ – what happens when customers purchase good and have to sign up/in – will it block them? Also the payment gateway returns to the website to ‘release’ vouchers after payment – would that also bee seen by this program as a potential hack and be quarantined? – then manually deactivated? sounds like a lot of input from us to keep this going

    August 14, 2014 at 7:12 am #16808
    AITpro Admin
    Keymaster

    Disregard: This topic is no longer valid. Several things in WooCommerce have changed.
    See this new Topic regarding WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/

    The only BPS Pro security feature that will cause any sort of issues/problems with all of the WooCommerce things you have mentioned would be the BPS Pro Plugin Firewall.  It can be turned On or Off with one click.  If this is a Live Production site and you do not want to risk the possibility of any issues/conflicts or problems then turn the Plugin Firewall off.  What I recommend is that you clone / duplicate this site so that you have an exact copy of this site for Development testing so that you can test things on that Development site before using them on the Live Production site.  Or of course you can just turn the Plugin Firewall off and not use it on this particular site.

    In general, WooCommerce and BPS Pro work fine together as long as all the Plugin Firewall whitelist rules for WooCommerce have been added to the Plugin Firewall.  Depending on the User Roles of the shop managers there are additional Plugin Firewall whitelisting tools to whitelist by User Role, but most likely you would not need to use them for the scenario you are describing.  If there is a problem it will be logged in the BPS Pro Security Log and a whitelist rule can be created based on what is being blocked.  The Plugin Firewall can be turned on or off with one click.

    August 14, 2014 at 7:18 am #16809
    Chris Casalena
    Participant

    much appreciate this kind of advice & support – a test site is an excellent way to test all this

    cheers,

    November 12, 2019 at 10:05 pm #38193
    Alex Laxton
    Participant

    More helpful!! because multiple users can be more helpful for multiple purposes and everyone can solve the issue if anyone has.

    October 22, 2024 at 6:00 pm #44261
    Powred
    Participant

    Hi,

    I’m having an issue with using LearnDash to provide online courses combined with WooCommerce to accept the payments and as an account area where students can access their purchased courses.

    When logged in as an administrator then everything works fine. However, when logged out and testing as a customer who buys and then tries to access their course, they can login to their account, but every time they click on a menu option inside of their WooCommerce “My Account” area they are immediately logged out and have to sign in again. Disabling BPS solves the problem.

    I have tried adding some plugin skip/bypass rules but they don’t seem to work. Security log file is also empty, so I don’t know what is triggering it. Any idea what in the htaccess file is causing this behavior for those with a user role of  “Customer” or “subscriber”?

    Thank you

     

    October 22, 2024 at 8:51 pm #44262
    AITpro Admin
    Keymaster

    @ Powred – That could be a problem with the BPS Pro Plugin Firewall. Try deactivating the BPS Pro Plugin Firewall feature and test things.

    October 22, 2024 at 11:28 pm #44263
    Powred
    Participant

    I’m using free version of BPS.

    October 23, 2024 at 5:00 am #44265
    AITpro Admin
    Keymaster

    Oh then maybe this is a caching problem with a caching plugin.  Try clearing your caching plugin cache and browser cache.  Another possibility since the Security Log file is empty is that you have another security plugin installed that creates a /wp-content/.htaccess file that blocks PHP file execution, which is breaking things.  Or maybe you have added custom htaccess code that blocks by IP addresses?

    October 23, 2024 at 5:07 am #44266
    AITpro Admin
    Keymaster

    I guess it’s possible that something in the wp-admin htaccess file is causing this problem, but not likely.  Try deactivating the wp-admin BulletProof Mode.

    October 23, 2024 at 5:20 am #44267
    Powred
    Participant

    Thank you for your quick response. I’m not using a caching plugin yet as the site is still in development. No other security plugin is installed as I rely solely on BPS. No custom htaccess code has been added other than the regular custom code that BPS has on install eg TimThumb, Query String Exploits etc.

    Deactivating the wp-admin Bulletproof mode has no effect either.

    Is it possible to whitelist the WooCommerce “My account” area or the endpoints:

    mysite.com/my-account/

    mysite.com/my-account/my-courses/

    mysite.com/my-account/orders/

    mysite.com/my-account/edit-account/

    mysite.com/my-account/edit-address/

    I see BPS has this rule in skip/bypass rules, so can WooCommerce account area be added to it?

    # WooCommerce shop, cart, checkout & wishlist URI skip/bypass rule
    RewriteCond %{REQUEST_URI} ^.*/(shop|cart|checkout|wishlist).* [NC]
    RewriteRule . – [S=16]

    Thanks

     

    October 23, 2024 at 5:31 am #44268
    AITpro Admin
    Keymaster

    It’s possible then that how the site is being staged/development is causing the problem.  Try adding an additional whitelist rule instead of editing the default WooCommerce whitelist rule.

    Copy this skip/bypass rule above the WooCommerce whitelist rule.
    Click Save Root Custom Code.
    Run the Setup Wizard

    # my-account URI skip/bypass rule
RewriteCond %{REQUEST_URI} ^.*/(my-account).* [NC]
RewriteRule . – [S=17]
    October 23, 2024 at 6:30 am #44270
    Powred
    Participant

    The additional skip/bypass rue has worked. I can now navigate around the logged in account as a customer. Thank you so much for your help with this.

  • Author
    Posts
Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.