Home › Forums › BulletProof Security Free › Random General Questions
- This topic has 41 replies, 14 voices, and was last updated 2 months, 3 weeks ago by sophiya.
-
AuthorPosts
-
Dawn KruegerParticipant
Please help! I’m a designer, not a coder and this is my first experience with WordPress. My site was getting tons of failed login attempts so I downloaded your plugin. Now I’m getting errors and I don’t understand your instructions. I activated everything, refreshed my screen and I am still getting the error:
An htaccess file was NOT found in your wp-admin folder.
The General BulletProof Security File Checks on the Security Status page says:
√ /home/content/p3pnexwpnas04_data03/45/2265345/html/.htaccess File Found
/home/content/p3pnexwpnas04_data03/45/2265345/html/wp-admin/.htaccess File NOT Found
√ /home/content/p3pnexwpnas04_data03/45/2265345/html/wp-content/plugins/bulletproof-security/admin/htaccess/default.htaccess File Found
√ /home/content/p3pnexwpnas04_data03/45/2265345/html/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess File Found
√ /home/content/p3pnexwpnas04_data03/45/2265345/html/wp-content/plugins/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess File Found
√ /home/content/p3pnexwpnas04_data03/45/2265345/html/wp-content/plugins/bulletproof-security/admin/htaccess/bps-maintenance.php File Found
√ /home/content/p3pnexwpnas04_data03/45/2265345/html/wp-content/plugins/bulletproof-security/admin/htaccess/bps-maintenance-values.php File Found
/home/content/p3pnexwpnas04_data03/45/2265345/html/wp-content/bps-backup/master-backups/root.htaccess File NOT Found
/home/content/p3pnexwpnas04_data03/45/2265345/html/wp-content/bps-backup/master-backups/wpadmin.htaccess File NOT FoundPlease help! I’m afraid to log out that I might not be able to get back in.
THANKS!
DawnAITpro AdminKeymasterThis website is hosted on Go Daddy: newskywebsites.com. Is this the website you are talking about? Do you have a Go Daddy Managed WordPress Hosting account?
Dawn KruegerParticipantYes. I have GoDaddy WP Managed Hosting…
AITpro AdminKeymasterOk do these steps:
http://forum.ait-pro.com/forums/topic/gdmw/
The BPS plugin has a Setup Wizard option for Go Daddy “Managed WordPress” hosting. If you have Go Daddy “Managed WordPress” hosting, which is special type of hosting account and is not a regular/standard Go Daddy hosting account, then select Yes for this option. The Go Daddy Managed WordPress option is an independent option meaning that you do not need to run the Setup Wizard again after selecting Yes and saving this option, but you can of course run the Wizards again at any time. The BPS free plugin also has a “Enable|Disable wp-admin BulletProof Mode” option on the Setup Wizard Options page for Go Daddy “Managed WordPress” hosting.
Next…
Go to the htaccess Core > Security Modes page
Click the Backup htaccess Files buttonDawn KruegerParticipantOh Lord, you might as well be speaking Greek to me, but I’ll try to follow these directions. Thanks!
Dawn KruegerParticipantOh my goodness! That seems to have worked! The error message went away! So is that all I need to do then? How do I finish from here?
I’m getting tons of failed login attempts by hackers trying to get into my site, so that’s why I’m doing this. Please tell me how to finish this up, how I login going forward and if I should install Brute Force Login Protection.
Thanks!
DawnAITpro AdminKeymasterVery simple to do so you should not have any difficulty. You are basically just selecting options and clicking buttons. Also take a look at the link I posted above to see what in BPS is and is not restricted on Go Daddy Managed WordPress hosting.
For Go Daddy Managed WordPress hosting accounts they come with the Limit Login Attempts plugin installed by default. You will have to use that plugin instead of BPS Login Security since Go Daddy Managed WordPress hosting accounts override BPS Login Security.
What I recommend is that you contact Go Daddy Managed WordPress hosting support and ask them to help you configure the Limit Login Attempts plugin to the settings that you want since BPS Login Security is overriden/is not allowed on Go Daddy Managed WordPress hosting account types. I believe since Limit Login Attempts is hard coded into Go Daddy Managed WordPress hosting account types then the same would apply to any other Login Security plugin that you installed. So contact Go Daddy and then can assist you to get Limit Login Attempts setup the way you want it setup with the settings you want.
Login Security & Monitoring
Issue/Impact: Login Security & Monitoring: Limit Login Attempts is installed by default on GDMW hosting and is not installed as a plugin that can be deactivated. By default the Limit Login Attempts plugin overrides the BPS Login Security feature. Since Limit Login Attempts is already protecting the login page with Login Security protection then there is no downside/negative impact. The BPS Logging Options: “Log All Account Logins” option still logs all logins normally, but login security is handled by Limit Login Attempts.
Solution: Select the BPS Logging Options: “Log All Account Logins” option if you would like to log all logins to your website or turn off BPS Login Security.Dawn KruegerParticipantSo help me understand – are you saying I really don’t need BPS since I have GoDaddy WP Managed Hosting? I already have limited login attempts and lockouts. But I’m getting hit like crazy which is making me nervous. I thought BPS might further reduce those hits or further secure the site… ?
AITpro AdminKeymasterBPS adds additional security measures that do not come with Go Daddy Managed WordPress hosting. So your website would be more secure using BPS vs not using BPS. Most likely the Go Daddy Managed WordPress hosting built-in and customized Limit Login Attempts plugin/code is working fine, but you would need to contact Go Daddy support if you have questions about this since this is something specific to Go Daddy Managed WordPress hosting and not something that we provide or support. Basically you would get exact specific answers from Go Daddy since this is their product/service and we can only give you general help based on our experience with our brief 30 day testing period with a Go Daddy Managed WordPress hosting account. Limit Login Attempts overrides BPS Login Security. What that means is BPS Login Security is cancelled out by Limit Login Attempts.
Go Daddy Managed WordPress hosting is a special type of hosting account. The key word to focus on is “managed”. Basically Go Daddy is providing a hosting account type that is different than a standard hosting account type where they have added additional custom security measures that make this special hosting account type more secure, but that also means that there are some restrictions and limitations with this type of special hosting account.
There are some minor restrictions/limitations that come with this special type of hosting account, but that is because this type of hosting account is in a “managed” environment. If you were wondering what “managed” means it means the hosting environment is managed and not that your individual website is managed.
http://support.godaddy.com/help/article/8943/managed-wordpress-file-editing-limitations
Managed WordPress File-Editing Limitations
Hackers love exploiting and defacing WordPress sites, which makes security a priority for everyone using WordPress. To help make Managed WordPress accounts as hack-proof as possible, we impose strict, security-oriented limitations on which files are editable.This feature means you can only edit the following directories and files on Managed WordPress accounts:
/wp-content
wp-config.php
.htaccess
favicon.ico
You can also edit any directories or files you upload yourself, such as a php.ini file.JamesParticipant[Topic has been merged into this general Topic]
I follow the steps and it says that my htaccess is protected. However, when I refresh the page I get the warning at the top of the page and my htaccess file is back to 404 and I can’t write anything. I’m using Bluehost as a host, and I really need to get this working after having so many hack attempts. Frustrating!
AITpro AdminKeymaster@ James – List the exact steps that you are doing. ie I click on X and Y happens and then refreshing the page causes Z to happen. I do not understand this part of the question: “…my htaccess file is back to 404 and I can’t write anything”. Probably listing the exact steps that you are doing will make this more clear.
JamesParticipant- Existing .htaccess folder in place. Permissions are 644
- Press “Activate Root Folder BulletProof Mode ”
- Press “Activate wp-admin Folder BulletProof Mode ”
- Security status still reads red “ERROR: Either a BPS htaccess file was NOT found in your root folder or you have not activated BulletProof Mode for your Root folder yet, or the version of the BPS htaccess file that you are using is not the most current version or the BPS QUERY STRING EXPLOITS code does not exist in your root htaccess file. Please view the Read Me Help button above. wp-config.php is NOT htaccess protected by BPS”
- Htaccess file resets to 444 status.
File Open and Write test successful! The secure.htaccess Master file is writable.
File Open and Write test successful! The default.htaccess Master file is writable.
File Open and Write test successful! The wpadmin-secure.htaccess Master file is writable.
Your root .htaccess file is Locked with Read Only Permissions.
Use the Lock and Unlock buttons below to Lock or Unlock your root .htaccess file for editing.
File Open and Write test successful! Your currently active wp-admin .htaccess file is writable.AITpro AdminKeymasterAre you selecting a [obsolete-removed] and then clicking the Activate button?
If you do not want your Root htaccess file automatically locked then click the Turn Off AutoLock button on the htaccess File Editor tab page. If your root htaccess file is currently locked then click the Unlock htaccess File button on the htaccess File Editor tab page.
A BPS Setup Video Tutorial has been created on YouTube: https://www.youtube.com/watch?v=AZmwDV1_YYk
JamesParticipantAutolock is already set to off, but it still reverts to 444 permissions.
AITpro AdminKeymasterOh ok I missed that you meant 444 file permissions and not 404. BPS only locks the root .htaccess file with 404 file permissions so something else is locking the root htaccess file with 444 file permissions. Some hosts automatically lock the root htaccess file with either 444 or 404 file permissions so if you try to change the permissions the server will automatically change the file permissions to whatever they require. You should probably check with your web host to see if that is what is occurring.
-
AuthorPosts
- You must be logged in to reply to this topic.