Random General Questions

Home Forums BulletProof Security Pro Random General Questions

Viewing 15 posts - 211 through 225 (of 349 total)
  • Author
    Posts
  • #27756
    jenni101
    Participant

    Hi again,

    Just to confirm that although I added in some other required plugin firewall whitelist rules, I DID also need to allow the HEAD requests for this functionality to work.  So my Q is: By allowing the HEAD requests, does this cause a security vulnerability? And if so can I specify the code to only allow it for the sitemaps files?

    Cheers, j

    #27757
    armintz
    Participant

    @ AITpro Admin I sent WP login and FTP at 6:02pm PST. Your reply makes me think you may not have received it, so I’ll send again just incase. Thanks

    #27759
    AITpro Admin
    Keymaster

    @ armintz – We were apparently having host mail server problems yesterday and your email was not received by us.  Sorry about that.  Will be logging in shortly.

    #27760
    AITpro Admin
    Keymaster

    @ jenni101 – The HEAD Request filter is a nuisance filter to block nuisance bots and not a security filter so zero security risk by allowing all HEAD Requests.  So no need to customize the code for specific things and allowing all HEAD Requests is fine/safe to do.

    #27797
    jenni101
    Participant

    @ ait-pro – thanks. Just double checked it again and the ZenCache Pro HAS to have the HEAD Request allowed to avoid this 405 error. Might be useful info for others 😉

    #27985
    Paul
    Participant

    Running a “seo” test on my site i get “Your site’s IP xxx.xxx.xxx.xxx does not redirect to your site’s domain name. This could cause duplicate content problems if a search engine indexes your site under both its IP and domain name. even though i use <link rel=”canonical”

    It then suggests i add

    RewriteCond %{HTTP_HOST} ^XXX\.XXX\.XXX\.XXX
    RewriteRule (.*) http://www.yourdomain.com/$1 [R=301,L]

    Is this something i should do if my site is accessible by both ip (dedicated IP) and URL address?

    #27987
    AITpro Admin
    Keymaster

    @ Paul – That does not make any sense to me.  Your domain name is your Server IP address for that domain.  They are the same thing. But consider this scenario:   You have 5 websites on a host server with IP address:  173.200.90.1 is the ip address for all of your domains.  So If you try to redirect by server IP address then something is going to get messed up.  Advice:  Ignore that fubar message from the SEO plugin.

    #28000
    Paul
    Participant

    Hi, yes but i have a dedicated ip, so if i type in the ip address i can reach my website just as if typing in the url.

    #28001
    Jose
    Participant

    Hi,
    I tried to save the new htaccess file changes in 11.6 but I forgot first to create .secure access. I tried to solve it, first saving again the new code, but the website shows now a 500 server error. bulletproof-security/admin/xternal/xternal.php is not available. What can I do to solve it?

    Thanks

    #28003
    AITpro Admin
    Keymaster

    @ Paul – ok then you want to follow the steps in this forum topic link below to add your code to BPS Custom Code:  http://forum.ait-pro.com/forums/topic/htaccess-redirect-www-to-non-www-htaccess-redirect-non-www-to-www/#post-1723

    # WP REWRITE LOOP START
    # Rewrite dedicated server IP to www domain
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} ^xxx\.xxx\.xxx\.xxx$ [NC]
    RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
    RewriteRule ^index\.php$ - [L]
    #28005
    Jose
    Participant

    Ok; it was resolved deleting both .htaccess files. Sorry for the inconveniences.

    #28006
    AITpro Admin
    Keymaster

    @ Jose – BPS upgrades automatically change/update htaccess code if needed.  So you do not need to do any additional steps when upgrading BPS.  Use FTP or your web host control panel file manager, download your BPS root .htaccess file and email it to me:  info at ait-pro dot com and then delete it from your website.  If you are able to login, your site is not showing a 500 error then go to Custom Code, Export your Custom Code, click the Custom Code Delete button, go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    #28033
    Krzysztof
    Participant

    [Topic has been merged into this relevant Topic]
    Hello,
    I have uploaded a file via my ftp and got a php error:

    [01-Feb-2016 15:05:07 UTC] PHP Warning: copy(/xxxx/wp-content/themes/InfoLotnicze_3/view/footer.php): failed to open stream: Permission denied in /xxxxxwp-content/plugins/bulletproof-security/includes/arq-cron.php on line 1528
    #28036
    AITpro Admin
    Keymaster

    Do the standard AutoRestore|Quarantine Manual File Editing/Uploading Correct Usage steps: http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps

    #28076
    Hannah
    Participant

    I would like to know your opinion of the new SSL certificates created by Let’s Encrypt.  I’ve been following their progress and now see that they are available on several hosts, but I wonder if you feel they are a good deal, or if paying for another type is the better call. Thanks for your expertise!

Viewing 15 posts - 211 through 225 (of 349 total)
  • You must be logged in to reply to this topic.