Home › Forums › BulletProof Security Pro › Random General Questions
- This topic has 349 replies, 35 voices, and was last updated 1 year, 2 months ago by EmilianoJoel.
-
AuthorPosts
-
jenni101Participant
Hi again,
Just to confirm that although I added in some other required plugin firewall whitelist rules, I DID also need to allow the HEAD requests for this functionality to work. So my Q is: By allowing the HEAD requests, does this cause a security vulnerability? And if so can I specify the code to only allow it for the sitemaps files?
Cheers, j
armintzParticipant@ AITpro Admin I sent WP login and FTP at 6:02pm PST. Your reply makes me think you may not have received it, so I’ll send again just incase. Thanks
AITpro AdminKeymaster@ armintz – We were apparently having host mail server problems yesterday and your email was not received by us. Sorry about that. Will be logging in shortly.
AITpro AdminKeymaster@ jenni101 – The HEAD Request filter is a nuisance filter to block nuisance bots and not a security filter so zero security risk by allowing all HEAD Requests. So no need to customize the code for specific things and allowing all HEAD Requests is fine/safe to do.
jenni101Participant@ ait-pro – thanks. Just double checked it again and the ZenCache Pro HAS to have the HEAD Request allowed to avoid this 405 error. Might be useful info for others 😉
PaulParticipantRunning a “seo” test on my site i get “Your site’s IP xxx.xxx.xxx.xxx does not redirect to your site’s domain name. This could cause duplicate content problems if a search engine indexes your site under both its IP and domain name. even though i use <link rel=”canonical”
It then suggests i add
RewriteCond %{HTTP_HOST} ^XXX\.XXX\.XXX\.XXX RewriteRule (.*) http://www.yourdomain.com/$1 [R=301,L]
Is this something i should do if my site is accessible by both ip (dedicated IP) and URL address?
AITpro AdminKeymaster@ Paul – That does not make any sense to me. Your domain name is your Server IP address for that domain. They are the same thing. But consider this scenario: You have 5 websites on a host server with IP address: 173.200.90.1 is the ip address for all of your domains. So If you try to redirect by server IP address then something is going to get messed up. Advice: Ignore that fubar message from the SEO plugin.
PaulParticipantHi, yes but i have a dedicated ip, so if i type in the ip address i can reach my website just as if typing in the url.
JoseParticipantHi,
I tried to save the new htaccess file changes in 11.6 but I forgot first to create .secure access. I tried to solve it, first saving again the new code, but the website shows now a 500 server error. bulletproof-security/admin/xternal/xternal.php is not available. What can I do to solve it?Thanks
AITpro AdminKeymaster@ Paul – ok then you want to follow the steps in this forum topic link below to add your code to BPS Custom Code: http://forum.ait-pro.com/forums/topic/htaccess-redirect-www-to-non-www-htaccess-redirect-non-www-to-www/#post-1723
# WP REWRITE LOOP START # Rewrite dedicated server IP to www domain RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^xxx\.xxx\.xxx\.xxx$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L] RewriteRule ^index\.php$ - [L]
JoseParticipantOk; it was resolved deleting both .htaccess files. Sorry for the inconveniences.
AITpro AdminKeymaster@ Jose – BPS upgrades automatically change/update htaccess code if needed. So you do not need to do any additional steps when upgrading BPS. Use FTP or your web host control panel file manager, download your BPS root .htaccess file and email it to me: info at ait-pro dot com and then delete it from your website. If you are able to login, your site is not showing a 500 error then go to Custom Code, Export your Custom Code, click the Custom Code Delete button, go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.
KrzysztofParticipant[Topic has been merged into this relevant Topic]
Hello,
I have uploaded a file via my ftp and got a php error:[01-Feb-2016 15:05:07 UTC] PHP Warning: copy(/xxxx/wp-content/themes/InfoLotnicze_3/view/footer.php): failed to open stream: Permission denied in /xxxxxwp-content/plugins/bulletproof-security/includes/arq-cron.php on line 1528
AITpro AdminKeymasterDo the standard AutoRestore|Quarantine Manual File Editing/Uploading Correct Usage steps: http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps
HannahParticipantI would like to know your opinion of the new SSL certificates created by Let’s Encrypt. I’ve been following their progress and now see that they are available on several hosts, but I wonder if you feel they are a good deal, or if paying for another type is the better call. Thanks for your expertise!
-
AuthorPosts
- You must be logged in to reply to this topic.