Random General Questions

Home Forums BulletProof Security Pro Random General Questions

Viewing 15 posts - 331 through 345 (of 349 total)
  • Author
    Posts
  • #30881
    AITpro Admin
    Keymaster

    @ Immerse – It appears something is breaking the BPS Pro Plugin Firewall.  Are you using minification?

    #30882
    Immerse
    Participant

    No, this is a test site and I don’t even have a cache plugin loaded, certainly not minification. It’s confusing because other sites (with minification on at least one) don’t have issues, but this, which has a virginal database and practically nothing else, seems to have an unhappy bps plugin. As I said in the original post, I actually installed and deleted wordpress 3 or maybe 4 times (I was making a quick video on how to do it, and decided that as I’d shown database names/passwords and wordpress admin details it was best to delete and start anew each time.) I believe I installed bps free once, set it up, then updated it to bps pro, which didn’t go well. I had even more error messages. Assuming I’d cocked up, and as it was only an empty site I just deleted the lot (database included) and ran out a fresh install, this time without bps free. That went silly too, I believe. Hard to remember now. Then I did a final delete and installed all again, fresh. All was fine, or was at least quiet, until I hit the curl button. Then the errors came out to play.

    I wouldn’t care as such because it’s not a ‘production’ site – I’m using it to run someone through knocking up a directory-style website with a bunch of custom posts – but I still don’t want it getting knocked over. If you want to look, am happy to give a login.

    #30883
    AITpro Admin
    Keymaster

    Ok yeah send a WP Admin login to this site so I can see what’s happening.  Send to:  info at ait-pro dot com.

    #30894
    Vickie
    Participant

    I’m sure this is covered somewhere – but either I haven’t found the instructions on how to do it – or I don’t even understand them enough to realize I’ve found the instructions. I have the backup zip files emailed to me regularly – but I don’t know what to do with it. Right now my site is down and I just need to go back to one of my backups.

    #30897
    AITpro Admin
    Keymaster

    @ Vickie – Probably the best thing to do would be to contact your web host and ask them for help restoring your site or maybe check your host’s help pages to see if there is some help documentation regarding doing site restores.  I can google that, but of course you could do the same.

    #31076
    armintz
    Participant

    about to update WordPress core from 4.4.5 to latest (4.6.1.)…
    i’m using the latest BPS pro… any special steps i should follow with bps prior to the core update?

    thank you

    #31078
    AITpro Admin
    Keymaster

    @ armintz – No special steps are needed when updating WordPress from your WordPress Dashboard.

    #31079
    armintz
    Participant

    thanks for confirming

    #31259
    Nik
    Participant

    Hello AITpro Admin,

    I am curious as to why the REQUEST METHODS FILTERED code I copied from my htaccess and inserted directly into the custom code did not work, but the code I used from your link below worked.  They looked exactly the same to me.

    http://forum.ait-pro.com/forums/topic/backwpup-missing-or-not-expected-http-response-headers/

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy 
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code 
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

    Nik

    #31261
    AITpro Admin
    Keymaster

    @ Nik – Did you edit your root htaccess code after you copied it to Custom Code and add the # signs to in front of the last 2 lines of code?

    #31290
    Nik
    Participant

    Hello AITpro Admin,

    I probably added the # in front of the RewriteCond and RewriteRule via my C-Panel, File Manager, then copy it from the BPS htaccess, then paste it into the Custom Code.

    Thank you very much for your support.

    Nik

    #31317
    carsafety
    Participant

    Hi,

    I noticed there was a BPS Pro update but it wasn’t appearing in my WordPress dashboard.  So I clicked for Manual Upgrade Check, and the warning below appeared at the top of the page.  It did trigger the plugin to indicate there was an update available, but when I clicked to update, it said it failed to update BPS Pro.  I see the errors are old from a few months ago, but that the Alert starting appearing on the dashboard was somehow triggered by the manual update check.

    BPS Hidden Plugin Folder|Files (HPF) Alert
    An unrecognized/non-standard WP file was found in your /plugins/ folder. This file may be a hacker file or contain hacker code. If you recognize this file and/or it is safe to ignore this file you can ignore this file check by adding the HPF Ignore Rule shown below in the Ignore Hidden Plugin Folders & Files textarea box option to make this Alert go away.
    File Path: /home/carseatb/public_html/wp-content/plugins/error_log
    HPF Ignore Rule: error_log
    Last Modified Time: May 21, 2016 @ 10:31 am
    Last Change Time: May 21, 2016 @ 10:31 am
    Last Access Time: January 25, 2016 @ 9:13 am
    File Contents:

    [25-Nov-2013 00:45:46] PHP Fatal error: Call to undefined function add_action() in /home/carseatb/public_html/wp-content/plugins/hello.php on line 60
    [25-Nov-2013 09:52:41] PHP Fatal error: Call to undefined function add_action() in /home/carseatb/public_html/wp-content/plugins/hello.php on line 60
    [06-Jan-2014 08:39:19 America/Chicago] PHP Fatal error: Call to undefined function add_action() in /home/carseatb/public_html/wp-content/plugins/hello.php on line 60
    [17-May-2016 01:32:27 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [18-May-2016 22:28:59 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [18-May-2016 22:29:00 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [20-May-2016 18:44:55 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [21-May-2016 15:31:38 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0
    #31319
    AITpro Admin
    Keymaster

    @ carsafety – Try the BPS Pro update again and see if it works.  If it does not work then see this forum topic for additional things to try:  http://forum.ait-pro.com/forums/topic/wp-mu-plugin-update/#post-22887 or you can do a manual BPS Pro upgrade:  http://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/.

    The HPF Alert is coincidental.  You can exclude the error_log file by copying the HPF Ignore Rule: error_log to the Ignore Hidden Plugin Folders & Files textarea box option to make this Alert go away.  http://forum.ait-pro.com/forums/topic/hidden-plugin-folderfiles-alert/

    #32290
    Immerse
    Participant

    I know this is a little general, but I figure it’s worth asking…

    I am going to start creating a website which I first put online several years ago. The original was taken down in less than 2 months by a group of islamic hackers from Turkey, presumably on the grounds that it was a satirical site which effectively poked fun at a variety of religions, including theirs. I knew squat about security, not a whole lot less than today, so it was probably quite easy to gain entry. I have never rebuilt the site because I simply didn’t have time to write the content – I still don’t, but figure I have to get started again. I know the site will be hit heavily when it goes online.

    It will need, at some time in the future, to utilise some form of membership system, as it has a very specific function (long-term) but not initially. It will need to have a subscription form to allow people to sign up for updates and possibly buy a related ebook.

    Given that vague description, knowing it is a site that would be targetted by those without the remotest trace of a sense of humour, what recommendations would you make for securing the site? Do you have a sort of ‘maximum security’ setup you could point me at, or is it just a case of ‘activate everything’?

    #32293
    AITpro Admin
    Keymaster

    @ Immerse – The Setup Wizard automatically sets up all BPS Pro security features with optimum default settings.  You can increase your overall website security by adding Bonus Custom Code:  https://forum.ait-pro.com/forums/topic-tag/bonus-custom-code/  Since your site content may attract high level human hackers and not just hackerbots then you need to be very selective about the plugins that you install.  Ie research each plugin for any known security issues before installing them on your site.  Ensure that your computer is secured with a firewall and anti-virus protection.  Do not click on any links sent to you in emails from people you do not know.  In general, you want to approach everything you do like you are dealing with top secret material, which is how we do everything.  We use extra caution with emails, take no chances, have implemented extra security measures on all our computers, do not store any passwords on any computers, etc etc etc.

Viewing 15 posts - 331 through 345 (of 349 total)
  • You must be logged in to reply to this topic.