Home › Forums › BulletProof Security Pro › Random General Questions
- This topic has 349 replies, 35 voices, and was last updated 1 year, 1 month ago by EmilianoJoel.
-
AuthorPosts
-
AITpro AdminKeymaster
@ Immerse – It appears something is breaking the BPS Pro Plugin Firewall. Are you using minification?
ImmerseParticipantNo, this is a test site and I don’t even have a cache plugin loaded, certainly not minification. It’s confusing because other sites (with minification on at least one) don’t have issues, but this, which has a virginal database and practically nothing else, seems to have an unhappy bps plugin. As I said in the original post, I actually installed and deleted wordpress 3 or maybe 4 times (I was making a quick video on how to do it, and decided that as I’d shown database names/passwords and wordpress admin details it was best to delete and start anew each time.) I believe I installed bps free once, set it up, then updated it to bps pro, which didn’t go well. I had even more error messages. Assuming I’d cocked up, and as it was only an empty site I just deleted the lot (database included) and ran out a fresh install, this time without bps free. That went silly too, I believe. Hard to remember now. Then I did a final delete and installed all again, fresh. All was fine, or was at least quiet, until I hit the curl button. Then the errors came out to play.
I wouldn’t care as such because it’s not a ‘production’ site – I’m using it to run someone through knocking up a directory-style website with a bunch of custom posts – but I still don’t want it getting knocked over. If you want to look, am happy to give a login.
AITpro AdminKeymasterOk yeah send a WP Admin login to this site so I can see what’s happening. Send to: info at ait-pro dot com.
VickieParticipantI’m sure this is covered somewhere – but either I haven’t found the instructions on how to do it – or I don’t even understand them enough to realize I’ve found the instructions. I have the backup zip files emailed to me regularly – but I don’t know what to do with it. Right now my site is down and I just need to go back to one of my backups.
AITpro AdminKeymaster@ Vickie – Probably the best thing to do would be to contact your web host and ask them for help restoring your site or maybe check your host’s help pages to see if there is some help documentation regarding doing site restores. I can google that, but of course you could do the same.
armintzParticipantabout to update WordPress core from 4.4.5 to latest (4.6.1.)…
i’m using the latest BPS pro… any special steps i should follow with bps prior to the core update?thank you
AITpro AdminKeymaster@ armintz – No special steps are needed when updating WordPress from your WordPress Dashboard.
armintzParticipantthanks for confirming
NikParticipantHello AITpro Admin,
I am curious as to why the REQUEST METHODS FILTERED code I copied from my htaccess and inserted directly into the custom code did not work, but the code I used from your link below worked. They looked exactly the same to me.
http://forum.ait-pro.com/forums/topic/backwpup-missing-or-not-expected-http-response-headers/
# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
Nik
AITpro AdminKeymaster@ Nik – Did you edit your root htaccess code after you copied it to Custom Code and add the # signs to in front of the last 2 lines of code?
NikParticipantHello AITpro Admin,
I probably added the # in front of the RewriteCond and RewriteRule via my C-Panel, File Manager, then copy it from the BPS htaccess, then paste it into the Custom Code.
Thank you very much for your support.
Nik
carsafetyParticipantHi,
I noticed there was a BPS Pro update but it wasn’t appearing in my WordPress dashboard. So I clicked for Manual Upgrade Check, and the warning below appeared at the top of the page. It did trigger the plugin to indicate there was an update available, but when I clicked to update, it said it failed to update BPS Pro. I see the errors are old from a few months ago, but that the Alert starting appearing on the dashboard was somehow triggered by the manual update check.
BPS Hidden Plugin Folder|Files (HPF) Alert
An unrecognized/non-standard WP file was found in your /plugins/ folder. This file may be a hacker file or contain hacker code. If you recognize this file and/or it is safe to ignore this file you can ignore this file check by adding the HPF Ignore Rule shown below in the Ignore Hidden Plugin Folders & Files textarea box option to make this Alert go away.
File Path: /home/carseatb/public_html/wp-content/plugins/error_log
HPF Ignore Rule: error_log
Last Modified Time: May 21, 2016 @ 10:31 am
Last Change Time: May 21, 2016 @ 10:31 am
Last Access Time: January 25, 2016 @ 9:13 am
File Contents:[25-Nov-2013 00:45:46] PHP Fatal error: Call to undefined function add_action() in /home/carseatb/public_html/wp-content/plugins/hello.php on line 60 [25-Nov-2013 09:52:41] PHP Fatal error: Call to undefined function add_action() in /home/carseatb/public_html/wp-content/plugins/hello.php on line 60 [06-Jan-2014 08:39:19 America/Chicago] PHP Fatal error: Call to undefined function add_action() in /home/carseatb/public_html/wp-content/plugins/hello.php on line 60 [17-May-2016 01:32:27 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0 [18-May-2016 22:28:59 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0 [18-May-2016 22:29:00 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0 [20-May-2016 18:44:55 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0 [21-May-2016 15:31:38 UTC] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20131226/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0
AITpro AdminKeymaster@ carsafety – Try the BPS Pro update again and see if it works. If it does not work then see this forum topic for additional things to try: http://forum.ait-pro.com/forums/topic/wp-mu-plugin-update/#post-22887 or you can do a manual BPS Pro upgrade: http://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/.
The HPF Alert is coincidental. You can exclude the error_log file by copying the HPF Ignore Rule: error_log to the Ignore Hidden Plugin Folders & Files textarea box option to make this Alert go away. http://forum.ait-pro.com/forums/topic/hidden-plugin-folderfiles-alert/
ImmerseParticipantI know this is a little general, but I figure it’s worth asking…
I am going to start creating a website which I first put online several years ago. The original was taken down in less than 2 months by a group of islamic hackers from Turkey, presumably on the grounds that it was a satirical site which effectively poked fun at a variety of religions, including theirs. I knew squat about security, not a whole lot less than today, so it was probably quite easy to gain entry. I have never rebuilt the site because I simply didn’t have time to write the content – I still don’t, but figure I have to get started again. I know the site will be hit heavily when it goes online.
It will need, at some time in the future, to utilise some form of membership system, as it has a very specific function (long-term) but not initially. It will need to have a subscription form to allow people to sign up for updates and possibly buy a related ebook.
Given that vague description, knowing it is a site that would be targetted by those without the remotest trace of a sense of humour, what recommendations would you make for securing the site? Do you have a sort of ‘maximum security’ setup you could point me at, or is it just a case of ‘activate everything’?
AITpro AdminKeymaster@ Immerse – The Setup Wizard automatically sets up all BPS Pro security features with optimum default settings. You can increase your overall website security by adding Bonus Custom Code: https://forum.ait-pro.com/forums/topic-tag/bonus-custom-code/ Since your site content may attract high level human hackers and not just hackerbots then you need to be very selective about the plugins that you install. Ie research each plugin for any known security issues before installing them on your site. Ensure that your computer is secured with a firewall and anti-virus protection. Do not click on any links sent to you in emails from people you do not know. In general, you want to approach everything you do like you are dealing with top secret material, which is how we do everything. We use extra caution with emails, take no chances, have implemented extra security measures on all our computers, do not store any passwords on any computers, etc etc etc.
-
AuthorPosts
- You must be logged in to reply to this topic.