Random General Questions

[AITpro Admin]

If a plugin or theme or something else on your website/server is changing the root htaccess file/file code then it will be quarantined each time it is modified/changed.  Is your root htaccess file locked on the B-Core >>> htaccess File Editor tab page (or in F-Lock)?

[simon]

root.htaccess is turned off ( this is what in the F-Lock Tab stands.) Should it be locked?

[AITpro Admin]

I would lock it.  Locking the root htaccess file is primarily to protect it from being modified by other things that you have installed on your website (plugins, themes) and not so much a security measure since bypassing/overriding file/folder permissions is a very simple thing to do.  If you lock your root htaccess file and your website crashes then your Hosst server does not allow the root htaccess file to be locked and you will need to manually delete it using FTP, log back into your site and set the F-Lock option to unlock.

[Jose]

Hi.

I’ve found today this file quarantined. It seems an update. Should I restore it?

/homepages/XX/dxxxxxxxxx/htdocs/wordpress/wp-admin/includes/update-core.php

[Jose]

OK; I’m going to explain what happened. A day before I updated manually to the new WordPress version 4.2.2, but this morning the automatic updates system reinstalled this version again, and BPS ARQ detected this file duplicated and quarantined one of them (I guess the new one). When I restored the file, everything was fine again and fixed.  🙂

[AITpro Admin]

Something that this can happen if there is a brief server hiccup (connection problem either with your server or the WP API server) while WordPress is being updated.  The correct action is to restore any WP files that get quarantined due to that hiccup.

[hcri50]

Can not do any updates for Plugins or WordPress, for when I click on the Plugins button, I get a Blank Page. I do have access to BPS Pro, for that seems to work perfectly, but there is no way for me todo a update. I would like to remove BPS Pro manually, and then I would like to re-install WP manually also, since I can not update that also. I was forwarded instructions last time, but I lost the email for the correct procedure for manual uninstall and manual reinstall. SORRY FOR A REPEAT Question, I will store it away and never lose it again. oh I do not need instructions on how to replace the WP files by ftp. All I need are the instructions on how to deactivate the BPS Pro I do have full access of BPS Security within WordPress. I am just not sure what to do with the .htaccess file. on the proper way on removing BPS Security Manually.

robert

[AITpro Admin]

@ robert – BPS Pro has built in troubleshooting tools and capabilities.  You should never need to either deactivate or uninstall BPS Pro to do troubleshooting.  Deactivating the BPS Pro plugin means you have turned off all of the BPS Pro built in troubleshooting tools and capabilities.  See the BPS Pro troubleshooting link below for troubleshooting steps.

http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

[Robinton]

[Topic merged – Topic Title unknown]

When BPS Pro is activated, all the pages in my WordPress site except the home page disappear in the browser. There is no error message or login.  The page is blank, and the source code is blank. This is the case with all other plugins deactivated, as well as with other plugins activated. The site is still under development, so I have Maintenance Mode set to: “Maintenance Mode ~ FrontEnd ~ BackEnd / FrontEnd ~ Display Maintenance Mode Page|BackEnd ~ Lock BackEnd with Deny All htaccess Protection”. I think all other settings are either default, or whatever I was guided to set when I installed the plugin. I didn’t do any tweaking other than to set Maintenance Mode. What’s the problem, and what should I do?

Thank you.
Robinton

[AITpro Admin]

@ Robinton – It sounds like it is going to be some sort of problem with Maintenance Mode based on what you have stated.  I do not have enough information about the problem to be able to tell you exactly what the problem is.  Turn off Maintenance Mode and let me know if the problem is still occurring or not.

[Robinton]

AITPro Admin,

Thank you for your comment at May 18, 2015 at 7:23 pm to my post #22721, “When BPS Pro is activated, all the pages in my WordPress site except the home page disappear in the browser.”

I’m being so specific in what I’m replying to because of how my question and your reply were posted.  I thought I was starting a new topic under BPS PRO, and somehow my post ended up in a thread on Random General Questions instead, with the title, “[Topic merged – Topic Title unknown]”. (I’m also getting email notifications regarding other posts here that I’m not interested in.)

Can you tell me what I did wrong in that regard, or at least what I should do that’s right?

Anyway, I took your advice.  Within the Maintenance Mode Options I disabled Front End Maintenance Mode (Back End was already not enabled), and I also turned off Maintenance Mode itself. I still get the same effect – the home page appears in the browser, but other pages are blank (including the source code).

So for the time being, I have BPS PRO itself deactivated, which of course makes the plugin totally useless and my purchase a total waste.
What should I do?
Thank you.

Robinton

[AITpro Admin]

From your original description there is not enough information to determine what the issue or problem is and therefore an appropriate forum topic title cannot be created.  Topics are merged into this General Topic until it is clear what the issue or problem is.  We are very careful to keep the forum very well organized and searchable.  Once the exact issue or problem is known then a new forum topic and title can be created that matches exactly what the issue or problem is so that someone else searching for that issue or problem will find that topic.  Your original topic was borderline and could be related to Maintenance Mode or it could be related to another plugin or probably at least 50 other things.

At this point, create a temporary WordPress Administrator user account and send that login information to: info at ait-pro dot com.  I will login and figure out what the problem is.  Once the problem is known then a solution can be found and of course a forum topic and title can be created that will match that exact issue/problem and solution.

EDIT|UPDATE:
And to clarify “borderline” an example would be:  X causes all the pages in my WordPress site except the home page disappear in the browser.  If X is just activating the BPS plugin then that that would mean something else that you have installed is actually causing the problem.  The logic is that activating the BPS plugin does not cause this problem so something else you have installed is causing some sort of chain reaction problem.  Ie Y is breaking X which is causing the end result problem.  The source/origin/cause of the root problem is actually Y and not X.

[bill]

[Topic has been merged] 
Hello, AITpro.
I had a question about plugins that allow users the ability to upload files conveniently (and directly) from their desktop to my site. I am in need of this type of functionality (or something very similar to it) for a recent web project, but being that security is paramount for me, I wanted to get your opinion on the matter. I’ve seen this function on countless sites and I wanted to know what is the safest approach to take. Translated: allow users the ability to upload files (without opening Pandora’s box) + protect my site/database/ftp from malicious intent and uploads. I’ve looked into the paid version of this plugin… https://wordpress.org/plugins/wp-file-upload/ which may need this plugin: https://wordpress.org/plugins/code-snippets/ to perform certain functions I’m interested in. Please advise when your scheduling permits.
Thanks,
Bill

[AITpro Admin]

As long as the code in the plugin is secure and does not have any flaws/coding mistakes that would allow it to be exploited it would be safe to use.  Do a little research/Googling to find out what other folks are saying and check the plugin’s support forum to see what other folks are saying about the plugin.

[bill]

I was researching it out prior to posting and I couldn’t find anything out there (via Google search and/or wp plugin support forum) that spoke to potential vulnerabilities – admittedly, that did little to bolster confidence about the plugin or the idea in general. The author attempted to vaguely address security in the FAQs with these two statements…

Who can upload files?
By default only administrators can upload files. However you can define which user roles are allowed to upload files, beyond administrators. Even guests can be allowed to upload files, however use this option with care.

What security is used for uploading files?
The plugin is designed not to expose website information by using sessions. Parameters passing from server to client side are encoded. For higher protection, like use of captcha, please consider the Professional version of the plugin.

To me, this leaves more questions than answers. And, actually combing the plugin’s code/script far exceeds my reach.

[Author]

Posts