Home › Forums › BulletProof Security Free › BPS Free Read Me First – General Troubleshooting
Tagged: BPS Free General Troubleshooting
- This topic has 3 replies, 3 voices, and was last updated 1 year, 2 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
This Forum is for Posting BulletProof Security Free Questions & Comments. If your Question or Comment is regarding BulletProof Security Pro then please post in the BulletProof Security Pro Forum.Troubleshooting Steps: BulletProof Security Plugin Conflict vs Actively Blocking Terminology
Plugin conflict: A plugin conflict would be a scenario where you are using 2 plugins or plugin features that do the exact or a very similar thing. Example: You are using 2 Login Security features on your website. If both Login Security features are calling the same WordPress Hooks (actions and/or filters) then the 2 plugins will compete with each other and 1 plugin will always override the other plugin. The solution is to choose whichever Login Security feature you want to use in either Plugin and then turn off the Login Security feature in the other plugin.
Actively Blocking: BPS is a security plugin that checks for and blocks malicious attack strings as well as a number of other potentially malicious things that could be an attack against your website. If BPS blocks something legitimate in another Plugin or Theme because it matches a hacking attack or other malicious attack against your website then a whitelist (exclude) rule can be quickly and easily created using BPS Custom Code to allow (whitelist) whatever is being blocked in another Plugin or Theme.
The BPS Security Log is a Primary Troubleshooting Tool: Your BPS Security Log logs blocked hackers, spammers, etc. & also logs anything else that BPS may be blocking in another Plugin or Theme. To confirm or eliminate that BPS is blocking something legitimate in another Plugin or Theme, check your BPS Security Log for any log entries with that Plugin or Theme name. If you have confirmed that BPS is blocking something in another Plugin or Theme, search the forum using that Plugin or Theme name for a solution. If no search results are returned for that Plugin or Theme name then create a new Forum Topic and post the Security Log entry from your BPS Security Log that shows exactly what is being blocked in that Plugin or Theme. A whitelist (exclude) rule can then be created to allow whatever is being blocked by BPS. The BPS Security Log logs all 403 errors whether or not BPS is related to or causing the 403 error. Example: Something installed on your server is causing a 403 error. That 403 error will be logged in the BPS Security Log.
The BPS plugin has built-in troubleshooting capability and should not be deactivated for troubleshooting. Deactivating BPS removes the built-in troubleshooting tools/capabilities. You can turn all BPS security features On or Off for troubleshooting to isolate exactly which BPS security feature is causing an issue/problem or to confirm or eliminate BPS as the cause of an issue/problem.
Note: After doing each troubleshooting step, test whatever is not working to see if it is now working. It could also be possible that 2 things are causing a problem. Example scenario: Doing step 1 and step 2 allow whatever was not working to start working. That would mean both the root .htaccess file and the wp-admin .htaccess file are blocking something legitimate.
1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
3. If an issue/problem is related to Login Security turn Off Login Security on the Login Security & Monitoring page.
4. If an issue/problem is related to JTC-Lite, uncheck the Login Form checkbox on the JTC-Lite page.
5. If an issue/problem is related to ISL or ACE see this forum topic: https://forum.ait-pro.com/forums/topic/idle-session-logout-isl-and-authentication-cookie-expiration-ace/htaccess Files Note: Both Root BulletProof Mode and wp-admin BulletProof Mode should be activated together. If you only activate Root BulletProof Mode and do not activate wp-admin BulletProof Mode then some wp-admin Dashboard functions (configuring Widgets, etc.) may not work correctly on some web hosts.
Custom Code Note: If you have isolated a problem to the root or wp-admin .htaccess file and you have added additional custom .htaccess code or additional .htaccess code from another plugin to BPS Custom Code then you can either use the Custom Code Export|Import|Delete Tools or manually cut (not Copy) all of your additional custom .htaccess code out of all BPS Custom Code text boxes and save that custom .htaccess code to a Notepad or Notepad++ text file, click the Save Root Custom Code button (or the wp-admin Custom Code button), go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button (and/or the wp-admin Folder BulletProof Mode Activate button). You can then further isolate which custom .htaccess code is the problem by adding only 1 block of additional custom code back to a BPS Custom Code text box at a time.
Login Security Note: If you are unable to login to your website due to an issue/problem with Login Security, rename the /wp-content/plugins/bulletproof-security/ plugin folder to /_bulletproof-security/, log back into your website, rename the /_bulletproof-security/ plugin folder back to /bulletproof-security/ and correct the issue/problem.
WordPress Network/Multisite Help Information:
The BPS plugin can be Network Activated or you can allow the BPS plugin to be activated individually on each Network|Multisite subsite or of course you can choose not to Network Activate BPS or allow the BPS plugin on subsites. Super Admins will see BPS Dashboard Alerts on the Primary Site only. Administrators can activate or deactivate BPS on subsites if you allow this on your Network|Multisite website.Additional BulletProof SecurityTroubleshooting Information
Automated Setup Steps
1. Click the Setup Wizard button on the BPS Setup Wizard page.Optional Features:
1. Idle Session Logout (ISL)
2. Auth Cookie Expiration (ACE)
3. DB Table Prefix Changer
4. Maintenance Mode
5. UI|UX SettingsUninstall Options
1. An Uninstall Options link is located on the WordPress Plugins page under the BulletProof Security plugin.
2. Clicking the Uninstall Options link loads a jQuery UI Dialog Form with 2 BPS plugin uninstall options.
3. If you are upgrading to BPS Pro, select the BPS Pro Upgrade Uninstall option and click the Save Option button or just click the Close button below and do a normal plugin uninstall.
4. If you want to completely delete the BPS plugin, all files, Custom Code and BPS database settings, select the Complete BPS Plugin Uninstall option and click the Save Option button.Manual Setup Steps
htaccess Core htaccess Files Manual Setup Steps:
1. Click the Root Folder BulletProof Mode Activate button on the Security Modes page.
2. Click the wp-admin Folder BulletProof Mode Activate button on the Security Modes page.
3. Turn On the Hidden Plugin Folders|Files Cron (HPF) by clicking the Save HPF Cron Options button.
4. Click the Master htaccess Folder BulletProof Mode Activate button.
5. Click the BPS Backup Folder BulletProof Mode Activate button.Note: It is recommended that use a Custom Permalink Structure:https://codex.wordpress.org/Using_Permalinks#Choosing_your_permalink_structure
htaccess Core htaccess Files Manual Removal Steps:
1. Click the Root Folder BulletProof Mode Deactivate button on the Security Modes page.
2. Click the wp-admin Folder BulletProof Mode Deactivate button on the Security Modes page.
3. Deactivate and delete the BPS plugin on the WordPress Plugins page.
4. Go to WordPress Settings >>> Permalinks and resave your Permalink Settings.
htaccess File Troubleshooting Steps: Unable to Login to Your Website:
1. Use FTP or your Web Host Control Panel File Manager and delete the .htaccess file in your website root folder and the .htaccess file in your wp-admin folder. If you do not see the root and wp-admin htaccess files then select “Show Hidden Files” in your FTP application or in your web host control panel file manager.
See Custom Code Note
2. Log into your website and Activate all BulletProof Modes.Note: These steps above apply to issues/problems that are directly related to your root .htaccess file. If your are unable to login to your site due to an issue/problem with Login Security, rename the /bulletproof-security plugin folder to /_bulletproof-security, log back into your website, rename the /_bulletproof-security/ plugin folder to /bulletproof-security/ and correct the issue/problem. For additional troubleshooting steps for BulletProof Security see: https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting
Note: Some web hosts require that you have a WordPress default htaccess file in your website root folder in order to be able login to your website. If you are unable to login to your site after deleting the .htaccess file in your website root folder then download this file: /bulletproof-security/admin/htaccess/default.htaccess, upload the default.htaccess file to your website root folder and rename it to .htaccess.htaccess File Requirements and Compatibility:
https://wordpress.org/plugins/bulletproof-security/faq/Login Security & Monitoring Manual Setup Steps
1. Click the Login Security & Monitoring Save Options button to use & save the BPS default Login Security settings or choose your own settings.
2. Click the Login Security: Send Login Security Email Alert When… Save Options button to use and save BPS default Email Alerts and Log File settings or choose your own settings.Idle Session Logout (ISL) Setup Steps
1. Choose the ISL option settings you want to use.
2. Click the Save Options button.Auth Cookie Expiration (ACE) Setup Steps
1. Choose the ACE option settings you want to use.
2. Click the Save Options button.DB Backup & Security Setup Steps
1. Click the Create Backup Jobs accordion tab.
2. Enter a Description|Backup Job Name and select the Form option choices that you want.
3. Click the Create Backup Job|Save Settings button to save your Form option choices and create your Backup Job.
4. Click the Backup Jobs – Manual|Scheduled accordion tab, click on the Run checkbox for the Backup Job that you want to run and click the Run Job|Delete Job button.
5. Your Backup files are displayed under the Backup Files – Download|Delete accordion tab.
6. You can Download Backup files to your computer by clicking the Download link for that Backup file.
7. You can delete Backup files by clicking the checkbox for the Backup file that you want to delete and then click the Delete Files button.Maintenance Mode Usage: Display an Under Maintenance page
1. Choose the Maintenance Mode settings you want to use.
2. Use one of the BPS pre-created Background Images & Center Images or create your own unique Under Maintenance page.
3. Click the Save Options button.
4. Click the Preview button.
5. Click the Turn On button.UI|UX Settings Usage
1. Select and Save a Theme Skin.
2. Turn On|Off The Inpage Status Display.
3. Turn On|Off The Processing Spinner.
4. Turn On|Off jQuery ScrollTop Animation.
5. Choose WP Toolbar Functionality In BPS Plugin Pages.
6. Choose On|Off for Script|Style Loader Filter (SLF) In BPS Plugin Pages.
7. BPS UI|UX Debug: Turn On for debugging.BulletProof Security Network|Multisite Subsite Menus
Login Security and System Info menus/pages are available on Network|Multisite subsites to Super Admins and AdministratorsLogin Security has all the same functionality on Network|Multisite subsites with these exceptions:
Login Security email alerting is not available for subsites.JTC-Lite has all the same functionality on Network|Multisite subsites
Maintenance Mode has all the same functionality on Network|Multisite subsites with these exceptions:
BackEnd Maintenance is not available on subsites & these Primary site options are not available on subsites: Put The Primary Site And All Subsites In Maintenance Mode & Put All Subsites In Maintenance Mode, But Not The Primary Site.System Info has all the same functionality on Network|Multisite subsites with these exceptions:
MySQL Database information is not displayed on subsites.BulletProof Security Single Site & Network|Multisite Primary Site Menus
All other BulletProof Security features are not available on subsites since Network|Multisite subsites are virtual and do not have separate website folders or files of their own. All of the other standard BulletProof Security features work sitewide and affect all other virtual subsites with the exception of Login Security and JTC-Lite, which work individually for each specific website – Primary or virtual subsites and therefore should only be available to and controlled by the Super Admin with Network Admin capabilities for the Network|Multisite website.Web Host Compatibility Check
BPS and BPS Pro are compatible with all Web Hosts worldwide (350,000+).cPanel Hotlink Protection Tool – No longer an issue/problem.
BulletProof Security Alert will not go away – “BPS Alert! Your site does not appear to be protected by BulletProof Security” – No longer an issue/problem.
500 Internal Server Error After Activating BulletProof Mode for your Root FolderSome Web Hosts do not allow you to use the “Options” Directive in .htaccess files. If you see a 500 Internal Server Error then comment out the “Options” Directive by adding a pound sign (#) in front of Options -Indexes in your Root .htaccess file as shown below.
# DO NOT SHOW DIRECTORY LISTING # If you are getting 500 Errors when activating BPS then comment out Options -Indexes # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors. #Options -Indexes
Some Web Hosts do not allow you to use the “DirectoryIndex” Directive in .htaccess files. If you see a 500 Internal Server Error then comment out the “DirectoryIndex” Directive by adding a pound sign (#) in front of DirectoryIndex in your Root .htaccess file as shown below. Known Hosts with this issue: NordNet
# DIRECTORY INDEX FORCE INDEX.PHP # Use index.php as default directory index file # index.html will be ignored will not load. #DirectoryIndex index.php index.html /index.php
500 Internal Server Error After Adding New custom .htaccess Code To BPS Custom CodeIf you have added custom .htaccess code to BPS Custom Code, saved it, clicked the AutoMagic buttons and activated BulletProof Modes and there is either invalid .htaccess code in that custom .htaccess code or your particular Server/Host does not allow something in that custom .htaccess code then your site will crash with a 500 Internal Server Error.
1. Use FTP or your web host control panel file manager and delete your root .htaccess file (or the wp-admin .htaccess file if the custom .htaccess code was added to wp-admin Custom Code).
2. After you have deleted the .htaccess file or files, login to your site, go to BPS Custom Code, cut (NOT copy) the custom .htaccess code you added to any BPS Custom Code text boxes and paste that custom .htaccess code to a Notepad text file (use Notepad or Notepad++ – do NOT use Word or WordPad) and save it on your computer.
3. After cutting all custom .htaccess code that you have added to any BPS Custom Code text boxes, click the Save Root Custom Code button (and/or Save wp-admin Custom Code button), go to the Security Modes page and click the Root folder BulletProof Mode (and/or wp-admin Folder BulletProof Mode) Activate button.Your site should not crash at this point with a 500 Error. You can then check and test your custom .htaccess code individually. ONLY add one section of your custom .htaccess code at a time to BPS Custom Code text boxes (and do ALL the Custom Code steps) to isolate which custom .htaccess code is causing the 500 error. Either correct whatever needs to be corrected or just do not use the custom .htaccess code on your website if it does not work / is not allowed on your particular Host/Server.
DSO Server Type: htaccess File Editor Not Working, Unable to Backup or Restore FilesIf your Server API type is DSO and your WP Filesystem API Method is NOT “direct” then you will need to do some additional setup steps for a DSO Server. You can check your Server API and WP Filesystem API Method on the BPS System Info page. If you see that your Server API is DSO and your WP Filesystem API Method is NOT “direct” then you will need to do these additional installation steps for DSO.
BulletProof Security WP Error: “no input file specified”- Permalink Problems/404 Errors – using the .html permalink hack is causing 404 ErrorsIf you see a “no input file specified” error then there is something wrong with your WordPress custom permalink structure. Another cause of 404 Errors is using the .html Permalink hack. Using .html in your WordPress Permalink Structure is considered a hack and is not a standard WordPress Custom Permalink Structure. Example Permalink .html Hack: /%postname%.html. Many years ago this supposedly increased page ranking and SEO. If that was ever really true it is definitely not true now. Using this permalink hack will only cause your website problems and BulletProof Security will not work with this permalink hack. You will need to change your custom permalink to a standard WordPress custom permalink structure in order to be able to use BulletProof Security.
403 Forbidden Error or 500 Internal Server Error when updating/upgrading BPS – No longer an issue/problem.- This topic was modified 2 years, 9 months ago by AITpro Admin.
- This topic was modified 2 years, 9 months ago by AITpro Admin.
- This topic was modified 2 years, 9 months ago by AITpro Admin.
- This topic was modified 2 years, 9 months ago by AITpro Admin.
- This topic was modified 2 years, 9 months ago by AITpro Admin.
- This topic was modified 2 years, 9 months ago by AITpro Admin.
AndrewxcodeParticipantAnother host to add to the list of those not allowing changes to .htaccess file permissions is Webline Services http://webline-services.com/. To be fair, I haven’t tried asking them, as I am about to move my http://www.propertyforsalespain.co.uk/ website to a new host anyway. I have for the moment got around the 404 error by deactivating root folder bullet proof mode and wp-admin folder via BPS Security/htaccess Core in Admin.
Regards
AndrewEmma FrostParticipantSo, can we also block specific IPs right inside the plugin?
AITpro AdminKeymasterSee this forum topic on how to block IP addresses > https://forum.ait-pro.com/forums/topic/htaccess-block-ip-address-block-access-to-files-by-ip-address/
-
AuthorPosts
- You must be logged in to reply to this topic.