Security Log – No log entries, Sucuri Security Plugin Blocks Logging

[AITpro Admin]

Split from another Topic since the question is a new question:

I have the opposite problem.  Prior to a recent update, my log file had maybe 20 entries a day. After the update I haven’t had an entry since 1/31/13. I can’t imagine that’s accurate. I am sure that I have done something wrong, but I don’t know what.  I have read the various resources, but I am just not knowledgable enough to follow/understand what I should be doing to test my installation of BPS on my WordPress site.  Is there a really clear step-by-step process that I can follow?  Thanks so much!

[AITpro Admin]

Go to the htaccess File Editor tab page.

Click on the Your Current Root htaccess File tab and scroll down in that file and look for this code.

ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
ErrorDocument 401 default
ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
ErrorDocument 404 /404.php

Do you see this code in your Root .htaccess file?  Does it have a pound sign # in front of it?
Is your WordPress installation a root website installation or is it a subfolder installation?
A Root website installation is installed in the root of the Hosting account.
A Subfolder website installation would be installed in a subfolder off the root – Example:  /some-folder

[Jeff]

Thank you for all your help.  I did find those lines of code and there is NOT a pound sign in front of them.  I wouldn’t know how to install the WordPress in a subfolder.   I just followed the instructions from the WordPress folks several years ago. I did look and I believe that it is a root website installation.  I did not see any subfolder.  Also I should mention that BPS was loging all sorts of stuff, which I expected, until I did the most reecent update.  I hope I didn’t screw that part up!  Now I do have this entry in the file:
BPS SECURITY / HTTP ERROR LOG============================================================
But that’s all.

[AITpro Admin]

Well do a test to see if error logging is actually really working.  In your Browser type in this:  ;union after your website URL.  Example:  example.com/;union.
If error logging is not working then you can try activating BulletProof Modes again.
If it is still not working then something on your website is blocking/stopping/preventing BPS error logging.  Could be another plugin or could be something your web host is doing.

[AITpro Admin]

I just thought of something.  Since you said you had set up error logging before and automatic error logging only became available in this last release of BPS then what I suspect is that you set up error logging on your own and most likely you created your own 403 error document file somewhere on your website or maybe in your host control panel?

And what exactly does this mean “Prior to a recent update, my log file had maybe 20 entries a day.”  What was the recent update?  WordPress update?  Plugin update?  Some other update?

[Jeff]

I hope I can answer your questions accurately.  I did not knowingly create a 403 error document.  Is there a way that I can check that for you?  If so if you could guide me.  I did not intentional do that.  There was a BPS plugin update on or around 1/31/13.  I just updated the plugin through my wordpress control panel.  I did NOT do anything special however.  If I was supposed to put it in manitenance mode or anything like that, I didn’t. 
I just recently installed the BPS plugin, I want to say around 1/26/13.  It had error logging at that time.  It was after I updated the plugin that the error logging stopped. 
Thanks again for all of your help!

[AITpro Admin]

BPS .47.8 was released on 1-23-2013.  It is the first version with Security Logging / HTTP Error logging.  Ok so forget about the possibility of previously setting up error logging because most likely you did not do that on your own.  What is very strange to me is that there has not been another version release of BPS since 1-23-2013 so it could not have been the BPS plugin that you updated.  Maybe you are thinking of another plugin? What other plugins do you have installed on your website?

Are you using a Proxy?  Your IP Addresses are different for your 2 posts:  1 from North Carolina and 1 from California.

[Jeff]

I am in California.  I may have logged in from home or my office, but never NC.  I just go to the Help/Faq on the BPS menu and click the link and it opens a new browser window and takes me here.  I have the following security related plugins.  I must have confused an update from one of those recently, if it wasn’t BPS:
BPS
Login Lockdown
Securi Security
Wordfence Security
Block Bad Queries
WP Firewall 2
WP Security Scan
Do I possibly have a conflict with one of the above plugins? 
Thanks again and I’m sorry to be your problem child!

[AITpro Admin]

Ok just checking on the Proxy thing since it could have possibly been related.  Not a big deal either way.  It is possible that one of these other plugins could be causing the issue.

The only way to find out for sure is to deactivate them one by one and do a test then activate them again.

use this test in your Browser:  example.com/;union test to trigger a 403 error.

If you are using any of the WordPress Themes then this test above does not work and you will instead have to enter this in your website’s search window.  test’s  with an apostrophe s

[Jeff]

I am not using a WP theme, so used the first example to test for a 403 error and logging.  I went to the very first plugin and deactivated it, then exited out of the admin panel, then tried the flyboywakesurf.com/;union etc test string.  I repeated this for every plugin I have installed.  On the very first interation, I immediately got a 404 error and then it seemed like wordpress was still churing and it came up with a 403 error page.  It took maybe 3 seconds after first displaying a 404 error page.
There was no log entry.  Each successive iteration only generated a 404 error page and no 403.
I did go through all of my plugin’s.  I believe, I don’t think I skipped any.
 

[AITpro Admin]

Hmm a 404 error and a huge delay between displaying a generic 403 error means something is definitely not working correctly on your particular website.  Something about your website is clearly overriding the BPS ErrorDocument directive in your Root .htaccess file.  It could be something your web host is doing at the Server itself.  What you will need to do now is look at your Server Logs or contact your web host and ask them to look at your Server Logs to see what the problem is.

[AITpro Admin]

What is your custom permalink structure?  You will find this on the WordPress Settings >>> Permalinks page.

[Jeff]

My permalinks structure indicates: the radio button on “custom” is market and then in the firld behind my site name it shows:  /%postname%
I hope that makes sense to you!
 

[AITpro Admin]

If you didn’t make a typo in your reply then your custom structure tag is missing the trailing slash.  it should be /%postname%/

[AITpro Admin]

Also I just happened to be fixing something on another site and I noticed that the Sucuri plugin has an option to add an .htaccess file in the wp-content folder.  There is no option to whitelist plugins or anything else and you cannot delete the .htaccess file from the plugin’s settings page.  If you have enabled this option then you will need to manually delete the .htaccess file in your wp-content folder via FTP.  This may or may not be related to the problem, but logically it could be.  I plan on fully testing the Sucuri plugin in a couple of days to see what the full impact is on BPS.

[Author]

Posts