Website migration problem

Home Forums BulletProof Security Pro Website migration problem

Viewing 15 posts - 1 through 15 (of 16 total)
  • Author
    Posts
  • #35946
    Hannah
    Participant

    Hi, I migrated a client’s site AWAY from GoDaddy Managed WordPress to cPanel hosting (also at GoDaddy) yesterday. Everything seemed to go well, the site was loading everything without any sass and responding quickly. Then I realized I hadn’t updated BPS Pro before taking the backup that I migrated with, so I updated it. Wow. The WooCommerce shop went down, many plugins’ admin pages won’t load (where they definitely were loading before) and even BPS Pro’s Admin is completely scrambled – it looks like the css is only partially read or something. I tried running the PFW Test Mode, but after turning it on and clicking around both the front end and Admin, the single whitelist rule that I started with is still the only one there. That’s how I periodically fix a couple of stubbornly disobedient installations for other clients, and I was sure it would work this time, but I got nothing. The only change from the site running smoothly – front end and back – to this state was updating BPS Pro from 13.5 to 13.6. I was tempted to roll it back and call it a day but after thinking it over I decided to go ahead and contact you about this and see if we can fix it. We do use Cloudflare. Many thanks in advance for your help.

    #35947
    AITpro Admin
    Keymaster

    I believe the problem was caused in the migration itself and not specifically the upgrade to BPS Pro 13.6.  In other words, if you did not follow one of the recommended BPS Pro migration steps > https://forum.ait-pro.com/forums/topic/migrating-moving-or-cloning-websites/#post-20407 > then when you upgraded to BPS Pro 13.6 the existing migration problem (ticking time bomb) was triggered by just updating BPS Pro itself.  I’ll spare you the dynamic technical rocket science details of what happens during a BPS Pro upgrade.  😉

    So what I recommend that you do is start over and follow one of the recommended BPS Pro migration steps instead of trying to fix whatever problem occurred with this site.  I assume AutoRestore|Quarantine quarantined files, but there may also be other problems.  So it is best to just do the one of the recommended BPS Pro migration steps and do the migration again.

    #35948
    Hannah
    Participant

    OK, thanks. ARQ only quarantined the .htaccess file, which I restored. Nonetheless, what you say makes perfect sense, so I’ll try again and let you know what happens.

    #35950
    Hannah
    Participant

    Well, I’ve run into a situation and have more info about the original migration.

    1. I was going to use Updraft Plus with Migrator addon to migrate the site. This time I was going to do it live, but the plugin disappeared from the source site and I’ve tried 3 times now to reinstall it without success. So I won’t be able to make a new backup with this tool or do a live migration. I can’t tell you how unhappy I am about this.
    2. The new site has been wiped
    3. For the first migration, BPS Pro was already at 13.6. ARQ was already disabled (because, GDMW hosting. Blech.), and Folder Lock was already turned off. The only active item you mentioned was the plugin firewall.
    4. After migrating the site, I deleted BPS Pro and reinstalled it. The copy I had on my machine at the time was 13.5, and the reinstallation went fine. The only file quarantined was htaccess. Then I updated BPS Pro to 13.6 and everything decomposed immediately.
    5. The only backup I have to work with is the one I used for the original migration.
    6. HOWEVER, I do have the site connected to Manage WP. I should be able to clone the source site and migrate it via ManageWP.

    Question: Can we work with this situation? The Plugin firewall as preserved in the backup will be active, and the BPS Pro version on the source site is 13.6, if you think trying the migration with the backup set I have available might work. If you think that trying the ManageWP migration might work better, I’d appreciate your input.

    Thank you so much.

    #35951
    AITpro Admin
    Keymaster

    Let’s start with the basics:  The BPS Pro Setup Wizard sets up each unique website with unique settings for each server and website.  So anytime you migrate a website from 1 host or folder or wherever then you need to run the Setup Wizard again to set everything up for that unique website.  The Setup Wizard actually looks at and checks server and website things and then creates the exact appropriate files, settings, etc. for each unique site/server.

    There is nothing wrong with BPS Pro 13.6.  If there were a problem with BPS Pro 13.6 then we would be getting many complaints, emails, forum posts, etc.  So far 3 people have had problems with upgrading to BPS Pro 13.6 – you and 2 other people.  The 2 other people believed the upgrade to 13.6 caused problems on their websites.  They were incorrect.  So logic dictates that since there is nothing wrong with BPS Pro 13.6 then whatever problem occurred on your website is not due to BPS Pro 13.6 and is very likely some sort of procedural mistake made during the website migration.

    Ok now let’s begin…

    You posted a lot of information, but unfortunately it is not crystal clear to me exactly where you stand.  I’m going to assume you can use the good backup that you stated you have from #5 above.  After restoring the site with that backup you would then just run the Setup Wizard if this is a different server/website.  Then upgrade to BPS Pro 13.6.

    Adding ManageWP in mix is going to make something that is extremely simple into something complex – don’t do it. 😉

    #35955
    Hannah
    Participant

    Understood. I’m running 13.6 on other sites with no issues, so I’m not blaming the version. Just wanted to make sure that retrying the migration with the original backup set I used before—even though the Plugin Firewall will be active—has some chance of working out. That backup contains BPS Pro 13.6, so it won’t need to be updated. Thanks so much for your advice on Manage WP. Have a couple of things to finish up for another client but will get back to you once I’ve had a chance to follow through.

    #35961
    Hannah
    Participant

    Hello, I’ve been working on this again today. Because I was having so many issues with plugin admin pages, I reinstalled BPS Pro although these issues make the site not 100% ready for its final “migration” from the temporary url to permanent. To eliminate the possibility that the various scripts that aren’t loading was due to bad minification, I turned that off in the Divi theme settings and in Cloudflare. No changes. I also ran the Plugin Firewall in Test mode and clicked around both the front end (where everything appears to be working fine) and the back end. The issues persist. Here’s what I’m seeing:

    Updraft admin tabs dead, Yoast admin tabs dead, Cloudflare admin completely blank, GA chart not loading on dashboard, tabs on BPS Pro admin pages are not loading – content is all displayed on one page without any tabs and many things are overlapping/not styled as usual + Setup Wizard auto fix notice doesn’t disappear after running the setup wizard. There has been no change after running plugin firewall in test mode, and no additional plugin whitelist rules were added. I just learned that Yoast SEO has a conflict with WooCommerce checkout when the “Redirect ugly permalinks to clean urls” is selected—and I’m pretty sure it is—but I can’t get to it due to these issues.

    After doing everything I could think of I checked the browser console again (there had been a number of scripts not loading due to 403 errors and I wanted to see if they were still there) I found a bunch of issues that were apparently caused by the “no-sniff” custom code, but when I went to the custom code to remove it, it wasn’t there? But it could be in the browsers (I’m checking in Firefox and Chrome). BPS Pro files are being blocked, as seen in this console warning:

    Loading failed for the <script> with source “https://xxx.xxxxxxx.com/wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.6”.
    The resource from “https://xxx.xxxxxxx.com/wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=13.6” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).

    This is affecting Yoast SEO, Cloudflare and WooCommerce as well.

    So, before I “migrate” to the permanent url and re-enabling a few things such as minification, I’d really like to make sure everything in Admin will work as soon as it goes live so there won’t be any surprises on the front end. What do you need from me, if anything, to be able to advise me further?

    Hm, just looked at the “reddest” warning in the browser console and found this, too:

    Refused to execute script from '<URL>' because its MIME type ('application/x-httpd-ea-php56-lsphp') is not executable, and strict MIME type checking is enabled.
    — /wp-admin/options-general.php?page=cloudflare#/home:1 Refused to execute script from 'https://new.our site.com/wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.6' because its MIME type ('application/x-httpd-ea-php56-lsphp') is not executable, and strict MIME type checking is enabled.
    — /wp-admin/options-general.php?page=cloudflare#/home:1 Refused to execute script from 'https://new.our site.com/wp-content/plugins/wordpress-seo/js/dist/wp-seo-babel-polyfill-771.min.js?ver=7.7.1' because its MIME type ('application/x-httpd-ea-php56-lsphp') is not executable, and strict MIME type checking is enabled.
    — /wp-admin/options-general.php?page=cloudflare#/home:1 Refused to execute script from 'https://new.our site.com/wp-content/plugins/wordpress-seo/js/dist/wp-seo-admin-global-771.min.js?ver=7.7.1' because its MIME type ('application/x-httpd-ea-php56-lsphp') is not executable, and strict MIME type checking is enabled.
    — /wp-admin/options-general.php?page=cloudflare#/home:1 Refused to execute script from 'https://new.lour site.com/wp-content/plugins/wordpress-seo/js/dist/commons-771.min.js?ver=7.7.1' because its MIME type ('application/x-httpd-ea-php56-lsphp') is not executable, and strict MIME type checking is enabled.
    — /wp-admin/options-general.php?page=cloudflare#/home:1 Refused to execute script from 'https://new.our site.com/wp-content/plugins/wordpress-seo/js/dist/wp-seo-wp-globals-backport-771.min.js?ver=7.7.1' because its MIME type ('application/x-httpd-ea-php56-lsphp') is not executable, and strict MIME type checking is enabled.
    — /wp-admin/options-general.php?page=cloudflare#/home:1 Refused to execute script from 'https://new.our site.com/wp-content/plugins/wordpress-seo/js/dist/wp-seo-modal-771.min.js?ver=7.7.1' because its MIME type ('application/x-httpd-ea-php56-lsphp') is not executable, and strict MIME type checking is enabled.
    — /wp-admin/options-general.php?page=cloudflare#/home:1 Refused to execute script from 'https://new.our site.com/wp-content/plugins/woocommerce/assets/js/jquery-flot/jquery.flot.min.js?ver=3.4.3' because its MIME type ('application/x-httpd-ea-php56-lsphp') is not executable, and strict MIME type checking is enabled.

    What does this mean? Could it be the source of all the trouble? I have purged the cloudflare cache, so it should have updated everything to reflect the fact that the site is now running PHP 7.2 – one of the reasons I persuaded my client to move away form GDMW hosting (they’re on PHP 5.6 there). I can’t get to the Cloudflare plugin admin, but if there is a setting in the account that I can change/adjust of course I’m all over it, just need to know what I’m looking for.

    #35962
    AITpro Admin
    Keymaster

    The BPS Pro Firewall does not work with javascript minification.  Javascript minification/compression breaks the BPS Pro Firewall.  You can minify HTML and CSS without breaking the BPS Pro Firewall.  It is possible that the MIME type mismatch is caused by minification/compression and probably any other errors/problems.  minification/compression is the worst idea of this century.  We tested minification/compression extensively many years ago and it does not really improve website performance for a website that is already optimized.  minification/compression can significantly improve website performance for a site that is poorly designed and poorly optimized for performance, but what that does is to put a band-aid on a website that needs to be redesigned and optimized for performance.  What should happen instead of using a band-aid such as minification/compression is to fix the website.

    What I recommend you do at this point is to do the BPS Pro troubleshooting steps to take BPS Pro out of the equation since I believe the root problem is going to be Cloudflare and any other things that you are using for minification/compression.  You definitely want to do troubleshooting step #3 just to eliminate BPS Pro or to prevent the BPS Pro Plugin Firewall from being broken while you fix all the other problems.  If something is breaking the BPS Pro Firewall then there will be additional problems that will make the root problem harder to find.  My money is on Cloudflare.  😉

    https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    Troubleshooting Steps Examples:  If you believe the issue/problem is being caused by the Plugin Firewall then just do Step 3.  If you believe the issue/problem is being caused by the Uploads Anti-Exploit Guard then just do Step 4.  If you believe the issue/problem could be caused by either the root .htaccess file or wp-admin .htaccess file or the Plugin Firewall .htaccess file then do steps 1, 2 and 3.  If you believe the issue/problem could be caused by Login Security then just do Step 6.  To eliminate BPS Pro entirely do all of these troubleshooting steps below.

    Note:  After doing each troubleshooting step, test whatever is not working to see if it is now working.  It could also be possible that 2 things are causing a problem.  Example scenario:  Doing step 1 and step 2 allow whatever was not working to start working.  That would mean both the root .htaccess file and the wp-admin .htaccess file are blocking something legitimate.

    1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
    2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.
    3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button.  See Plugin Firewall Test Mode Note.
    4. On the Security Modes page, click the UAEG BulletProof Mode Deactivate button.
    5. If an issue/problem is related to files being locked with F-Lock then unlock files on the F-Lock page.
    6. If an issue/problem is related to Login Security turn Off Login Security on the Login Security & Monitoring page.
    7. If an issue/problem is related to JTC Anti-Spam|Anti-Hacker turn Off JTC Anti-Spam|Anti-Hacker on all Forms by unchecking the Form checkboxes under the Enable|Disable JTC For These Forms option on the JTC Anti-Spam|Anti-Hacker page.
    8. If an issue/problem is related to a custom php.ini file (if you created a custom php.ini file for your website) rename it to php.ini.BAK
    9. If an issue/problem is related to files being autorestored and/or quarantined turn Off AutoRestore|Quarantine on the AutoRestore page. Note: If you are manually editing or uploading files to your website see the AutoRestore|Quarantine Manual File Editing/Uploading Correct Usage steps: https://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps

     

    #35963
    Hannah
    Participant

    Wouldn’t you know I was editing my last reply when you posted yours. I can see it’s Cloudflare, but all minification is turned off now. The browser console errors I just added to my last post seem to indicate the the MIME types of several scripts—the ones that are being affected, including BPS Pro—are based on PHP 5.6 but I have no idea how to change that. I’ll still do at least #3 in your post above and let you know how it works out.

    #35964
    AITpro Admin
    Keymaster

    Do not look at the error messages literally yet.  Those error messages have a common known fix, but if the error messages are being caused by something that is broken then you will go down the wrong path trying to do the fixes for those error messages.  I believe the error messages are a symptom of another problem and not what the literal error messages typically mean.  You need to completely get rid of Cloudflare first.  I don’t mean delete Cloudflare, although that is not a bad idea, and just mean – take Cloudflare out of the equation completely by any means necessary.  Cloudflare causes a wide variety of problems and the error messages you are seeing are most likely due to a problem with Cloudflare.  So you need to backtrack, get the site stabilized and then add Cloudflare last after everything else is working.  Personally if it were my site I would get rid of Cloudflare altogether.  😉

    #35965
    Hannah
    Participant

    Wow! Deactivating the Plugin firewall straightened out BPS Pro’s admin display immediately! Though the Setup Wizard Auto fix notice is still hanging  around. Cloudflare admin has reappeared. The Google Analytics chart is loading again and so is Yoast SEO  & Updraft admin. So, all minification being disabled, what does that mean and what more do I need to do?

    Added: Just saw your last message and will disable Cloudflare and remove the plugin.

    Right. We need CF SSL. What if I disable all caching and everything else and just use the SSL?

    #35966
    AITpro Admin
    Keymaster

    Ok so now you need to figure out what is breaking the BPS Pro Firewall.  When the BPS Pro Firewall is being broken by something else then that causes a whole new set of problems > ie snowball effect.  You can try running the Setup Wizard to see if it will fix the BPS Pro Firewall, but if the same problem occurs then deactivate it again and fix whatever is breaking the BPS Pro Firewall.

    No comment or opinions or suggestions regarding this > “What if I disable all caching and everything else and just use the SSL?”  You are going to have to figure out what works for you.

    #35967
    AITpro Admin
    Keymaster

    Maybe you need to whitelist the Cloudflare Proxy IP addresses in the Plugin Firewall?  You did that previously > https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/page/4/#post-33833 and it worked temporarily.  I assume that it only worked temporarily because you did not enter/add all of the Cloudflare IP addresses > https://forum.ait-pro.com/forums/topic/wordpress-social-login-403-error-unable-to-login/page/3/#post-35305

    #35972
    Hannah
    Participant

    Good morning,

    I got the site migration finalized and everything was working nicely when I ran the setup wizard. I forgot that it would turn on the plugin firewall. Now the site is down with 503 errors (front and back end). This includes the Xternal tool. How can I disable the plugin firewall without admin access and get the site back up? I did remove the .htaccess from the plugins folder but that didn’t do the trick.

    #35973
    AITpro Admin
    Keymaster

    Rename the /bulletproof-security/ plugin folder.
    Delete the Root htaccess file.
    Delete the /plugins/.htaccess file.
    Your site should be up at this point.
    Rename the /bulletproof-security/ plugin folder back to /bullletproof-security/
    Login into your site and check all BPS Custom Code text boxes for invalid htaccess code of htaccess code that needs to be added to Custom Code. ie maybe Cloudflare htaccess code?  Not really sure that Cloudflare requires these days, plus there are several different types of Cloudflare installations.  ie Cloudflare plugin, no Cloudflare plugin, DNS Cloudflare setup, etc etc etc.

Viewing 15 posts - 1 through 15 (of 16 total)
  • You must be logged in to reply to this topic.