Home › Forums › BulletProof Security Pro › WooCommerce Social Login – facebook login connect 403 error
Tagged: facebook connect, facebook login, Social Login, WooCommerce
- This topic has 16 replies, 2 voices, and was last updated 10 years, 8 months ago by nigeyv.
-
AuthorPosts
-
nigeyvParticipant
Hi
On my site – sportsclubhouses.com I am running BPS Pro with woocommerce and I have just installed a woocommerce social login plugin.
If you visit the site you will see the ‘my account’ in the top right hand corner. click that and you will see the option to login via facebook. If you click ‘facebook icon’ you get a 403 error.
I have contacted the social login plugin developers and they asked that I enable php sessions and curl through my host. My host have done this and suggested that this might be a BPS 403 error page and so the problem may lie there.
Any advice would be gratefully received.
Regards
Nigel
nigeyvParticipantJust to add. I have tried disabling the BPS plugin and the 403 reposnse to the social login remains.
Nigel
AITpro AdminKeymasterBPS is not designed like a typical WordPress plugin. BPS is very advanced and has built-in troubleshooting capabilities that allow you to turn off/deactivate all security features and options for troubleshooting. Deactivating/Deleting the BPS plugin is not the correct way to troubleshoot issues/problems since you will no longer be able to use the built-in troubleshooting capabilities/features. The link below has BPS Pro troubleshooting procedures.
http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
The other very important troubleshooting tool in BPS Pro is the Security Log. It does not only log blocked hackers, spammers, etc it also logs any HTTP errors when BPS Pro is blocking something in another plugin typically due to the plugin simulating a hacking attempt against your website. Post the Security Log error directly related to this plugin that you will find in your BPS Pro Security Log.
I checked your site and see why the facebook connect feature is being blocked by BPS Pro. It is simulating an RFI hacking attempt against your website.
sportsclubhouses.com/wp-login.php?social_login=1&social_network=facebook&next=http://sportsclubhouses.com/my-account/
To whitelist this and allow this on your website try this first:
1. Copy this code below to this BPS Pro Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES: Add personal plugin/theme skip/bypass rules here
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# Social plugin name ???? facebook connect skip/bypass rule RewriteCond %{QUERY_STRING} social_login=1&social_network=facebook(.*) [NC] RewriteRule . - [S=13]
nigeyvParticipantBPS is truly an amazing plugin and the assistance provided through these forums is outstanding too.
Having followed the steps above the 403 error page has gone, to be replaced by the facebook login page, which is excellent.
However once the facebook login details are entered I am redirected to the following which is a blank page and the user account is not created.
Do you think that I am now back to the social_login developers for some assistance?
Very grateful, many thanks
Nigel
sportsclubhouses.com/wp-content/plugins/woocommerce-social-login/library/?hauth.done=Facebook&code=AQDXsx6zJAUmooNNAYoh6NT5myp2lQ2pveb97EttJgDle12sOpmV371Bz579rP9oo42kGO5ZPnt0Rz-5uTL-Qv7ZpNnGFPL-DUh5xNN-C85zMesXc0u-W7dryBdJZu_rMTmf2xb8kOS8X8AxIiVQBkYXyD81-CeAv-yA5JXK-JphcLv7YxuQji-2T70vieP8MbwDJG2oKNQos-nrqfYjEiNIGJ08kZNeW0J2aaXSsYCu-191iGhAT14-JdG-ejoGMu7166AyO9pB8dibTo9whNu5QYv9q0qwSE7ykCleM-NqDtR0ruIlflFt-8WJft4sYPk&state=4a9f03afa2b6550bc6c4da6983cefdd9#_ =_
AITpro AdminKeymasterI don’t think this is a Plugin Firewall issue or root .htaccess file problem since you are not seeing a 403 Error.
Do these standard BPS Pro troubleshooting steps: 1, 2 and 3 to determine if this issue/problem is being caused by BPS Pro or not.
BPS Pro Troubleshooting Steps Source: http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button.If the problem is still occurring then it is not being caused by BPS. After testing is completed – Activate BulletProof Modes again.
nigeyvParticipantOK, all done as above and the same error is occurring. I will seek guidance from the social login developers from here.
Many thanks.
NigelAITpro AdminKeymasterYep, thanks for confirming this. My hunch is this is going to an API Key/app ID thing. Typically facebook connection plugins require some sort of key or ID to complete the connection.
I did a Google search and found this issue in several posts. WooCommerce Facebook Login Checkout was installed and activated. Apparently there is some sort of conflict since WooCommerce Social Login uses WooCommerce hooks.
nigeyvParticipantHi
Season’s Greetings.
I had to leave this issue to concentrate on other areas of work. Having returned to it this week as my client is keen to get the social login working I find the situation remains.
I have two sites which are effectively identical in structure. Both sites are running BPS Pro and both have the social login plugin activated.
1. On sportsclubhouses.com I have BPS Pro fully enabled and I find that when I try to use the social login on the “my account” page (link at top right of home page) I get the 403 Error page as per my post at the top of this chain on 5/9/13.
2. On dl4040.niverr.com I have BPS Pro installed but with the settings as you described at the entry at September 5, 2013 at 3:31 pm above and the social login plugin works.
Both sites have the code as suggested by you at September 5, 2013 at 9:51 am installed.
As the difference between the working install and the not working install appears to be the BPS Pro settings it would appear that this is where the problem lies?
I would be grateful for any advice.
Kind regards
Nigel
AITpro AdminKeymasterCheck the BPS Pro Security Log and post any new security log entries that are directly related to the Woocommerce plugin.
AITpro AdminKeymasterWhen I check the sportsclubhouses.com website and use the Google Chrome Javascript Console these are the issues/problems that are displayed. These errors/issues/problems do not appear to be related to or caused by BPS Pro. What I assume is happening is that you have additional problems on the sportsclubhouses.com website that you do not have on the other site that is working.
These are the errors/issues/problems with the woocommerce facebook plugin.
Invalid App Id: Must be a number or numeric string representing the application id. all.js:56 The "fb-root" div has not been created, auto-creating all.js:56 FB.getLoginStatus() called before calling FB.init(). all.js:56
These are other non-related errors that are displayed.
event.returnValue is deprecated. Please use the standard event.preventDefault() instead. Uncaught TypeError: Object function a(e){if(!e)return;var t,r,i,o;n.apply(this,[e]),t=this.params(),r=t.size||this.dataAttr("size"),i=t.showScreenName||this.dataAttr("show-screen-name"),o=t.count||this.dataAttr("count"),this.classAttr.push("twitter-follow-button"),this.showScreenName=i!="false",this.showCount=t.showCount!==!1&&this.dataAttr("show-count")!="false",o=="none"&&(this.showCount=!1),this.explicitWidth=t.width||this.dataAttr("width")||"",this.screenName=t.screen_name||t.screenName||s.screenName(this.attr("href")),this.preview=t.preview||this.dataAttr("preview")||"",this.align=t.align||this.dataAttr("align")||"",this.size=r=="large"?"l":"m"} has no method 'init' widgets.js:45 TWITTER: Content Security Policy restrictions may be applied to your site. Add <meta name="twitter:widgets:csp" content="on"> to supress this warning. undefined undefined undefined undefined widgets.js:9 TWITTER: Please note: Not all embedded timeline and embedded Tweet functionality is supported when CSP is applied. undefined undefined undefined undefined widgets.js:9
AITpro AdminKeymasterActually these same errors are occurring on both sites so apparently even though these errors are occurring they are non-critical errors since the dl4040.niverr.com site is successfully able to communicate with facebook.
Check the BPS Pro Security Log on the sportsclubhouses.com website and post any new security log entries that are directly related to the Woocommerce facebook plugin.
nigeyvParticipantHi
These are the two most recent entries in that log relating to the plugin:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged – December 30, 2013 7:07 am <<<<<<<<<<< REMOTE_ADDR: 86.181.212.234 Host Name: host86-181-212-234.range86-181.btcentralplus.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-login.php?social_login_done=1&social_network=facebook&next=http://sportsclubhouses.com/my-account/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 >>>>>>>>>>> 403 GET or HEAD Request Error Logged – December 30, 2013 7:27 am <<<<<<<<<<< REMOTE_ADDR: 86.181.212.234 Host Name: host86-181-212-234.range86-181.btcentralplus.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://sportsclubhouses.com/my-account/ REQUEST_URI: /wp-login.php?social_login_done=1&social_network=facebook&next=http://sportsclubhouses.com/my-account/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
AITpro AdminKeymasterOk it looks like Regular Expressions code is needed to whitelist 2 different facebook query strings.
social_login=1&social_network=facebook social_login_done=1&social_network=facebook
1. Edit this code below in this BPS Pro Custom Code text box: Change this skip/bypass rule…
# Woocommerce facebook connect skip/bypass rule RewriteCond %{QUERY_STRING} social_login=1&social_network=facebook(.*) [NC] RewriteRule . - [S=13]
…to this…
# Woocommerce facebook connect skip/bypass rule RewriteCond %{QUERY_STRING} social_login(.*)&social_network=facebook(.*) [NC] RewriteRule . - [S=13]
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.AITpro AdminKeymasterYou may need to add an additional skip/bypass rule for the WooCommerce Social Login plugin if the skip/bypass rule above does not work by itself.
# Woocommerce facebook connect skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/woocommerce-social-login/ [NC] RewriteRule . - [S=14] # Woocommerce facebook connect skip/bypass rule RewriteCond %{QUERY_STRING} social_login(.*)&social_network=facebook(.*) [NC] RewriteRule . - [S=13]
nigeyvParticipantHi
Thanks for your swift response with this. I think I am getting somewhere now. Both sites are reacting differently to the social login plugin although one is a clone of the other.
On Sportsclubhouses.com I have inserted the code you suggested above and things seem to be getting better, except that when I try to use the social login on a Mac the page hangs on this url with just white space:
http://sportsclubhouses.com/wp-login.php?social_login=1&social_network=facebook&next=http://sportsclubhouses.com/my-account/#_=_v
but it does this whether BPS Pro is on or off as per your instructions at September 5, 2013 at 3:31 pm. So I guess from this point it is not a BPS Pro issue.
The social login on DL4040.niverr.com is working fine with BPS Pro activated on the PC and the Mac, so I don’t know why the hang on the Mac occurs for sportsclubhouses.com. Everything else looks great so far.
Thanks again
Nigel
-
AuthorPosts
- You must be logged in to reply to this topic.