The BPS Pro plugin has been deactivated on website

[AITpro Admin]

@ Jason – You could always check the last modified time of your backed up files or the date/timestamp of the nightly backups in your web host control panel.  Since the BPS email alerts are not actually a problem and are just letting you know who, what, where and when something occurred then this is just standard/normal BPS automated procedural functionality.  A similar automated BPS feature/functionality is that all BPS log files are automatically zipped, emailed to you and replaced with new blank log files when your log files reach their max size limit.

[Mj Wilson]

I also received this same email, tonight, and I had never seen it before.
I’ve read thru the comments here but can’t find the files being discussed, so therefore, can’t remove them.
After I got the email, and logged in to my site, I saw that BPS was “Active.”
I upgraded to WP 4.8.1 and “deactivated” and then “reactivated” BPS.
I am hoping that will work?

[AITpro Admin]

@ Mj Wilson – Since the BPS plugin was activated then you can disregard the email alert and do not need to do anything else.

[Mj Wilson]

Hello –
I just got this same error message, again, out of the blue. First time it happened was on 8/4 and now again on 8/10.
Mj

[AITpro Admin]

@ Mj Wilson – You should check whether someone else who has Administrator permissions to your website deactivated BPS or if your web host did something like migrated your website files or hosting account recently.  If neither of these things are the reason why you received the email alert then you should assume that BPS was deactivated intentionally by someone else for malicious reasons.

[Mj Wilson]

Hello again!
I just received yet another email – same thing.
After the first email today, I had gone in (as before), deactivated and then re-activated the plug in.
No one else has access to our site, our webhost hasn’t migrated files or our hosting account.
You said above: “you should assume that BPS was deactivated intentionally by someone else for malicious reasons.”
Isn’t this called “Bullet Proof Security?!”
What’s the point if someone is hacking it? (Which I don’t think is happening.)

update
Just got another email, one hour after the above one, that I reported.
How can the plug in be “deactivated” if it was “deactivated” an hour ago?

Thanks.

[bbmedia]

I have been getting the same error messages from a single WP install BPS Pro 13.2 version sporadically from one website for a month or so. No-one would deactivate it and there were no auto-installs for core or plugins on this site, and the emails are not sent when a plugin update is made anyway. I just deleted them and was waiting for a new version to fix this.

In terms of Bps Pro, I always Force Check and then do the update from the plugins page – and we had never removed this plugin since we started using it a couple of years ago. So for us I don’t see how it would be related to any other instance of BPS Pro and it’s not a Multisite version.

As of yesterday I disabled it and we appropriately started receiving these messages. Trying to fix another issue, I uninstalled it and reinstalled it. So far we haven’t received any, but they were sporadic before so we may get one out of the blue in a couple of days or a week – who knows.

[AITpro Admin]

The BPS and BPS Pro plugin deactivation check is located in the BPS and BPS Pro MU Tools must-use plugin file in the /wp-content/mu-plugins/ folder.  It is a static check (not a dynamic cron job check) that literally checks whether or not the BPS or BPS Pro plugin is deactivated every 5 minutes based on a timestamp.  If the BPS plugin is deactivated for 20 minutes then you would receive 4 email alerts during that 20 minute period.

The only issue that needed to be fixed that has already been fixed in BPS and BPS Pro was that when the BPS or BPS Pro plugin itself was upgraded by WP, 1 email alert was being sent since WP deactivates and deletes old plugin versions when upgrading a plugin version.  The fix for that was to add 5 minutes to the timestamp checking condition when the BPS or BPS Pro plugin upgrade is occurring.  It is possible that that upgrade conditional code may not update the timestamp in time in certain cases, but so far overall we only have a very small number of people reporting this – ie 2-6 people out of 1,000’s.

Similar causes for these types of problems and solutions & other possiblities:
The PHP server build/compile is fubar and is inconsistently processing PHP code – switching your PHP server version resolves these problems.  See your web host help pages for how to switch your PHP server version.
wp-admin backend area is being cached by something like cloudflare, incapsula or server-side caching – disabling/turning off wp-admin backend caching resolves these problems.  Important:  The wp-admin backend area should never be cached for any reason.
Mail server email looping problem – the same email is being resent randomly and repeatedly.  Normally emails are deleted from the mail server queue after they are sent, but if the email is not successfully deleted it will be resent randomly and repeatedly.
Mod Security secrule/secfilter may be interfering with the BPS MU tools conditional time check – not very likely, but possible.  Temporarily disable Mod Security for testing.
MySQL database server temporary hiccup/down/unable to connect briefly.
Web host is performing MySQL database maintenance or migration.
Web host is performing file maintenance or migration or server/website move, etc.

Other things to check:
The Server log files should be checked around the time the BPS email alerts are being sent to check for any suspicious or unusual activity.

Notes:  It is actually fairly common that a website/hosting account has been hacked for months or years before BPS or BPS Pro is installed.  After installing BPS or BPS Pro on a hacked website there are strange Security Log entries or email alerts that indicate the website was already hacked prior to installing BPS or BPS Pro.  BPS and BPS Pro are synonymous to a bank vault door.  If hackers have already hacked a website/hosting account prior to installing BPS or BPS Pro then they are already in the “bank vault”.  We have added a malware scanner in BPS 2.4 and BPS Pro 13.3 (no official release date yet) that will detect common hacker code patterns:  obfuscation/encryption/encoding.  Important Note:  If a hacker uses code that does not match any known obfuscation/encryption/encoding patterns then no scanner will ever be able to detect the code.  That is actually very common when someone installs a nulled/pirated plugin or theme.  The hacker adds code that looks and is completely “normal” and does not obfuscate, encrypt or encode the added hacker code so that it will intentionally not be detectable by any scanners.

Summary:
Someone should first check the logical causes stated above for the problem and then if a logical cause for the problem cannot be found then the next thing to eliminate would be that a website/hosting account is hacked.

[Jeff M]

[Topic merged into this relevant Topic]
Just got an email saying this:

The BPS plugin has been deactivated on website: http://onlinedegrees101.com. To stop these email alerts from being sent while BPS is deactivated, go to the WordPress Plugins page, click the Must-Use link, click the BPS MU Tools Disable BPS Folder|Deactivation Checks link. If you just upgraded BPS you can ignore this email alert.

I got a second email 9 minutes later with the same message.

I did not deactivate the plugin.
When I went to the site, the plugin was activated.
I use both the free and paid versions of this plugin.

Regards,

Jeff

[AITpro Admin]

@ Jeff M – You can disregard the email alert since BPS was activated on this site.  Typically when WP upgrades BPS or BPS Pro you will see this email alert.  We have attempted to prevent this email alert from being sent, but unfortunately the code that is supposed to prevent the email alert is deleted during BPS and BPS Pro upgrades.  We are still looking into other possible solutions.

[SwampFox]

Apparently we just recently started to receive these as well. MAKE IT STOP!

All of our customers are calling we don’t have the desire to go through each site and disable this feature. Do you have a universal remote for your plugin we can install?

[AITpro Admin]

@ SwampFox – Since the WordPress Plugins page is in the backend of a website then the checks and email notifications would need to be disabled on the Plugins page.  It would not be safe to do some sort of frontend remote thing.  The steps to disable the check and email notifications for the BPS free and BPS Pro plugins below are very similar.  You could either tell your customers the 2 steps below over the phone or you could have them do the steps in the email alert that is sent to them that has the steps to disable the checks and email alerts.

1. Go to the WordPress Plugins page > click the Must-Use link at the top of the Plugins page.
2. BPS Pro:  Click the disable link.  BPS free:  Click the BPS MU Tools Disable BPS Folder|Deactivation Checks link

BPS free email alert message sent:
“…To stop these email alerts from being sent while BPS is deactivated, go to the WordPress Plugins page, click the Must-Use link, click the BPS MU Tools Disable BPS Folder|Deactivation Checks link. If you just upgraded BPS you can ignore this email alert…”

BPS Pro email alert message sent:
“…To stop these email alerts from being sent while BPS Pro is deactivated, go to the WordPress Plugins page, click the Must-Use link, click the BPS Pro MU Tools Disable link. If you just upgraded BPS Pro you can ignore this email alert unless you continue to receive these email alerts every 5 minutes. If you continue to receive these email alerts, login to your website and run the BPS Pro Setup Wizard…”

[Author]

Posts