Topic: Visual Composer – 403 error | BulletProof Security Forum

Visual Composer – 403 error

Tagged: 403 error, Visual Composer

This topic has 26 replies, 5 voices, and was last updated 7 years, 5 months ago by Matt Zahy.

Viewing 15 posts - 1 through 15 (of 27 total)

1 2 →

Author

Posts
September 24, 2015 at 5:59 pm #25256
hindssites
Participant
Visual Composer is the editor that I design pages with. BPS not only blocks the editor from making changes, but also gives me php error alerts. I turned off the Root Folder Bullet Proof Mode and that stopped the problem so at least I know what is causing the problem. Below is an example Security Log Alert and a PHP Error alert that I am getting:
```
[403 GET / HEAD Request: September 24, 2015 11:35 pm]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 50.67.13.228
Host Name: S0106e88d285787d7.vc.shawcable.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://mydomain.com/wp-admin/post.php?post=1199&action=edit
REQUEST_URI: /wp-content/plugins/js_composer/assets/js/params/css_editor.js?_=1443137469245
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
```
PHP Error
```
[13-Jun-2015 02:01:05 UTC] PHP Warning:  Invalid argument supplied for foreach() in /home/xxxxxxx/public_html/mydomain.com/wp-content/plugins/js_composer/include/classes/shortcodes/shortcodes.php on line 1005
```
September 24, 2015 at 6:14 pm #25258
AITpro Admin
Keymaster
UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

Probably requires both a wp-admin skip/bypass rule and a root skip/bypass rule:

1. Copy this wp-admin skip/bypass rule to this BPS wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
```
# post.php skip/bypass rule 
RewriteCond %{REQUEST_URI} (post\.php) [NC] 
RewriteRule . - [S=2]
```
2. Click the Save wp-admin Custom Code button.
3. Copy this root skip/bypass rule to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
```
# Plugin Name Here skip/bypass
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/js_composer/ [NC]
RewriteRule . - [S=13]
```
4. Click the Save Root Custom Code button.
5. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button and click the wp-admin BulletProof Mode Activate button.
September 26, 2015 at 8:22 pm #25312
hindssites
Participant

Thanks so much for the code to bypass the Visual Composer. It works perfectly.
September 27, 2015 at 7:17 am #25315
AITpro Admin
Keymaster

Great! Thanks for confirming it works.
September 29, 2015 at 1:23 am #25379
hindssites
Participant
It appears I spoke a bit early as I discovered that after applying your suggestion Bullet Proof Pro is still blocking parts of Visual Composer to work. To actually use the composer I have to disable the htaccess files. The latest log is the following:
```
[403 GET / HEAD Request: September 29, 2015 7:22 am]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 50.67.13.228
Host Name: S0106e88d285787d7.vc.shawcable.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://mydomain.com/wp-admin/post.php?post=1199&action=edit
REQUEST_URI: /wp-content/plugins/js_composer/assets/js/params/all.js?_=1443510688625
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
```
September 29, 2015 at 8:01 am #25381
AITpro Admin
Keymaster

Send a WordPress Administrator login to this site to info at ait-pro dot com. Include specific details on what to check/test. ie I go to X and click on X and X does/does not happen/error occurs.
September 30, 2015 at 9:11 am #25398
AITpro Admin
Keymaster
I found several coding mistakes in the wp-config.php file for this site. Please test things now and let me know if everything is working. If you would like for me to test things then I would need this information: “Include specific details on what to check/test. ie I go to X and click on X and X does/does not happen/error occurs.”

W3TC code was found in your wp-config.php file, but the W3TC plugin is not installed on this site. Deleted the old W3TC constant code from the wp-config.php file.
```
/** Enable W3 Total Cache */
define('WP_CACHE', true); // Added by W3 Total Cache
```
The FS_CHMOD_DIR and FS_CHMOD_FILE define constant code was added several times in your wp-config.php file and in the wrong locations in your wp-config.php file. That could definitely cause a wide range of intermittent problems. Removed all invalid code from the wp-config.php file.
December 11, 2015 at 2:22 pm #27225
MMBCB
Participant
[Topic has been merged into this relevant Topic]
My IP is showing up in the Security Log:
```
 [403 GET Request: December 11, 2015 - 4:16 pm]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: MY IP
Host Name: MY HOST (I think)
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://example.com
REQUEST_URI: /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=4.9
QUERY_STRING:
HTTP_USER_AGENT: MY MACHINE
```
I think this may be related, I just created a post (did not happen until I published) and one of the images uploaded shows up in the security log. It appears to be a data center that may be related to my website, so I am not sure if I should post the IP:
```
 [403 GET Request: December 11, 2015 - 6:02 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: XXX
Host Name: XXX (the exact same as REMOTE_ADDR)
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2015/12/Boston_Tea_Party-1.jpg
QUERY_STRING:
HTTP_USER_AGENT: Google-HTTP-Java-Client/1.17.0-rc (gzip)
```
December 11, 2015 at 3:22 pm #27230
AITpro Admin
Keymaster

@ MMBCB – See the solution in this same Forum Topic Reply above to fix the Visual Composer issue/problem: http://forum.ait-pro.com/forums/topic/visual-composer-blocked-by-bps-pro/#post-25258

The second Security Log entry shows that “java” is being blocked in the User Agent. See the solution here: http://forum.ait-pro.com/forums/topic/scoop-it-403-error/#post-2290
December 11, 2015 at 5:11 pm #27236
MMBCB
Participant

I performed both steps, what about this part “Older General Additional Info:” , I can’t tell for sure if it applies, I did not use it:
December 11, 2015 at 5:17 pm #27238
AITpro Admin
Keymaster

The “Older General Additional Info” was just older information about the issue/problem in that particular topic and does not apply to the new information in the forum topic.
December 12, 2015 at 10:45 am #27249
MMBCB
Participant
This appeared to fix the problem, but it has arisen again. I may have a JavaScript problem on the website as well that I am looking into (post sharing buttons not working as expected):
```
 [403 GET Request: December 12, 2015 - 1:25 pm]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: MY IP
Host Name: INTERNET PROVIDER
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://example.com/
REQUEST_URI: /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=4.9
QUERY_STRING:
HTTP_USER_AGENT: My Computer 
```
December 12, 2015 at 10:58 am #27250
AITpro Admin
Keymaster
If the problem came back that would have to mean something has/was changed and the code below no longer exists in your root htaccess file. Check your root htaccess file code on the htaccess File Editor tab page > Your Current Root htaccess File tab and make sure this code below exists in your root htaccess file.
```
# Plugin Name Here skip/bypass
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/js_composer/ [NC]
RewriteRule . - [S=13]
```
I assume you also added the wp-admin skip/bypass rule for post.php?
```
# post.php skip/bypass rule 
RewriteCond %{REQUEST_URI} (post\.php) [NC] 
RewriteRule . - [S=2]
```
December 12, 2015 at 11:26 am #27251
MMBCB
Participant

Apologies, intended to write that I checked the custom code before posting. Just looked at the .htaccess file and the skip/bypass code is indeed there.
December 12, 2015 at 11:38 am #27252
AITpro Admin
Keymaster

Ok, but just an FYI on the difference between Custom Code and the actual code in your htaccess files. Custom Code saves any custom htaccess code to your database when you click the “Save Custom Code” buttons. Activating Root BulletProof Modes grabs your saved custom code from your database and creates your custom code in your htaccess files.

I will need to login to your website to find out what the problem is on your website. Send a WordPress Administrator login to info at ait-pro dot com.
Author

Posts

Viewing 15 posts - 1 through 15 (of 27 total)

1 2 →

You must be logged in to reply to this topic.

BulletProof Security Forum

Visual Composer – 403 error

Search Forums

Topic Tags