Home › Forums › BulletProof Security Pro › Visual Composer – 403 error
Tagged: 403 error, Visual Composer
- This topic has 26 replies, 5 voices, and was last updated 8 years, 2 months ago by Matt Zahy.
-
AuthorPosts
-
hindssitesParticipant
Visual Composer is the editor that I design pages with. BPS not only blocks the editor from making changes, but also gives me php error alerts. I turned off the Root Folder Bullet Proof Mode and that stopped the problem so at least I know what is causing the problem. Below is an example Security Log Alert and a PHP Error alert that I am getting:
[403 GET / HEAD Request: September 24, 2015 11:35 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 50.67.13.228 Host Name: S0106e88d285787d7.vc.shawcable.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://mydomain.com/wp-admin/post.php?post=1199&action=edit REQUEST_URI: /wp-content/plugins/js_composer/assets/js/params/css_editor.js?_=1443137469245 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
PHP Error
[13-Jun-2015 02:01:05 UTC] PHP Warning: Invalid argument supplied for foreach() in /home/xxxxxxx/public_html/mydomain.com/wp-content/plugins/js_composer/include/classes/shortcodes/shortcodes.php on line 1005
AITpro AdminKeymasterUPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.
Probably requires both a wp-admin skip/bypass rule and a root skip/bypass rule:
1. Copy this wp-admin skip/bypass rule to this BPS wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
# post.php skip/bypass rule RewriteCond %{REQUEST_URI} (post\.php) [NC] RewriteRule . - [S=2]
2. Click the Save wp-admin Custom Code button.
3. Copy this root skip/bypass rule to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES# Plugin Name Here skip/bypass RewriteCond %{REQUEST_URI} ^/wp-content/plugins/js_composer/ [NC] RewriteRule . - [S=13]
4. Click the Save Root Custom Code button.
5. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button and click the wp-admin BulletProof Mode Activate button.hindssitesParticipantThanks so much for the code to bypass the Visual Composer. It works perfectly.
AITpro AdminKeymasterGreat! Thanks for confirming it works.
hindssitesParticipantIt appears I spoke a bit early as I discovered that after applying your suggestion Bullet Proof Pro is still blocking parts of Visual Composer to work. To actually use the composer I have to disable the htaccess files. The latest log is the following:
[403 GET / HEAD Request: September 29, 2015 7:22 am] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 50.67.13.228 Host Name: S0106e88d285787d7.vc.shawcable.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://mydomain.com/wp-admin/post.php?post=1199&action=edit REQUEST_URI: /wp-content/plugins/js_composer/assets/js/params/all.js?_=1443510688625 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
AITpro AdminKeymasterSend a WordPress Administrator login to this site to info at ait-pro dot com. Include specific details on what to check/test. ie I go to X and click on X and X does/does not happen/error occurs.
AITpro AdminKeymasterI found several coding mistakes in the wp-config.php file for this site. Please test things now and let me know if everything is working. If you would like for me to test things then I would need this information: “Include specific details on what to check/test. ie I go to X and click on X and X does/does not happen/error occurs.”
W3TC code was found in your wp-config.php file, but the W3TC plugin is not installed on this site. Deleted the old W3TC constant code from the wp-config.php file.
/** Enable W3 Total Cache */ define('WP_CACHE', true); // Added by W3 Total Cache
The FS_CHMOD_DIR and FS_CHMOD_FILE define constant code was added several times in your wp-config.php file and in the wrong locations in your wp-config.php file. That could definitely cause a wide range of intermittent problems. Removed all invalid code from the wp-config.php file.
MMBCBParticipant[Topic has been merged into this relevant Topic]
My IP is showing up in the Security Log:[403 GET Request: December 11, 2015 - 4:16 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: MY IP Host Name: MY HOST (I think) SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://example.com REQUEST_URI: /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=4.9 QUERY_STRING: HTTP_USER_AGENT: MY MACHINE
I think this may be related, I just created a post (did not happen until I published) and one of the images uploaded shows up in the security log. It appears to be a data center that may be related to my website, so I am not sure if I should post the IP:
[403 GET Request: December 11, 2015 - 6:02 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: XXX Host Name: XXX (the exact same as REMOTE_ADDR) SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2015/12/Boston_Tea_Party-1.jpg QUERY_STRING: HTTP_USER_AGENT: Google-HTTP-Java-Client/1.17.0-rc (gzip)
AITpro AdminKeymaster@ MMBCB – See the solution in this same Forum Topic Reply above to fix the Visual Composer issue/problem: http://forum.ait-pro.com/forums/topic/visual-composer-blocked-by-bps-pro/#post-25258
The second Security Log entry shows that “java” is being blocked in the User Agent. See the solution here: http://forum.ait-pro.com/forums/topic/scoop-it-403-error/#post-2290
MMBCBParticipantI performed both steps, what about this part “Older General Additional Info:” , I can’t tell for sure if it applies, I did not use it:
AITpro AdminKeymasterThe “Older General Additional Info” was just older information about the issue/problem in that particular topic and does not apply to the new information in the forum topic.
MMBCBParticipantThis appeared to fix the problem, but it has arisen again. I may have a JavaScript problem on the website as well that I am looking into (post sharing buttons not working as expected):
[403 GET Request: December 12, 2015 - 1:25 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: MY IP Host Name: INTERNET PROVIDER SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://example.com/ REQUEST_URI: /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=4.9 QUERY_STRING: HTTP_USER_AGENT: My Computer
AITpro AdminKeymasterIf the problem came back that would have to mean something has/was changed and the code below no longer exists in your root htaccess file. Check your root htaccess file code on the htaccess File Editor tab page > Your Current Root htaccess File tab and make sure this code below exists in your root htaccess file.
# Plugin Name Here skip/bypass RewriteCond %{REQUEST_URI} ^/wp-content/plugins/js_composer/ [NC] RewriteRule . - [S=13]
I assume you also added the wp-admin skip/bypass rule for post.php?
# post.php skip/bypass rule RewriteCond %{REQUEST_URI} (post\.php) [NC] RewriteRule . - [S=2]
MMBCBParticipantApologies, intended to write that I checked the custom code before posting. Just looked at the .htaccess file and the skip/bypass code is indeed there.
AITpro AdminKeymasterOk, but just an FYI on the difference between Custom Code and the actual code in your htaccess files. Custom Code saves any custom htaccess code to your database when you click the “Save Custom Code” buttons. Activating Root BulletProof Modes grabs your saved custom code from your database and creates your custom code in your htaccess files.
I will need to login to your website to find out what the problem is on your website. Send a WordPress Administrator login to info at ait-pro dot com.
-
AuthorPosts
- You must be logged in to reply to this topic.