Home › Forums › BulletProof Security Pro › WordPress Social Login – 403 error, unable to login
Tagged: 403 error, unable to login, WordPress Social Login
- This topic has 45 replies, 4 voices, and was last updated 6 years, 2 months ago by AITpro Admin.
-
AuthorPosts
-
AWParticipant
Hi BPS,
I read and follow the instruction give by BPS: My WordPress Social Login works like a charm! However, there’s some security advice from BPS as below:
The htaccess file that is activated in your root folder is:
BULLETPROOF PRO 11.4 SECURE .HTACCESS√ wp-config.php is htaccess protected by BPS
√ php.ini and php5.ini are htaccess protected by BPS</span>√ Deny All protection activated for BPS Master /htaccess folder
√ Deny All protection activated for /wp-content/bps-backup folderERROR: An htaccess file was NOT found in your wp-admin folder.
BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.The htaccess file that is activated in your plugins folder is:
BULLETPROOF PRO .HTACCESS PLUGIN FIREWALLThe htaccess file that is activated in your uploads folder is:
BULLETPROOF PRO UPLOADS FOLDER .HTACCESSShould I activate the:Activate Plugin Firewall BulletProof Mode Looking forward for your reply.
Regards,
Alex WongAITpro AdminKeymasterActivate wp-admin BulletProof Mode and let me know if the WordPress Social Login plugin problem happens again.
AWParticipantHi BPS,
Thanks for your reply. Yes, WP Social Login does not work with BPS. I changed to accesspress social login and it works like a charm! Thanks.
AWParticipantHello BPS,
🙂
What a joke that I came back to the same issue that i wrote last time.
Previously I did mentioned that WordPress Social Login does not work on my side and I replace it with accesspress social login and solve the case.
Well, for now… now i insist to use WordPress Social Login. I installed it on my website, and it works on desktop ( login via fb/gmail/twitter )
However, when i try to login via mobile phone. . . it does not work . It tries to connect to google(example login with google) and return the page error 404 with the url below
http://yourdomain.com/wp-content/plugins/wordpress-social-login/hybridauth/?hauth.start=Google&hauth.time=1516440480
What I did is, I Deactivate the ” Plugin Firewall BulletProof Mode (PFW) ” …. then i try to login via social media on mobile. It works!
So the trick is something to do to whitelist this plugin ?
Please guide, thanks man.Regards,
AlexAWParticipantRead a lil bit of the WordPress Social Login guide on errors
The full link : http://miled.github.io/wordpress-social-login/troubleshooting.html
It says:
404, or 403 HTTP Error.
This issue usually happen when :- There is a .htaccess file who prevent direct access to the WordPress plugins directory.
- Your web host uses mod_security to block requests containing URLs (eg. hosts like HostGator, GoDaddy and The Planet).
In any of these two cases, WSL requires this url to be white-listed:
wp-content/plugins/wordpress-social-login/hybridauth/
I am using hostgator, and i think the mod_security is off ( I could edit custom code in BPS and save it without any error ).
I tried to add the:
wp-content/plugins/wordpress-social-login/hybridauth/
into Plugins Script|File Whitelist Text Area
Save Whitelist Option and the Activate it.
Then try to login via mobile using the social network (FB,Gmail,Twitter) . . . Still return error page 404AITpro AdminKeymaster@ AW – wp-content/plugins/wordpress-social-login/hybridauth/ is not a valid Plugin Firewall whitelist rule. Plugin Firewall whitelist rules use this format: /plugin-folder-name/plugin-script-name.php (or js). Check your BPS Security Log file for any Security Log entries that show what is being blocked when logging into your site with a mobile device and post that Security Log entry. Are you using a plugin or theme to make your site mobile friendly? What is the URL to this website?
AWParticipantHello bps,
Thanks for the info about the url is not a valid plugin firewall list.
Search the security log, and i think should be this one:
- I am using Wp Fastest Cache and unchecked cache for mobile user.
- Login Logout plugin
- I am using autoptimized too, it does not block the js for Desktop login via WordPress Social Login. Login via Social using Desktop is perfect.
- I did not use any mobile theme, just the original theme
- Website : maincuisine.com
- I did wrote some functions in my child theme as below, So you would need to click the login in the front page. As if you go to wp-admin/wp-login it will redirect you to the front page
add_action( 'init', 'blockusers_init' ); function blockusers_init() { if ( is_admin() && ! current_user_can( 'administrator' ) && ! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) { wp_redirect( home_url( '/questions' )); exit; } }
Security Log
[403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.233.173.16 Host Name: google-proxy-64-233-173-16.google.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-accordion.js?ver=13.4 QUERY_STRING: ver=13.4 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.233.173.17 Host Name: google-proxy-64-233-173-17.google.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=13.4 QUERY_STRING: ver=13.4 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 172.68.144.75 Host Name: 172.68.144.75 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4 QUERY_STRING: ver=13.4 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 172.68.144.237 Host Name: 172.68.144.237 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/td-social-counter/js/td_social_counter.js?ver=4.9.2 QUERY_STRING: ver=4.9.2 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.233.173.16 Host Name: google-proxy-64-233-173-16.google.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/wp-fastest-cache/js/toolbar.js?ver=1516450920 QUERY_STRING: ver=1516450920 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 172.68.144.171 Host Name: 172.68.144.171 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/autoptimize/classes/static/toolbar.js?ver=1516450920 QUERY_STRING: ver=1516450920 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.233.173.15 Host Name: google-proxy-64-233-173-15.google.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/wp-fastest-cache/js/column.js?ver=1516450920 QUERY_STRING: ver=1516450920 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 172.68.146.10 Host Name: 172.68.146.10 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/login-logout-register-menu/admin/js/login-logout-register-menu-admin.js?ver=1.0 QUERY_STRING: ver=1.0 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.233.173.15 Host Name: google-proxy-64-233-173-15.google.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/td-composer/assets/js/js_files_for_wp_admin.min.js?ver=__td_aurora_deploy_version__ QUERY_STRING: ver=__td_aurora_deploy_version__ HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 183.171.180.161 Host Name: 183.171.180.161 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-accordion.js?ver=13.4 QUERY_STRING: ver=13.4 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.233.173.15 Host Name: google-proxy-64-233-173-15.google.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=13.4 QUERY_STRING: ver=13.4 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 183.171.180.161 Host Name: 183.171.180.161 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security/admin/security-log/security-log.php REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=13.4 QUERY_STRING: ver=13.4 HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 [403 GET Request: January 20, 2018 - 8:22 pm] BPS Pro: 13.4 WP: 4.9.2 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 66.249.82.113 Host Name: google-proxy-66-249-82-113.google.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: for=183.171.182.97 HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://maincuisine.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php REQUEST_URI: /wp-content/plugins/td-composer/assets/js/js_files_for_wp_admin.min.js?ver=__td_aurora_deploy_version__ QUERY_STRING: ver=__td_aurora_deploy_version__ HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0; CAM-L21 Build/HUAWEICAM-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36
AITpro AdminKeymaster@ AW – The Security Log entries indicate that the BPS Pro Plugin Firewall is being broken by something. I checked your site and you are using minification/compression with the Autooptimize plugin. Minification/Compression breaks the BPS Pro Plugin Firewall. So you will either need to keep the BPS Pro Plugin Firewall deactivated and not use it or do not use minification/compression with the Autooptomize plugin.
Plugin Firewall – Read Me First Troubleshooting forum topic
https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/List of common things that can break the Plugin Firewall and cause various secondary issues|problems
Minify Plugins: If you are using a Minify plugin then you will probably not see Security Log entries / alerts. Most if not all minifying plugins allow you to choose to exclude plugin scripts that you do not want to minify. If you want to use the BPS Pro Plugin Firewall then you can choose not to minify particular plugin scripts so that you can use both minifying and the Plugin Firewall together. It is recommended that you turn Off/deactivate minifying to get the plugin scripts that need to be whitelisted in the Plugin Firewall. After you have added those plugin scripts to your Plugin Firewall whitelist you can then exclude those same plugin scripts from being minified in your minify plugin and turn On/activate your Minify plugin. Note: If you are using a Minify plugin and you do not want to exclude any js plugin scripts then you CANNOT use the Plugin Firewall due to the way plugin scripts are minified. You cannot add plugin scripts manually or whitelist the Minify plugin’s folder or use the Plugin Override tool either due to the way the true origin of the plugin scripts are combined / minified. The Plugin Firewall is completely optional – you can turn it On or Off.
Also your
! current_user_can( 'administrator' )
code condition is not valid > see this WP Ticket for an explanation > https://core.trac.wordpress.org/ticket/22624. You should be using an Administrator capability and not a Role in that condition. Example:! current_user_can( 'manage_options' )
is a capability that only Administrators have.WordPress Codex Reference for Roles and Capabilities:
https://codex.wordpress.org/Roles_and_CapabilitiesAWParticipantGood day @bps!
Seriously, thanks for your extra effort in this matter!
Thanks for providing extra mile information about the roles mistake that I did 🙂 . Read and tune it accordingly. Still long way to learn and it is awesome learning it everyday !
About the issue of WordPress Social Login ( SOLVED!! )
How? > i deactivated the Plugin Firewall functions, and it works like a charm in mobile login via social network
**Q: am i still safe when the Plugin Firewall deactivated? even the article you wrote said its completely optional. Is there any vulnerabilities ?
** I will still be using the autoptimize, as it speeds up the website in an easy way tho:)
In your advise, You recommend me to off the Autoptimize and let the Plugin Firewall runs on autopilot for some time, then copy js from the whitelist area and exclude it in Autoptimize. Do you reckon me to do this way so the Plugin Firewall will be able to Activate?
Oh ya, yesterday I chat with my hosting too while seeking for solutions regarding the WordPress Social Login. I found out that the mod_security from hosting is on and I am not able to OFF it as due to hosting package capabilities. I did inquire them to whitelist the [ wp-content/plugins/wordpress-social-login/hybridauth/ ].
So Now i dont think it is necessary for them to whitelist it anymore since the WordPress Social Login was stop by BPS Plugin Firewall. Am i right?
Regards,
AlexAITpro AdminKeymaster@ AW – BPS Pro Plugin Firewall will not work correctly if minification/compression is used. Minification/compression changes the normal plugin and theme script names and file paths and combines them into a new file. Unfortunately, the new file that is created by all minification/compression plugins cannot be whitelisted in the Plugin Firewall. So basically your only two options are: Do not minify/compress js or php files in the Autooptimize plugin by choosing settings to turn off/not use minification/compression in the Autooptimize plugin settings or turn off/deactivate the BPS Pro Plugin Firewall. There are not any other options besides these two.
We have tested minification/compression on all of our websites/our web host and it did not increase website performance at all. That may be different for your website/web host. My recommendation is to turn off Autooptimize minification/compression for js and php files.
The Plugin Firewall blocks external access to your WP /plugins/ folder. So if you deactivate the Plugin Firewall than anyone can probe your /plugins/ folder looking for certain plugins, etc. Note: If all of your plugins are safe/not exploitable/do not contain any security vulnerabilities then it is fine to leave the Plugin Firewall turned off/deactivated.
If the WordPress Social Login plugin is working then you do not need to do anything with Mod Security. You would choose one of the two options that I explained above.
AWParticipantHello,
Thanks for briefly explanation. After read about it, i am more concern and prioritize on security issue.
I choose to Activate Plugin Firewall.
Here with I attached 2 photos of the Disable Autoptimize settings.
http://www.screencast.com/t/lv4N9ORfs
http://www.screencast.com/t/CCqAhMJ1Now I only use Optimize HTML code and CSS, would that be okay and can the Plugin Firewall enable?
## Addition, my client going to purchase your BPS within these week or 2.. they ask ..
- question, is xmlrpc.php viewable and not block, does it bring any threat?
- question, if wp-json/wp/v2/users/ is not block, does it bring any threat?
Looking forward for your guide on Plugin Whitelist and Autoptimze setting. And my client presale questions
Thanks.
Regards,
AlexAITpro AdminKeymaster@ AW – I rechecked your site and see the plugin js script paths are now displayed normally in your website page Source Code so yes you can turn on/activate the Plugin Firewall. I recommend that you use Plugin Firewall Test Mode to quickly check and automatically get and create any needed Plugin Firewall whitelist rules. See help info below.
Plugin Firewall Test Mode
Clicking the Test Mode button will allow you to check the frontend of your website as if you are visitor to your website to check for any problems or errors. You do not need to check the backend wp-admin Dashboard of your site. AutoPilot Mode is also enabled when you are in Test Mode. Plugin Firewall AutoPilot Mode will automatically create any new Plugin Firewall whitelist rules (once every 1 minute in Test Mode) for frontloading plugin scripts on the frontend of your website while Test Mode is turned On. Clicking the Plugin Firewall Activate or Deactivate button turns Off Plugin Firewall Test Mode. The BPS Pro Dashboard Status Display will display: PFW: Test Mode : 1 Min : 00:00 AM when Test Mode is turned On.Plugin Firewall Test Mode Example Usage:
If you have these example plugins installed: WooCommerce, NextGen Gallery and Contact Form 7 then you would visit/click your main WooCommerce store pages: Shop, Cart, Checkout, Registration and My Account, visit/click you NextGen Gallery page and visit/click your Contact Form 7 contact page/form. If you do see a problem or error, wait 1 minute and check the problem or error again. AutoPilot Mode/Test Mode is designed to automatically create new Plugin Firewall whitelist rules for any problems or errors that are detected when the next Plugin Firewall AutoPilot Mode Cron job runs (once every 1 minute in Test Mode). You can also check the actual functionality of plugins, but normally that should not be necessary to do. After you are done using Test Mode, you can either leave the AutoPilot Mode Cron Check Frequency setting to 1 minute or you can change the Cron Check Frequency to a different Cron check frequency setting.xmlrpc is not blocked by default. If someone wants to protect or block xmlrpc they would need to add this BPS Bonus Custom Code: https://forum.ait-pro.com/forums/topic/wordpress-xml-rpc-ddos-protection-protect-xmlrpc-php-block-xmlrpc-php-forbid-xmlrpc-php/
WP JSON is not blocked by default. If someone wants to protect or block WP JSON requests they would need to add this BPS Bonus Custom Code: https://forum.ait-pro.com/forums/topic/wp-rest-api-block-json-requests-to-users-comments-routes/
AWParticipantHi bps,
I took your advise, totally removed the autoptimized since it didn speed up much and i could not on Plugin Firewall.
I am running on Plugin Firewall Autopilot Mode now.
Some plugins does not function ( wordpress social login ). Understand that need to recheck again later on as its running auto cron check on every 1 min.
I have a question, I had disable the Wp cron job, how can the 1 min cron runs?
I set the real cron job in cpanel to run every 20 mins, so now what i need to do is go to front end and click whatever that involved with plugins and BPS will keep a record and pump in the data when the Real cron job hit?
AWParticipantsorry…its Plugin Firewall Test Mode…running now. While waiting plugins to be whitelist on the upcoming cron
AITpro AdminKeymaster@ AW – Yes, if you have disabled WP Standard Crons then you will need to wait until your direct Cron runs every 20 minutes. You may want to consider changing direct Cron runs to every 10 minutes or just not disable WP Standard Crons. WP Standard Crons do not use much memory/resources unless you have a VPS or Dedicated hosted server. VPS and Dedicated host servers are very memory/resource intensive in general.
-
AuthorPosts
- You must be logged in to reply to this topic.