Wp-admin 403 forbidden after Bluehost installed endurance-page-cache

Home Forums BulletProof Security Pro Wp-admin 403 forbidden after Bluehost installed endurance-page-cache

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #32892
    MP
    Participant

    I am using BPS security pro for long time, excellent all rounder security plugins. Recently my host installed endurance-page-cache and i can’t access wp-admin page. Tried disabling endurance by renaming/deleting it from mu-plugins but no luck. Disabling BPS pro i can get wp-admin page.

    Message shows by browser :

    mydomain.net 403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your browser’s back button…
    IP Address : xxx.xxx.xxx.xxx

    #32896
    AITpro Admin
    Keymaster

    How did you “disable” BPS Pro?  ie rename the /bulletproof-security/ plugin folder or something else?  I assume the problem that is occurring is an infinite redirect loop problem.  See this forum topic: https://forum.ait-pro.com/forums/topic/endurance-page-cache-infinite-redirect-loop-css-and-js-broken/ for the steps to setup the EPC must-use plugin with BPS.

    #32897
    MP
    Participant

    Yes, renamed /bulletproof-security/ plugin folder. Tried your suggested forum topic, add those code to CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE but no luck. Even logged in after disabling BPS pro and followed your instruction, i can’t logged out from dashboard. FYI, i am using your cache code in CUSTOM CODE TOP PHP/PHP.INI HANDLER. I bought BPS pro and was happy using it but EPC is really bugging me. Would appreciate it if you can send me any email where i can send you my site link (i don’t want to post publically my site link) and cheek where i was making mistakes ? Thanks in advance.

     

    #32898
    AITpro Admin
    Keymaster

    Yeah, it sounds there is some sort of direct conflict going on.  We tested EPC plugin version 0.4 so maybe this is a new problem with a new version of the EPC plugin?  Send the WP Administrator login to:  info at ait-pro dot com.

    #32899
    AITpro Admin
    Keymaster

    Oh and I will also need an FTP login too since I will need to rename the /bulletproof-security/ plugin folder as well to figure out what the problem is.

    #32908
    MP
    Participant

    wp-admin & ftp login credential i will send. EPC plugin version i am not sure, but i have contacted BH tech support, they told EPC plugin they have disabled for my account. They also have tried “disabling BPS”, prepare a new basic .htaccess, after that i can log in. While logged in, i then activate BPS, check thoroughly if there is any existing EPC code in .htaccess. I also renamed EPC in mu-plugins folder. Technically EPC is disable everywhere, but still i can’t login or logout. Log-out shows this url with 403

    http://www.mydomain.net/wp-login.php?action=logout&_wpnonce=eaeb6b7c98&redirect_to=http%3A%2F%2Fwww.mydomain.net%2Fwp-admin%2Findex.php%3Floggedout%3Dtrue

    #32909
    MP
    Participant

    I already sent what you asked

    #32910
    AITpro Admin
    Keymaster

    The problem was caused by this htaccess code in your Root htaccess file because your particular host server uses Server Protocol HTTP/1.0. So you cannot use any of this htaccess code on your host server. I have deleted all of this custom htaccess code from the BPS Root Custom Code text boxes. I also reran the Setup Wizard on your website.

    # BRUTE FORCE LOGIN PAGE PROTECTION
    # Protects the Login page from SpamBots & Proxies
    # that use Server Protocol HTTP/1.0 or a blank User Agent
    RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
    RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ - [F,L]
    
    # Universal Anti-Spam 3
    # Redirect by HTTP/1.0 to /spam-prevention page
    RewriteCond %{REQUEST_URI} ^(/register|/activate/|wp-login\.php)$
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    
    # Universal Anti-Spam 4
    # Redirect by HTTP/1.0 & Referer to /spam-prevention page
    RewriteCond %{REQUEST_URI} ^(/register|/activate/|wp-login\.php)$
    RewriteCond %{HTTP_REFERER} !^.*example.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]

    additional things done:
    created ARQ single file exclude rules for these files:
    /home5/xxxxx/public_html/error_log
    /home5/xxxxx/public_html/wp-admin/error_log

    #32911
    MP
    Participant

    A massive thank you for your swift troubleshooting & fix. As always AITpro & your team are a cut above the rest. Thank you.

    #33243
    MP
    Participant

    Need help from AITpro. Recently i have shifted my hosting to another provider. They have migrated smoothly. While i tried to run BPS Pro Preinstallation wizard + setup wizard for new environment, it just get locked. Then i need to rename BPS folder + httaccess to login wp-admin panel. I believe something is conflicting. Site is now running without protection, please assist.

     

     

    #33244
    AITpro Admin
    Keymaster

    I received your email with FTP and WP Admin login to your site and will be logging into your site now to figure out the issue/problem.

    Update: Various problems found and fixed. BPS Pro is successfully setup without any issues or problems on this new host.

    #33245
    MP
    Participant

    No image is loading, jpg, gif, ico, even no icon. Site loading without images & slider. Help, please.

    #33246
    AITpro Admin
    Keymaster

    Yes, I saw the same problem and fixed that problem by removing an invalid line of code in your HotLink Protection code, which was only allowing 1 IP address to view all/any images on your website.  Go to BPS Root Custom Code, remove your entire HotLink Protection htaccess code from Custom Code, click the Save Root Custom Code button and activate Root Folder BulletProof Mode.

    #33247
    AITpro Admin
    Keymaster

    Email Reply:
    “Removed Hotlink Protection, and it works. Thank you.”

Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.