Home › Forums › BulletProof Security Free › WP eStore plugin – ShrinkTheWeb plugin
Tagged: ShrinkTheWeb, WP eStore
- This topic has 0 replies, 2 voices, and was last updated 10 years, 12 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
Also this works in 100% of the cases with this type of timthumb plugin problem. So double check that you did all the steps below correctly and you may also need to clear both your Browser cache and if you have a plugin cache you would need to clear your plugin cache as well.
1. Copy this .htaccess code below to the Custom Code CUSTOM CODE PLUGIN FIXES: text box
2. Save your new custom code by clicking the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.Note: If your WordPress installation is in a subfolder then add your WordPress subfolder name in the path.
Example: /my-wordpress-installation-folder-name/wp-content/plugins/google-document-embedder/# WP eStore skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-cart-for-digital-products/ [NC] RewriteRule . - [S=13]
WPS P&C AdminParticipantHmmm….I didn’t do anything unusual when uploading the product images in the webstore. I either uploaded them to the standard WP Media Library (using Media > Add New) then copied & pasted their URL into the Thumbnail Image URL field under Additional Product Details, or I used the Upload File button for products where I had not already uploaded the image in the above-mentioned way.
I’m not really a web programmer (just an IT-literate mum trying to help my kids’ school) so don’t understand what hotlinking an image means, or what timthumb is (but I’ll Google it). I haven’t done anything fancy to make the webstore work. The plugin just worked “out of the box” and we have been running the webstore without any problems for about 3 months – until I installed BPS.
I have deactivated root folder bulletproof mode (to erase the modifications we have experimented with) then activated bulletproof modes. Now none of the images on any of the items are being displayed (I’ve tried Safari and Google Chrome), and the problem I originally reported still exists. Have a look at wpspandc.com.au/webstore/
I have also created a test product which doesn’t have any image URL specified (the media upload button isn’t working, as you described, despite the above custom code being in place).
So, to summarise, at the moment, I have BPS active, with the following changes in place:
RewriteCond %{HTTP_REFERER} ^.*wpspandc.com.*
I have also inserted the skip rule you suggested above into the Custom Code box (in addition to the previous suggestion you made) so at the moment, I have the following Custom Code in place:
CUSTOM CODE TOP <FilesMatch "^wp-login.php$"> SetEnvIf GEOIP_COUNTRY_CODE AU AllowCountry SetEnvIf GEOIP_COUNTRY_CODE NZ AllowCountry Deny from all Allow from env=AllowCountry FilesMatch CUSTOM CODE PLUGIN FIXES: # WP eStore skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-cart-for-digital-products/ [NC,OR] RewriteCond %{REQUEST_URI} ^/webstore/ [NC] RewriteRule . - [S=13] # WP eStore media-upload.php skip/bypass rule RewriteCond %{REQUEST_URI} (media-upload\.php) [NC] RewriteRule . - [S=2]
The complete list of plugins I have installed is:
Add From Server
Adminimize
BPS
Capability Manager Enhanced
Extra Shortcodes for WP eStore
Google XML Sitemaps
Jetpack
Media Author
Members
Newsletter
NextGEN Gallery
NextGEN Galleryview
PP Back-End Content Roles
Press Permit
ShrinktheWeb Website Thumbnails
Theme My Login
Ultimate TinyMCE
WP eStoreCould there be some conflict with a different plugin? E.g. ShrinktheWeb.
AITpro AdminKeymasterOn my test site everything worked perfectly, but I never could simulate that timthumb URL so I am not sure how that was done on your site and yeah maybe it has to do with another plugin, but the URL points to the timthumb script that comes with this plugin. hate to say it, but I do not have a solution for you. Sorry. I guess switch to another security plugin that will work with your particular website.
AITpro AdminKeymasterHmm i just checked your site and none of your timthumb images are displaying. The TEST PRODUCT – DO NOT PURCHASE This product is to test the BPS security plugin URL is this:
wpspandc.com.au/wp-content/plugins/wp-cart-for-digital-products/lib/timthumb.php?src=&h=125&w=125&zc=1&q=100
which is much better then what was showing in your error log entry.In any case, this problem is always solved 100% of the time by the fix I have already posted so I do not understand why it does not work on your site.
AITpro AdminKeymasterhmm this is a clue. This means that the timthumb script cannot see or find the image.
A TimThumb error has occured
The following error(s) occured:- No image specified
Query String : src=&h=125&w=125&zc=1&q=100
TimThumb version : 2.8.5AITpro AdminKeymasterAnd this one gives me a 403 error, which means your whitelisting rules are either incorrect or just do not work on your site for some reason. The fix I have posted does normally fix this in 100% of the cases. Very odd???
wpspandc.com.au/wp-content/plugins/wp-cart-for-digital-products/lib/timthumb.php?src=http://www.wpspandc.com.au/wp-content/gallery//NSW-Swifts.jpg&h=125&w=125&zc=1&q=100
WPS P&C AdminParticipantThat test product has no image. I wanted to try eliminate the image from the issue, by not having one. That’s what I was referring to in the above post, when I said “I have also created a test product which doesn’t have any image URL specified (the media upload button isn’t working, as you described, despite the above custom code being in place).”
I have just re-read this entire post from start to end, and I noticed a slight difference in one line of custom code.
I have this:
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-cart-for-digital-products/ [NC,OR] You have this: RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-cart-for-digital-products/ [NC]
Not sure what the OR means….
WPS P&C AdminParticipantI would like to persist a little longer with BPS and see if I can get it to work. If you can, then surely I can too!! I really appreciate your persistence in helping me. This thread has become very confusing, and I would like to start all over again, deactivating and uninstalling BPS, then reinstalling it again.
Could you please explain how to do a complete, clean uninstall of BPS, and post the exact list of custom code updates I should apply after I reinstall it? I wasn’t sure if I had the 2 pieces of custom code in the right order, or whether order isn’t important. I also noticed that I still have the following in place – perhaps I shouldn’t:
RewriteCond %{REQUEST_URI} ^/webstore/ [NC]
Thank you so much for helping me. I really appreciate it.
AITpro AdminKeymasteryep I realized that after checking some other images. OR means “or” or this or that. If you only have 1 condition then you would not add an OR flag.
It should be this below. Typically the Timthumb skip/bypass would already work without even having to add this below.
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-cart-for-digital-products/ [NC]
This timthumb skip/bypass rule says if the Referer is your domain and the filename is timthumb.php then skip the security filters, but for some reason this is not working on your website???
AITpro AdminKeymasterAll you have to do is click the [obsolete-removed] buttons and activate root BulletProof Mode again. This will create and add a new root .htaccess file.
This is the only Custom Code you should be using in the Custom Code plugins fix text box. Forget about everything else. This is the only rule that works 100% of the time and the other factor is the timthumb skip/bypass rule example above that should already be working on your website, but it is not for some odd reason???
# WP eStore skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-cart-for-digital-products/ [NC] RewriteRule . - [S=13]
WPS P&C AdminParticipantWhat are whitelisting rules? You said that the only Custom Code I need is the piece immediately above, which works 100% of the time, but I thought you said earlier that I also need the following, for the media upload button to work:
RewriteCond %{REQUEST_URI} (media-upload\.php) [NC]
WPS P&C AdminParticipantOk, I have clicked the [obsolete-removed] buttons, applied the single piece of custom code you suggested, reactivated BulletProof mode in both the root and wp-admin folders, and now the webstore images are displaying ok, but I am back to my original problem, that anything I add to the shopping cart disappears when I navigate to another page.
And if I try to use the Upload File button to add an image to my product, I get the “forbidden” error you described earlier…..
AITpro AdminKeymasterSorry completely out of ideas??? I guess switch to another plugin instead of BPS. And yep i forgot about the wp-admin .htaccess media-upload.php file skip/bypass rule. That is needed.
WPS P&C AdminParticipantCould you please explain what you mean by “Check the RFI and MISC filter to make sure your domain is whitelisted correctly.” ??? Where do I check this? I don’t know what whitelisting is (although I can guess), or how I set it up.
I’ve had a minor victory…I realised I had put the custom skip code for media-upload.php in the wrong place. Now that it’s in the right place, the Upload File button is working correctly. I just have my original shopping cart problem.
I’m determined to fix this…..would it help if I emailed you my root and wp-admin .htaccess files, so you can check that everything that should be there is in the right place?
AITpro AdminKeymasterWith timthumb issues/problems. The filter that does the skip/bypass/whitelisting is this security filter. The only other thing that fixes any timthumb issues/problems is the Plugin skip/bypass rule for timthumb issues/problems below. These 2 things fix this type of problem 100% of the time. So I am not sure why this does not work on your site.
-
AuthorPosts
- You must be logged in to reply to this topic.