Home › Forums › BulletProof Security Pro › /wp-json/ Blocked by .htaccess
- This topic has 18 replies, 3 voices, and was last updated 3 years, 12 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
Uh yeah and LOL. I definitely do not have a Network subdomain test site with anywhere near that setup. 😉 Our test servers are in-house and there are some limitations with Network/Multisite subdomain site types. We used to have a Live Hosted Network site, but that was nuked a year or two ago. Hate to say it, but I don’t think MMode is going to work with the POST Attack Protection Bonus Custom Code on that particular site setup. You could try another WordPress Maintenance Mode plugin or maybe just not use the POST Attack Protection Bonus Custom Code on that particular site. Or just turn off MMode when updating Posts or Pages.
Living MiraclesParticipantThank you! Since the issue is only on the subsite that has Maintenance Mode enabled, perhaps we’ll just remove the Post Attach Protection code once that site will be developed (it’s currently dormant).
Thanks for looking into this!
AndresParticipantHi Edward!
Hope all is well with you in the midst of this craziness…
This one has me stumped on a new client’s website (running regular BPS, and Yoast Pro – WP and all plugins up to date). Posting it here since it’s related to wp-json.
[403 GET Request: March 27, 2020 - 9:39 pm] BPS: 3.9 WP: 5.3.2 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: XXXXXXX Host Name: XXXXXXXX.hsd1.fl.comcast.net SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: XXXXXXXX HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: XXXXX/wp-admin/post.php?post=5901&action=edit REQUEST_URI: /wp-json/yoast/v1/prominent_words?word=governor%27s+executive+order QUERY_STRING: word=governor%27s+executive+order HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:74.0) Gecko/20100101 Firefox/74.0
It happens every time I update a specific post. The post saves fine (not even with a delay), but it generates a similar entry in the security log with every post update.
I tried adding this whitelist rule to the wp-admin htaccess file but to no avail:
# Whitelist Yoast JSON Request
RewriteCond %{REQUEST_URI} !^.*/wp-json/yoast/(.*) [NC]
RewriteRule . – [S=3]Any ideas?
Thanks in advance and stay safe!!
Andres
AITpro AdminKeymasterHey Andres – I’m assuming that you typed in that Query String somewhere? It’s kind of risky in itself to use that Query String. I can provide a solution to this problem, but honestly you really don’t want to use %27 + exec + order together in a Query String. What I recommend that you do is to literally change the words in that Query String. ie word=governor-governors-words (no apostrophe).
-
AuthorPosts
- You must be logged in to reply to this topic.