WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Before I install... (10 posts)

  1. SickSquirrel
    Member
    Posted 9 months ago #

    I love the fact your script prevents .htaccess tampering. But, I have a script that adds an IP, domain, email orClass C IP if I ban it. It writes to the .htaccess file.

    Will your script work with mine?

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Yep, just do not lock your root .htaccess file or check if the script automatically unlocks the root .htaccess file, writes to it and locks it again. This is a very simple thing to do so if this script is not doing this then the code would be something like this.

    $filename = ABSPATH . '.htaccess';
    $stringReplace = @file_get_contents($filename);
    
    if ( file_exists($filename) ) {
        // unlock the file first
        chmod($filename, 0644);
        // whatever code needs to be written here
       if ( file_put_contents($filename, $stringReplace) ) {
       // lock the file after writing to it
       chmod($filename, 0404);
       }
    }
  3. SickSquirrel
    Member
    Posted 9 months ago #

    Thanks. Due to a brain injury I forgot all coding knowledge so the above is a foreign language.

    I'm going to ask my script coder if he can come here and decipher :)

  4. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    For the whatever code needs to be written section of the function above this is the simplest way to do a match and replacement. For "replace the landmark code with some new code" you would add the landmark code back into the root .htaccess file plus your new code so that the original root .htaccess file code is replaced and you additionally add your new code too.

    // whatever code needs to be written here
    $pattern = '/a landmark pattern match in the root htaccess file/';
    
    if ( preg_match($pattern, $stringReplace, $matches) ) {
       $stringReplace = preg_replace('/the landmark pattern match code/', "replace the landmark code with some new code", $stringReplace);
    }
  5. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Putting the whole thing together it would look like this.

    $filename = ABSPATH . '.htaccess';
    $stringReplace = @file_get_contents($filename);
    $pattern = '/a landmark pattern match in the root htaccess file/';
    
    if ( file_exists($filename) ) {
        // unlock the file first
        chmod($filename, 0644);
    
       // whatever code needs to be written here
       if ( preg_match($pattern, $stringReplace, $matches) ) {
          $stringReplace = preg_replace('/the landmark pattern match code/', "replace the landmark code with some new code", $stringReplace);
       }
    
       if ( file_put_contents($filename, $stringReplace) ) {
          // lock the file after writing to it
          chmod($filename, 0404);
       }
    }
  6. SickSquirrel
    Member
    Posted 9 months ago #

    Thank you! The script I had conflicts so it was removed. I'm looking at Ban Hammer (here) but ... that issue will rise again and I can't alter that script.

  7. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Then just do not lock your root .htaccess file if you need to allow another plugin to dynamically write to the root .htaccess file at any time. Also set AutoLock to Off on the BPS Edit/Upload/Download page.

  8. SickSquirrel
    Member
    Posted 9 months ago #

    Ok, let's see if I have this right. I'll use Ban Hammer and your script. Through your script, I will set it to NOT lock .htacces plus I will set AutoLock to off on Edit/Upload/Download page.

    Since I have no memory, if I'm right, I'll print that out before I totally f^*& up my sites.

    (This is MUCH easier. I canceled the custom script, no additional coding, plus the two scripts I will use have support here)

  9. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Yep, that is correct. On the Edit/Upload/Download page click these 2 buttons: Unlock htaccess File and Turn Off AutoLock.

  10. SickSquirrel
    Member
    Posted 9 months ago #

    Printing, downloading and thanking you sincerely for your help. Saved me $$$ and aggravation and time.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.