WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] BPS block the WpRemote Plugin (6 posts)

  1. didithoe
    Member
    Posted 1 year ago #

    From this conversation :
    https://twitter.com/wpremote/status/260740856724717568
    When using BPS Mode fo .htaccess, It seems that BPS block the WpRemote Plugin API Request.

    How to solve this issue? can you add the WPRemote API request in whitelist ?

    Thankypu

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I have contacted wp-remote to get more info and am waiting on their response/reply. Whitelisting wp-remote is going to be done with the example code i have posted in the thread below, but what i need to know from them is the URI condition.

    Please see this thread
    http://wordpress.org/support/topic/heads-up-need-confirmation-on-this-whitelist-skipbypass-code?replies=1

    Or of course this additional RFI and remote file website security protection can be negated/not used by simply commenting out the HTTP Rererrer line of code with a # sign. i included the additional wp-remote whitelisted IP address line of code just for reference since you would not actually see this in your root .htaccess file and has been specifically added to move forward with finding the complete solution.

    # RewriteCond %{HTTP_REFERER} ^.*your-website-domain-name.com.* [OR]
    # RewriteCond %{REMOTE_ADDR} ^107.22.153.142

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Or maybe a better approach would be to create a separate Whitelist rule such as this and to add this above skip/bypass rule #12. This would logically allow full access to all website files from IP 107.22.153.142 and would skip to RewriteRule . /index.php [L] and skip/bypass all BPS security filters.

    # Whitelist wpremote skip/bypass
    RewriteCond %{REMOTE_ADDR} ^107.22.153.142
    RewriteRule . - [S=13]
  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I am not getting any response from the wpremote folks so if you are willing to test this code above i would very much appreciate that. Thanks.

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    And i had a similar issue with another type of remote plugin and just adding a typical plugin skip/bypass rule worked fine so actually try this first. This skip/bypass rule would go right above skip/bypass rule #12 - # Adminer MySQL management tool data populate - in your root .htaccess file.

    # wpremote skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wpremote/ [NC]
    RewriteRule . - [S=13]
  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    This is not a new problem and is a very old issue. I got thrown off by several folks telling me this was a new problem and it is not. This is of course my fault for not checking that first. That was my first thought, but 3 people telling me this was a new issue got me going down the stupid road. ;)

    here is the old solution >>> http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#wpremote

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic