BPS breaks WordPress Search function

  • Resolved justatest47

    (@justatest47)


    11 years, 2 months ago

    Hi, for some strange reason, BPS breaks WordPress site search function.
    And I mean about the site search not about the search from dashboard posts.

    If I search for simple terms such as Car or Phone, the search works but if I try to search for terms such as Dee & Beavers’s, the search result will be either a 403 Forbidden Error, or a redirection towards a messed up HOME PAGE.

    I’ve tried both 0.47.7 and 0.47.8. I’ve removed BPS and searched for the same term, and the search results were working now.

    So I know for a fact it’s BPS’s fault.

    Question what is there to do?

    Are there any lines which particularly forbid a search that will include these signs? & ‘

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author AITpro

    (@aitpro)

    11 years, 2 months ago

    The single quote coding character or apostrophe in writing is one of the most dangerous coding characters there is that hackers use to execute SQL Injection attacks and other forms of hacking attempts. The single quote coding character is explicitly forbidden in search windows for that reason. If you would like to allow the single quote coding character on your website see this Forum Topic for the BPS security filters that you would need to modify.

    http://forum.ait-pro.com/forums/topic/feedburner-feed-header-causing-403-error/#post-456

    The & coding character is not filtered or blocked since it is completely harmless.

    Thread Starter justatest47

    (@justatest47)

    11 years, 2 months ago

    Ok. So this is a common thing. For a moment I thought that maybe it’s something wrong with my site or with the settings in BPS.
    Is there a work around to this without reducing much of the security?

    If I would remove this line with the single quote, in percentages, how much percent, of the security would I remove from BPS? 5-10%? More? Less?

    Plugin Author AITpro

    (@aitpro)

    11 years, 2 months ago

    Unfortunately, what happens is if you try to create exception rules then they negate the security filters anyway so commenting them out has the exact same effect/result. The workaround is to comment out the security filters.

    The security impact cannot really be measured in percentages and you would have to look at it this way. If you comment those security filters out you leave your website vulnerable to certain SQL Injection hacking attempts, some forms of XSS hacking attempts and some forms of Code Injection hacking attempts. The single quote is a very handy coding character for hackers because it allows them to do a wide variety of hacking methods.

    So basically you have to make a judgement call. From my personal experience very few people complain about not being able to use an apostrophe in a search term and most figure out after the first attempt that apostrophes/single quote coding character is not allowed in search terms.

    Thread Starter justatest47

    (@justatest47)

    11 years, 2 months ago

    I see. Well thanks for the suggestion. I think I will just leave it as it is. I rather prefer security than being able to search with a single quote.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘BPS breaks WordPress Search function’ is closed to new replies.