WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] BPS breaks WordPress Search function (5 posts)

  1. justatest47
    Member
    Posted 1 year ago #

    Hi, for some strange reason, BPS breaks WordPress site search function.
    And I mean about the site search not about the search from dashboard posts.

    If I search for simple terms such as Car or Phone, the search works but if I try to search for terms such as Dee & Beavers's, the search result will be either a 403 Forbidden Error, or a redirection towards a messed up HOME PAGE.

    I've tried both 0.47.7 and 0.47.8. I've removed BPS and searched for the same term, and the search results were working now.

    So I know for a fact it's BPS's fault.

    Question what is there to do?

    Are there any lines which particularly forbid a search that will include these signs? & '

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    The single quote coding character or apostrophe in writing is one of the most dangerous coding characters there is that hackers use to execute SQL Injection attacks and other forms of hacking attempts. The single quote coding character is explicitly forbidden in search windows for that reason. If you would like to allow the single quote coding character on your website see this Forum Topic for the BPS security filters that you would need to modify.

    http://forum.ait-pro.com/forums/topic/feedburner-feed-header-causing-403-error/#post-456

    The & coding character is not filtered or blocked since it is completely harmless.

  3. justatest47
    Member
    Posted 1 year ago #

    Ok. So this is a common thing. For a moment I thought that maybe it's something wrong with my site or with the settings in BPS.
    Is there a work around to this without reducing much of the security?

    If I would remove this line with the single quote, in percentages, how much percent, of the security would I remove from BPS? 5-10%? More? Less?

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Unfortunately, what happens is if you try to create exception rules then they negate the security filters anyway so commenting them out has the exact same effect/result. The workaround is to comment out the security filters.

    The security impact cannot really be measured in percentages and you would have to look at it this way. If you comment those security filters out you leave your website vulnerable to certain SQL Injection hacking attempts, some forms of XSS hacking attempts and some forms of Code Injection hacking attempts. The single quote is a very handy coding character for hackers because it allows them to do a wide variety of hacking methods.

    So basically you have to make a judgement call. From my personal experience very few people complain about not being able to use an apostrophe in a search term and most figure out after the first attempt that apostrophes/single quote coding character is not allowed in search terms.

  5. justatest47
    Member
    Posted 1 year ago #

    I see. Well thanks for the suggestion. I think I will just leave it as it is. I rather prefer security than being able to search with a single quote.

    Thanks

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic