WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Bullet Proof Security and TimThumb (10 posts)

  1. ianfrancisryan@eircom.net
    Member
    Posted 9 months ago #

    I am using a third party theme for a site I am developing. The theme uses TimThumb for displaying thumbnail images. I am also using the Bullet Proof security plugin V .49.2 on the site.

    With the Bullet Proof Security secure .htaccess enabled in the root, thumbnail placeholders appear on the frontend instead of the thumbnail images themselves. When I right click on the thumbnail placeholder and select to "View Image" I get the error:

    403 Forbidden Error Page

    If you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page. Thank you.

    When I use a default (non Bullet Proof Security) .htaccess in the root then the thumbnail images are displayed as expected.

    Can you advise what I need to do to resolve this issue?

    Many Thanks

    http://wordpress.org/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Check your BPS Security log and post the error directly related to this issue/problem. If you do not see an error logged for this in the BPS Security log then right mouse click on the thumbnail and choose: Chrome: Copy link address, IE: Copy shortcut, Firefox: Copy Link Location, Safari: Copy Link and paste the link/URL here.

  3. ianfrancisryan@eircom.net
    Member
    Posted 9 months ago #

    Thanks for the reply.

    The script that handles my TimThumb is named tn.php. I have identified that for the script to work I need to add tn.php to the TimThumb rule in my root secure .htaccess as follows:-

    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php|tn\.php) [NC]

    How/where do I change this line such that the change is retained whenever I generate a new secure.htaccess file in Bullet Proof Security? I have tried to apply the change in the file under the "htaccess File Editor" -> "secure.htaccess" tab. However, when I then create a secure.htaccess file under the "Security Modes" tab the new secure.htaccess file does not retain the change to the TimThumb rule that I applied under the under the "htaccess File Editor" -> "secure.htaccess" tab but instead shows the default rule :-

    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]

    i.e. the rule with the inclusion of the tn.php filename.

  4. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Great job on figuring this out! You would add this custom code to BPS Custom Code. This Forum link below has step by step instructions on how to do that.
    http://forum.ait-pro.com/forums/topic/images-not-displaying-after-bulletproof-security-free-plugin-was-enabled-and-configured/#post-3828

  5. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Oops I just realized the step by step instructions are for the other skip/bypass option. Give me a minute and I will update that Forum Topic with step by step instructions for the Timthumb Forbid code.

  6. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Ok the Forum Topic help info has been updated and includes the Timthumb Forbid Custom Code steps now. Thanks.

  7. ianfrancisryan@eircom.net
    Member
    Posted 9 months ago #

    Sorry. Where do I find the updated Timthumb Forbid Custom Code steps?

  8. ianfrancisryan@eircom.net
    Member
    Posted 9 months ago #

    It's Ok. I figured it out.

    Many Thanks for the help.

  9. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    So everything is working correctly now? Thanks.

  10. ianfrancisryan@eircom.net
    Member
    Posted 9 months ago #

    Working perfectly thanks.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.