WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] BulletProof Security ~ htaccess Core (12 posts)

  1. lbs42807
    Member
    Posted 1 year ago #

    Multiple issues here. First of all I didn't get much support when learning how to create a webpage at school so I am completely lost and have no idea how to fix this without step by step instructions so my pages aren't broken and I can run updates in my cPanel without getting permission denied errors. Here's the first one:

    1)You do not currently have an .htaccess file in your wp-admin folder to backup.
    2)Deny All protection NOT activated for /wp-content/bps-backup folder
    An .htaccess file was NOT found in your wp-admin folder.
    BulletProof Mode for the wp-admin folder MUST also be activated when you have BulletProof Mode activated for the Root folder.
    3)An .htaccess file was NOT found in your /wp-admin folder
    4)Your Current wp-admin .htaccess file is NOT backed up yet

    I really need help and can't seem to find anyone to talk to or respond.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok in order to help you I need details about the exact problem is occurring.

    In regards to cPanel and BPS:
    The only thing that BPS does that can affect cPanel in any way is that you can lock your root .htaccess file with 404 permissions in BPS. So if you are trying to do something in cPanel that needs the root .htaccess file to be unlocked then you just need to unlock it either within BPS or using FTP or cPanel itself to change file permissions from 404 to 644. Also there is an ongoing issue with a broken tool in cPanel called the HotLink Protection Tool that breaks BPS and will also break your website. See this sticky post for specific details >>> http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=2

    These are the details that i need to start troubleshooting the problem that is occurring on your specific website.

    Have you clicked the AutoMagic buttons and activated all BulletProof Modes?

    Have you tried to put BPS in Default Mode by using these steps below?
    1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Test your plugin or theme.
    5. Restore your .htaccess files using BulletProof Security built-in Restore.

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Hello lbs42807,

    Please provide a status update.

    Thank you.

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Hello lbs42807,

    Please provide a status update.

    Thank you.

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Resolving due to lack of response. If the problem is still occurring please post another comment. Thank you.

  6. mlhwebsites
    Member
    Posted 8 months ago #

    I have seen lots of threads related to this issue and am still confused so any help would be appreciated. I have the free bulletproof plugin and “better wp security” plugin. On most of my logins to wp I check Bulletproof security status and it shows: “The WP readme.html file is not .htaccess protected”. Instead of the 404 .htaccess it has changed to 644. I then do the “Activate Website Root Folder .htaccess Security Mode”. This corrects both problems but has to be repeated on most subsequent logins which means the site is vulnerable in between.
    I would like to see if then can be resolved prior to upgrading.

    Server Type: Apache
    Operating System: Linux
    Server API: cgi-fcgi - Your Host Server is using CGI.

    If this should be posted in a different thread please advise.

    Thanks very much
    mlhwebsites

  7. AITpro
    Member
    Plugin Author

    Posted 8 months ago #

    I am not exactly sure what Better WP Security is doing these days, but yes you are correct that that plugin somehow breaks the BPS check for the readme.html file. I believe the simplest solution would be to copy the Better WP Security .htaccess code to BPS Custom Code in the: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here text box, click the Save Root Custom Code button, go to the Security Modes page, click the Create secure.htaccess File button and activate Root folder BulletProof Mode again.

  8. mlhwebsites
    Member
    Posted 8 months ago #

    Thank you much for your unbelievably quick response!

    Do you know where I can find the Better WP Security .htaccess code? Is the .htaccess in the root folder the one I should backup in case this breaks something? I can try this in one of my test sites.

    Before trying this I am trying to determine when this is triggered by monitoring all sites to see when the 404 changes to 644. I know better wp security is not your problem but for info purposes while it's 404: In their dashboard it shows "Better WP Security is allowed to write to wp-config.php and .htaccess." but under System Info it says: "neither of these are writeable". This seems like a conflict.

    Thanks again - I appreciate your tim

  9. AITpro
    Member
    Plugin Author

    Posted 8 months ago #

    BPS has a built-in .htaccess editor on the BPS Edit/Upload/Download page where you can edit your .htaccess files. To see a video tutorial on how to add custom code to BPS Custom Code click on the Custom Code Video Tutorial link on the BPS Custom Code page.

  10. AITpro
    Member
    Plugin Author

    Posted 8 months ago #

    I don't even like testing Better WP Security. It has wrecked a couple of my test sites so if i can avoid that plugin i do. ;) it does some things with the database that do not have simple "undo" capability so you end up wiping the entire site to get rid of that plugin.

  11. mlhwebsites
    Member
    Posted 8 months ago #

    The only reason I added it was it did some things Bulletproof didn't such as logging 404 errors (detection), monitoring changed files etc. I've had one site hacked so I get nervous. Perhaps I should deactivate it for a while to see if that stops the 404 to 644.

  12. AITpro
    Member
    Plugin Author

    Posted 8 months ago #

    Well in general 404 file permissions means Read-Only and 644 means allow writing so if a file has 404 permissions then it is locked and is not writable until it is unlocked to 644 file permissions. So the message you posted above from Better WP Security does not make sense. it should be 404 not writable. 644 is writable. ;) Probably just a coding mistake in Better WP Security where the check or the displayed message for the check is backwards. ;)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic