WordPress.org

Ready to get started?Download WordPress

Forums

Types - Custom Fields and Custom Post Types Management
Conflict with Better WP Security (2 posts)

  1. George Lerner
    Member
    Posted 5 months ago #

    The Better WP Security plugin has great security methods for blocking hackers and malware, and does it with minimal knowledge or work needed by you.

    As delivered, it conflicts with a URL that the Types plugin uses, specifically ending with a parameter with no value. This conflict gives a 403 Forbidden error, blocking the Types plugin administration pages (and probably others).

    Better WP Security has a line like this

    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]

    I removed |=$, which blocks parameters ending with equals, like
    /wp-admin/plugins.php?deactivate=true&plugin_status=all&paged=1&s=

    That comes from a link like
    /wp-admin/plugins.php?action=activate&plugin=types%2Fwpcf.php&plugin_status=all&paged=1&s&_wpnonce=e7f30a0090
    or like
    /wp-admin/plugins.php?action=deactivate&plugin=types%2Fwpcf.php&plugin_status=all&paged=1&s&_wpnonce=ae1c567616

    Suggestion to plugin writers, specify &s=1 instead of &s (parameters should always have a value).

    https://wordpress.org/plugins/types/

  2. Adriano Ferreira
    Member
    Plugin Author

    Posted 5 months ago #

    Dear George,

    Thanks for reporting that, I will pass to our development team right now.

Reply

You must log in to post.

About this Plugin

About this Topic