WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Install multiple problems (66 posts)

  1. Mandrake7062
    Member
    Posted 1 year ago #

    I'm having a lot of problems here and I'm not sure where to start.
    I have FTP access.

    Activated BulletProof Security .htaccess File
    The htaccess file that is activated in your root folder is:
    BULLETPROOF PRO 5.D DEFAULT .HTACCESS

    Either a BPS htaccess file was NOT found in your root folder or you have not activated BulletProof Mode for your Root folder yet, Default Mode is activated, Maintenance Mode is activated or the version of the BPS Pro htaccess file that you are using is not the most current version or the BPS QUERY STRING EXPLOITS code does not exist in your root htaccess file. Please view the Read Me Help button above.

    wp-config.php is NOT htaccess protected by BPS

    Deny All protection NOT activated for BPS Master /htaccess folder
    Deny All protection NOT activated for /wp-content/bps-backup folder

    I'm not sure what to do at this point. I've upgraded to the latest BPS and this may have compounded the problem, I don't know.

    The original install took place with my website ftp login as: x
    And my WordPress logins at: y
    Not realizing this might be a bad thing I tried to create all the files I needed with text editors, and ftp and rename them into place
    I now login with both WP and FTP site the same now.

    Any body care to help me sort this out. 404 on any test page. Not that I want to build a site until this is straightened out.
    Kenny

    A valid BPS htaccess file was NOT found in your wp-admin folder. Either you have not activated BulletProof Mode for your wp-admin folder yet or the version of the wp-admin htaccess file that you are using is not the most current version. BulletProof Mode for the wp-admin folder MUST also be activated when you have BulletProof Mode activated for the Root folder. Please view the Read Me Help button above.

    http://wordpress.org/plugins/bulletproof-security/

  2. Mandrake7062
    Member
    Posted 1 year ago #

    Also, I see under, General BulletProof Security File Checks
    That the path now includes, /home/httpd/host25/
    And I don't think it was there before.

    √ /home/httpd/host25/.htaccess File Found
    √ /home/httpd/host25/wp-admin/.htaccess File Found
    √ /home/httpd/host25/wp-content/plugins/bulletproof-security/admin/htaccess/default.htaccess File Found
    √ /home/httpd/host25/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess File Found
    √ /home/httpd/host25/wp-content/plugins/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess File Found
    √ /home/httpd/host25/wp-content/plugins/bulletproof-security/admin/htaccess/maintenance.htaccess File Found
    √ /home/httpd/host25/wp-content/plugins/bulletproof-security/admin/htaccess/bp-maintenance.php File Found
    √ /home/httpd/host25/wp-content/plugins/bulletproof-security/admin/htaccess/bps-maintenance-values.php File Found
    √ /home/httpd/host25/wp-content/bps-backup/master-backups/root.htaccess File Found
    √ /home/httpd/host25/wp-content/bps-backup/master-backups/wpadmin.htaccess File Found
    √ /home/httpd/host25/wp-content/bps-backup/master-backups/backup_default.htaccess File Found
    √ /home/httpd/host25/wp-content/bps-backup/master-backups/backup_secure.htaccess File Found
    √ /home/httpd/host25/wp-content/bps-backup/master-backups/backup_wpadmin-secure.htaccess File Found
    √ /home/httpd/host25/wp-content/bps-backup/master-backups/backup_maintenance.htaccess File Found
    √ /home/httpd/host25/wp-content/bps-backup/master-backups/backup_bp-maintenance.php File Found
    √ /home/httpd/host25/wp-content/bps-backup/master-backups/backup_bps-maintenance-values.php File Found
  3. Mandrake7062
    Member
    Posted 1 year ago #

    Additional Website Security Measures

    √ WordPress DB Show Errors Function Is Set To: false
    √ WordPress Database Errors Are Turned Off
    √ WordPress Meta Generator Tag Removed
    √ WordPress Version Is Not Displayed / Not Shown
    √ The Default Admin username "admin" is not being used
    The WP readme.html file is not .htaccess protected
    The WP /wp-admin/install.php file is not .htaccess protected

  4. Mandrake7062
    Member
    Posted 1 year ago #

    To much info?
    DSO File and Folder Permissions / Recommendations

    .htaccess ../.htaccess 644 0644
    wp-config.php ../wp-config.php 644 0644
    index.php ../index.php 644 0644
    wp-blog-header.php ../wp-blog-header.php 644 0644
    root folder ../ 755 0755
    wp-admin/ ../wp-admin 755 0755
    wp-includes/ ../wp-includes 755 0755
    wp-content/ ../wp-content 755 0777
    wp-content/bps-backup/ ../wp-content/bps-backup 755 0755

  5. Mandrake7062
    Member
    Posted 1 year ago #

    Is this a file I need to create?

    Security Log Status: Error Logging is Turned On
    The Security Log File Was Not Found! Check that the file really exists here - /

  6. Mandrake7062
    Member
    Posted 1 year ago #

    I notice under:
    SQL Database / Permalink Structure / WP Installation Folder

    That the database user:
    Is not the same as my WP login.
    Is that a problem?

  7. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Since you have a DSO Server configuration then you will need to make some one-time manual changes to allow BPS rights/permissions to create .htaccess files on your website/Server. The DSO setup steps in the link below are for BPS Pro, but will also work for BPS. Do steps: 1, 3, 4, 5 and 7. DO NOT do steps: 2, 6 and 8.

    http://forum.ait-pro.com/forums/topic/dso-setup-steps/

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    After you have done these one-time manual setup steps then you will be able to use the automation in BPS. Example: you will be able to add Custom Code, you will be able to use AutoMagic, you will be able to activate BulletProof Modes from within the BPS plugin.

  9. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Also before doing setup step number 1, just do 3, 4, 5 and 7 and see if file writing works. It is very possible that your Host has already made configuration changes at the Server to allow FTP writing by your FTP User.

  10. Mandrake7062
    Member
    Posted 1 year ago #

    Thanks for your help AITpro

    I did not see your last instruction in time and followed you first.
    I now have another slight problem. ;)

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Cache error?

  11. Mandrake7062
    Member
    Posted 1 year ago #

    By the way, the last step, already had master-backups in place, I did change the file permissions as indicated. 777

  12. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep, it looks like your Host has already pre-configured a lot of things to work with WordPress and WordPress plugins so probably a lot of the steps were unnecessary for your particular Host/Server/website.

    Ok the first thing to try is this.
    Download the root .htaccess file and comment out these 2 sections of code by putting a pound sign # in front of the directives as shown below. Your Host may not allow the "Options" directive and/or the "DirectoryIndex" directive to be used on your website. Then upload it back to your website root folder.

    # DO NOT SHOW DIRECTORY LISTING
    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    #Options -Indexes
    
    # DIRECTORY INDEX FORCE INDEX.PHP
    # Use index.php as default directory index file
    # index.html will be ignored will not load.
    #DirectoryIndex index.php index.html /index.php
  13. Mandrake7062
    Member
    Posted 1 year ago #

    root
    .htaccess file 12,344 is at 666 file perm..

  14. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I updated my post above. Also what type of Server do you have? Is it Apache and Nginx combined or just Apache? What about BSD/Ubuntu/Debian/LiteSpeed/linux, etc?

  15. Mandrake7062
    Member
    Posted 1 year ago #

    Done, edited those two lines with #
    Problem persists.

  16. Mandrake7062
    Member
    Posted 1 year ago #

    Apache/2.2.14 (Ubuntu) Server

  17. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok so this is a hosted site and not LAMP correct? Is this VPS or Dedicated hosting? Do you have root access to the httpd.conf file on the Server?

  18. Mandrake7062
    Member
    Posted 1 year ago #

    Probably VPS, Vertual?
    In any case, there is no access and/or httpd.conf file that I can see in my root dir.

  19. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok the default BPS .htaccess file that you activated did work so we know that .htaccess files are allowed on your website so forget this approach. I was going in the wrong direction. I think I have gone way to deep on this one altogether. I believe your Host has already done Server configurations that allow WordPress and WordPress plugins to do what they need to do. ;)

    Let's eliminate a couple of things. Change the file permission of the root .htaccess file to 644 and let me know if the 500 error goes away and the site loads.

  20. Mandrake7062
    Member
    Posted 1 year ago #

    Done, nada zip, 500 internal persists.

  21. Mandrake7062
    Member
    Posted 1 year ago #

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.
    Apache/2.2.14 (Ubuntu) Server at http://www.kdf-computers.com Port 80

  22. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok delete the root .htaccess file, but leave the wp-admin .htaccess file. If you still see a 500 error then change the wp-admin .htaccess file permissions to 644 and test. If you still see a 500 error then delete the wp-admin .htaccess file.

  23. Mandrake7062
    Member
    Posted 1 year ago #

    Back up. ATIpro. :)

  24. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yeah I went way too deep on this. We are currently working on DSO automation coding in BPS and my noodle is stuck in DSO mode right now. LOL

    Ok so did changing the wp-admin .htaccess file permissions get the site back up? Or just deleting the root .htaccess file?

  25. Mandrake7062
    Member
    Posted 1 year ago #

    I deleted the root .htaccess file.
    That's all I did and where I'm at now.

  26. Mandrake7062
    Member
    Posted 1 year ago #

    I can not login to WP though.

  27. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok now upload the /bulletproof-security/admin/default.htaccess file to your website root folder and rename it to just .htaccess. Your site should still be up at this point. Go to the BPS Edit/Upload/Download page and click on the "Your current root htaccess file" tab and add the word "Test" as shown below after BEGIN WordPress and click the Update File button.

    # BEGIN WordPress Test

    Did the file edit/update save this edit or did the save not work?

  28. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I can not login to WP though.

    You need to delete the wp-admin .htaccess file for now to be able to login.

  29. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    is /ywing/ a post or page on your site?

    Are you using a WordPress Custom Permalink Structure? Once you log back in go to WordPress >>> Permalinks and add /%postname%/ in the Custom Structure text box and save this. On LAMP you have to add index.php/%postname%/ but since you have a hosted Ubuntu site/Server then you probably do not need to add index.php in front of /%postname%/

  30. Mandrake7062
    Member
    Posted 1 year ago #

    default.htaccess uploaded and renamed .htaccess
    Site is up, but I can't login. 500 persists.
    And when it comes up the top dashboard is there but it is a dead stick.
    and does a 500, nor can I login.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.