WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] JQuery Easing and Bulletproof Security (14 posts)

  1. AfanWebs
    Member
    Posted 1 year ago #

    I've purchased a commercial theme which uses JQuery Easing to display the menu system. However, when I activate Bulletproof Security, and enable Bulletproof mode, the menu system disappears completely.

    I'm sure there is something I need to add to the secure htaccess file, but as I'm still new to this I'm not quite sure what to add or where to add it.

    Any assistance or pointers in the right direction would be greatly appreciated.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Have you activated both BulletProof Modes? Both the Root and wp-admin BulletProof Modes must be activated together.

    Is the menu on the backend or frontend of your website?
    Do you see any error messages?
    What is the name of the Theme?

  3. AfanWebs
    Member
    Posted 1 year ago #

    Ah! I've just enabled both modes and it's now working. Many thanks.

  4. SimplyMarkB
    Member
    Posted 1 year ago #

    Similar issue. I noticed that I am getting a JQuery issue that is affecting my Easy Rotator plugin.

    the error I am seeing in my Javascript console is:
    Uncaught ReferenceError: jQuery is not defined theme_scripts.js:104

    I DO notice that when I replace the bulletproof .htaccess with the original .htaccess file (pre-bulletproof), my rotators reappear. I am trying to see what could have been added to the .htaccess that could have taken them down.

    While I am looking, can you offer Any thoughts?
    -Mark

  5. SimplyMarkB
    Member
    Posted 1 year ago #

    By the way.. right now, ONLY the .htaccess in the site root has been restored. The others are still Bulletproof, so it is something only in the bulletproof .htaccess from the siteroot.

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Check your BPS Security Log for any errors directly related to the Easy Rotator plugin and post them here. The log entry should log exactly what is being blocked.

  7. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I installed this plugin, but was not able to complete testing because it requires installation of Adobe AIR on XAMPP. What I did notice is that this plugin is not containing it's jQuery scripts to its own plugin pages and is loading its jQuery scripts and CSS in BPS plugin settings pages. Overall this does not break BPS menus or other functionality, but BPS menus and text does not display the way it is supposed to display.

    Another thing is that an external jQuery library is being called from this plugin - this is generally frowned upon since plugins and themes should be using the jQuery that is bundled with WordPress. If a plugin cannot use the jQuery that is bundled with WordPress then an external library call can be done, but like I said this is frowned upon.

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Logically it looks like you would just need to add a skip/bypass rule for this plugin. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, click the Save Root Custom Code button, click the secure.htaccess AutoMagic button (Security Modes page) and then activate BulletProof Mode for your Root folder.

    # EasyRotator skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/easyrotator-for-wordpress/ [NC]
    RewriteRule . - [S=13]
  9. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Correction: Actually the EasyRotator plugin makes the BPS jQuery Dialog Blue Read Me help buttons/text completely unusable/unreadable. I will add wp_dequeue_script to BPS to block this plugins scripts from breaking BPS jQuery scripts in the next version release.

  10. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Correction: The Blue Read Me help button/text is readable if you resize the jQuery Dialog window.

  11. SimplyMarkB
    Member
    Posted 1 year ago #

    Hey.. just an FYI, I temporarily enabled bulletproof mode and pulled the logs and also the javascript debug console and found the following.

    https://docs.google.com/document/d/1yAlgi2RZOjW5Fl4wMjoCkxJAVJR-SZ15zZljK9G2PqQ/edit?usp=sharing

    -Mark

  12. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    This error below is kind of odd. The website you are referring to is saraxxxx.com (the rest of domain name was replaced with x's for privacy) correct? This site is hosted with Go Daddy and using Apache Ubuntu so this link must be some kind of external link to a Windows IIS Server - .aspx. Round brackets are blocked by BPS in Query strings, but you can remove round brackets from the security filter below. Since this is a URI and technically not a Query string then this may be totally unnecessary. The request URI contains a Query string so it may actually do something. The entire error is very odd overall.

    REQUEST_URI: /?aspxerrorpath=/ARTICLES/Current-Issue/Ask-The-Boss--Charlene-(Charlie)-Lenger.aspx

    Remove round brackets/parenthesis characters in this root .htaccess security filter

    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    
    modify too...
    
    RewriteCond %{QUERY_STRING} ^.*(<|>|%3c|%3e).* [NC,OR]

    Have you already used/applied the skip/bypass rule I posted for this plugin? Do the javascript errors occur when BPS is in Default Mode or do they occur all the time no matter whether BPS is in BulletProof Mode or Default Mode?

  13. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    This error is also very strange. What relation does your site have to Windows IIS or maybe another website that you are pointing too?

    REQUEST_URI: /code/email_article.asp?url=http://www.biz941.com%2FArticles%2F2008%2F01%2FTop-Companies151The-List.asp&title=Top+Companies%97The+List

  14. SimplyMarkB
    Member
    Posted 1 year ago #

    the site was originally on an IIS server and was on a Windows based CMS. It was migrated by a third party and every now and then I find a reference to an old ASP resource.

    I am trying the bypass rule tonight and hopefully this will be it. I appreciate your feedback. It's very helpful. I will be sure to post if it works.

    -M

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.