WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] [Plugin: Better WP Security] PHP Images Don't Display when Better Security is Active (11 posts)

  1. Wiz Tech
    Member
    Posted 1 year ago #

    I am using a widget called "Special Recent Posts".

    The problem I am having is when I activate Better Security only some thumbnails display. If I deactivate Better Security it shows all thumbnails. Do you have any idea what might be causing this?

    My Website: Click Here.

    Thank You!

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Try turning off "filter suspicious query strings" and the long urls option both under "System Tweaks"

  3. tnault
    Member
    Posted 1 year ago #

    Same issue. Tried both of the above and it looks like its the "filter suspicious query strings". An example URL that is being blocked is...

    wp-content/plugins/special-recent-posts/lib/phpimage.php?width=75&height=75&rotation=no&file=L2hvbWUxL2V4cG9zdXQzL3B1YmxpY19odG1sL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDEyLzA4LzIwMTIwODEwLTAyMDYwOS5qcGc=

    Any way to config better wp security to allow this, but still block other suspicious strings?

  4. @tnault No. But turning off only one feature still gives you the security of others. The problem is there are so many plugins that conflict with that feature in different ways (all of which can also be interpreted as an attack in the wrong hands) that I couldn't possibly exclude them all without compromising the feature itself.

  5. tnault
    Member
    Posted 1 year ago #

    Thanks for the follow-up! I'm not a coder by trade, but it would seem fairly straight forward to add a sort of "white list" option to allow specific urls...or similar to the SSL feature that forces ssl for URLS matching */url/*. While this would leave a vulnerability for that one match it would still allow the rest of the site and functions to be protected....just a thought.

    Better WP Security is still a remarkable plugin and one that I am very grateful for. Thanks for all your hard work and dedication to making wordpress a more secure platform.

  6. @tnault

    It would be easy to add the feature but the usability of such a feature could trouble many. For example, if a wildcard or regex was needed for a plugin exclusion (this would be the case with many of the plugins) entering it wrong could lead to all sorts of problems.

    Most likely what I'll do sometime in the near future is a low/medium/high setting for the feature to try to make it as usable as possible while also eliminating many of the conflicts.

  7. tnault
    Member
    Posted 1 year ago #

    Cool! Totally understand ...thanks again!

  8. batec
    Member
    Posted 1 year ago #

    Hi Bit51,

    I am having issues with the plugin turning off all images when the plugin is active.
    I disabled the "filter suspicious query strings" and the "long urls option" which has had no effect.

    Its all images, not just the thumnails.
    http://blogs.newschool.edu/social-justice/

    Disabling the plugin entirely fixes the problem, but I would not want to do that. This is only an issue with this version of the plugin.

    cb

  9. batec
    Member
    Posted 1 year ago #

    I have also just found that viewing images directly displays a huge block of code

    example - http://blogs.newschool.edu/social-justice/files/2012/08/SJRC_book_covers2-225x300.jpg

    I also get this message when updating a setting.

    "Settings Saved. You will have to manually add rewrite rules to your configuration. See the Better WP Security Dashboard for a list of the rewrite rules you will need."

  10. @batec drop me an email at info [at] bit51 [dot] com and we'll see what we can work out. I'm wondering if something is processing your images before they are displayed in the browser.

  11. eng_mmd
    Member
    Posted 1 year ago #

    i have used the childshly simple 1.0100 and i got the same thing all images are block in theme option and website display I disabled the "filter suspicious query strings" and the "long urls option" which has had no effect.
    how to solve it

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.