WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] [Plugin: Better WP Security] WP Remote is now being blocked (19 posts)

  1. Dan Knauss
    Member
    Posted 1 year ago #

    WPremote.com can no longer see if plugins are updated and update them, seemingly due to recent changes in Better WP Security. Does anyone know of a possible cause and solution? A global whitelist might do the trick. Their IP is 107.22.153.142.

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Lee Hayward
    Member
    Posted 1 year ago #

    Hi Dan. I'm using WPremote with Better WP Security (fully turned on) and it works for me ?

  3. Dan Knauss
    Member
    Posted 1 year ago #

    The only security plugins I'm using are Better WP Security, Wordfence, and WordPress Firewall 2. Wordfence lets you whitelist IPs that it blocks, and it is not blocking WP Remote. WordPress Firewall 2 has a global whitelist.

    It's only when I deactivate Better WP Security that I can make updates with WP Remote.

    WP Remote is still able to initiate backups and connect with my sites, but it always thinks they are all updated unless I turn off Better WP Security.

  4. Lee Hayward
    Member
    Posted 1 year ago #

    Dan, I know this might sound like a dumb suggestion.. But have you disabled the other two firewall plugins and just left Better WP Security running? Also, you might want to enable php logging and see if you can find anything obvious in there.. I think there's some tuts on this if you google it...

  5. Dan Knauss
    Member
    Posted 1 year ago #

    No, that's not it. As soon as Better WP Security is disabled, WP Remote works with or without the others activated too. I don't think anything is going to be in the php log, just the access log. Does Better WP Security have its own log hidden away somewhere?

  6. Dan Knauss
    Member
    Posted 1 year ago #

    Yeah nothing in the php error log.

  7. Lee Hayward
    Member
    Posted 1 year ago #

    Hi Dan. This would need to be tested with the WPremote script, not Better Security. Email the WPremote people and see if they can check it for you, there should be an option to log_errors or a display_errors function you can turn on somewhere in their script, for debugging.

    Good luck, I hope the developer gets back to you.

  8. Hi Dan,

    While I'm not familiar with WPRemote it sounds to me as if it's looking for version numbers or update notifications which are features under "System Tweaks" in better wp security. Can you please check it with these options turned off.

    As for debugging, as a reference you can use the following 3 directives in wp-config.php

    `define( 'WP_DEBUG', true );
    define( 'WP_DEBUG_LOG', true );
    define( 'WP_DEBUG_display', false );
    '

    Turn off and on at will of course.

  9. Dan Knauss
    Member
    Posted 1 year ago #

    @Chris -- Duh! I overlooked those checkboxes for hiding the version #s. That's all it took to fix.

    @Lee -- WPremote.com is a hosted service that connects to WP sites using their plugin. I've communicated with them recently about this, and they had no answer other than whitelisting their IP and talking to Chris (@bit51) about it.

  10. Lee Hayward
    Member
    Posted 1 year ago #

    Dan. Yes, I know . But I'm saying that the problem might be something with happening with their plugin, they still need to execute code via their plugin on your server. Simply saying Whitelist the IP is not helpful, when I can guess it isn't their IP being blocked or all of us would be experiencing the same problem. Just a thought!

  11. Dan Knauss
    Member
    Posted 1 year ago #

    Lee - the problem is solved. There was no reason to suspect the wp-remote plugin. It was obviously communicating with their site but no longer seeing any needed updates. Not seeing any filtering by mod_security or anything else like that, it seemed like a change must have occurred in the Better WP Security plugin. I didn't assume anything based on your setup, since I don't know the details and I had about 10 sites on different hosts all showing the same behavior.

    I don't recall seeing the "tweaks" to block visibility of version numbers before, so my guess is they were added recently as new features and activated by default, or else their behavior changed in a way that started to affect how WP Remote works. If anyone else gets snagged by this, hopefully they find this thread. I'll pass it on to WP Security too.

  12. Thanks for the followup Dan! That's actually one of the original features of the plugin (well, since 2.x anyway). I just need to make it easier to find.

  13. Dan Knauss
    Member
    Posted 1 year ago #

    Thanks for the help!

    Was there a change in the way this feature works? I didn't activate it on my sites recently, so I'd assume it was either switched on after an update or else the way version numbers are hidden changed. Previously WP-Remote has had no problem identifying needed updates and implementing them on these sites.

  14. @Dan, no change on that one. It is however turned on with the "One-click" feature which may be where the conflict began.

  15. fulanoinc
    Member
    Posted 1 year ago #

    What about blocking Google? Anyone know what setting is causing this?

  16. fulanoinc
    Member
    Posted 1 year ago #

    No analytics after BWPS install.

  17. Dan Knauss
    Member
    Posted 1 year ago #

    Check your robots.txt. BWPS won't block Googlebots.

    FYI -- current release of BWPS will block WP Remote again if Filter Suspicious Query Strings or Prevent long URL strings are active in "tweaks."

  18. tinozee
    Member
    Posted 1 year ago #

    Hi,

    First of all this is a really cool plugin. I have been getting the Googlebot IPs locked out as well. On lookup it seems this is a real google ip being blocked - 66.249.75.146.

    My setup is a copy of my site on a test acct., with a real domain pointed to it for accurate testing and dns config testing. I also have the WP install set to "Discourage search engines from indexing this site". Not sure if that settibng would come into play at all but I thought I would mention it.

    Once I can configure this plugin such that it will not interfere with googlebot I will use it. Is adding IPs to a white list the only mechanism besides disabling this feature?

    Thanks.

  19. tinozee
    Member
    Posted 1 year ago #

    Oh shucks, sorry if this is in the wrong thread!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic