WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] 500 error on subdomain where I installed WordPress (21 posts)

  1. skeitel
    Member
    Posted 1 year ago #

    I have installed BulletProof at the root level with great results in Bluehost.
    Whithin the domain I have added subdomains, one of which is a wordpress installation.
    Unfortunately when I go to said blog I can only see the following error:
    ----
    Forbidden

    You don't have permission to access / on this server.

    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
    ----

    I have contacted Bluehost and they told me that the problem is in BPS settings, but I have no idea how to solve the problem myself :(
    Help please!

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. skeitel
    Member
    Posted 1 year ago #

    By the way, I just noticed that the title of the webpage is different to the error it details on the text. The title of the page that shows the error is "403 forbidden".

    I don't know if this is relevant

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Did you click the AutoMagic buttons first before activating BulletProof Modes on your sub folder/sub domain sites?

    If you are unable to log into your site then use FTP or your web host control panel file manager and delete the .htaccess file in the website root folder of the site you cannot log into. Then log into your site, click the AutoMagic buttons and activate all BulletProof Modes.

  4. skeitel
    Member
    Posted 1 year ago #

    Hi,
    Yes I think so, but don't remember. I certainly did everything to have the safest settings.

    Ok I'll try what you say. Thanks for your reply!

  5. skeitel
    Member
    Posted 1 year ago #

    I followed your instructions.

    1) deleted htaccess (renamed it actually, was too chicken to delete it, just in case. I called it .htaccess_old_bulletproof)

    (note: I have a simple image on the subdirectory that's all there is, for testing purposes)

    2) I pressed both automagic buttons and refreshed the subdirectory website to check. All ok. Image showing.

    3) I activated Website Root Folder .htaccess Security Mode, and refreshed the subdirectory website. THIS BROKE THE WEBSITE showing the message I detailed on my first post.

    4) I deactivated this Website Root Folder .htaccess Security Mode, and reverted it to default.

    5) I carefully activated one by one of the following modes, refreshing in between each. No activation of these modes broke the website.

    My conclusion is that the problem is on the "Website Root Folder .htaccess Security Mode". Only when this was activated the website broke.

    What should I do to resolve this? :(

    THANK YOU!

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    When you say you have subdomain sites are they true subdomain sites?
    Example: mysubdomain.example.com
    or are you talking about subfolder wordpress installations?
    Example: example.com/wordpress-subfolder-site

    Go to the WordPress Settings Panel, click on General Settings and post your...
    WordPress Address (URL)
    Site Address (URL)

    Also go to the System Info page and post these things below.
    DNS Name Server:
    Server Type:
    Operating System:
    Server API:
    Multisite:

  7. BH_WP_Guru
    Member
    Posted 1 year ago #

    I actually think that Wordfence is an awesome security program that works better specifically with Bluehost. And it's Free http://www.wordfence.com

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    @BH_WP_Guru - Yep Wordfence is good security plugin. Just curious have they fixed the ongoing memory/resource problems that have been going on for months with that plugin? The last time i checked the Wordfence plugin with the P3 profiler plugin, wordfence was consuming up to 45% of a websites resources/memory and causing website slowness and other problems. I have not checked the latest version so maybe they finally got that figured out. Thanks.

  9. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I just installed and tested Wordfence 3.1.6 with the P3 Profiler plugin and the same memory/resource problem is still occurring. The website performance is severely impacted by Wordfence. I think there are some really excellent things about Wordfence, but website performance is not something you can sacrifice for security sake because that is self defeating. A website security plugin (or all/any other plugins) should not interfere with website performance whatsoever.

    Wordfence is activated with no scanning just the plugin being activated severely increases the avg load time.

    WordPress Plugin Profile Report
    ===========================================
    Report date: August 22, 2012
    Theme name: Twenty Eleven
    Pages browsed: 11
    Avg. load time: 3.9352 sec
    Number of plugins: 8
    Plugin impact: 80.53% of load time
    Avg. plugin time: 3.1688 sec
    Avg. core time: 0.6268 sec
    Avg. theme time: 0.1298 sec
    Avg. mem usage: 20.73 MB
    Avg. ticks: 2,472
    Avg. db queries : 37.00
    Margin of error : 0.0097 sec

    Plugin list:
    ===========================================
    P3 (Plugin Performance Profiler) - 0.0397 sec - 1.25%
    Akismet - 0.0545 sec - 1.72%
    BulletProof Security Pro - 0.2520 sec - 7.95%
    Page Links To - 0.0251 sec - 0.79%
    Plugin Central - 0.0315 sec - 0.99%
    Theme My Login - 0.7408 sec - 23.38%
    W3 Total Cache - 0.7993 sec - 25.22%
    Wordfence Security - 1.2258 sec - 38.68%

    When you deactivate Wordfence you see that the average load time goes back to a normal and decent page load speed.

    WordPress Plugin Profile Report
    ===========================================
    Report date: August 22, 2012
    Theme name: Twenty Eleven
    Pages browsed: 11
    Avg. load time: 0.9313 sec
    Number of plugins: 7
    Plugin impact: 67.44% of load time
    Avg. plugin time: 0.6281 sec
    Avg. core time: 0.2515 sec
    Avg. theme time: 0.0396 sec
    Avg. mem usage: 18.45 MB
    Avg. ticks: 2,023
    Avg. db queries : 37.36
    Margin of error : 0.0121 sec

    Plugin list:
    ===========================================
    P3 (Plugin Performance Profiler) - 0.0343 sec - 5.46%
    Akismet - 0.0169 sec - 2.69%
    BulletProof Security Pro - 0.0873 sec - 13.89%
    Page Links To - 0.0179 sec - 2.85%
    Plugin Central - 0.0451 sec - 7.17%
    Theme My Login - 0.3385 sec - 53.89%
    W3 Total Cache - 0.0882 sec - 14.04%

  10. skeitel
    Member
    Posted 1 year ago #

    Hi
    What I meant with "subdomain" is a WordPress installation within a WordPress installation that contains the other domains. They look like independent domains to the outside world, like http://www.example.com, but behind the scenes it is contained in the main wordpress install.

    I was told by Bluehost that it is the BPS in the main WordPress install that is creating the problem, that's why I am here :(

  11. BH_WP_Guru
    Member
    Posted 1 year ago #

    BulletProof puts a lot in your .htaccess file and that will apply to all subfolders. So when you have a WordPress in a subfolder, its trying to apply all of those settings also. You would either need to install Bulletproof onto that subfolder wordpress also, so it gets its own copy of .htaccess for its subfolder, or you will have to create your own custom .htaccess for that subfolder that will cancel out or undo everything done in the main folder's .htaccess

    I think that's what you are asking about, let me know if I am answering something different then you asked.

  12. skeitel
    Member
    Posted 1 year ago #

    Ohhhh...that's very interesting. So are you saying that a local BPS in the sub-installation would override the power of the BPS sitting above it at the root level? Very interesting. I am surprised.

    I'll try that then, and see if it works
    Thank you

  13. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    BH_WP_Guru is correct. .htaccess files work in a hierarchical way. If a parent folder has an .htaccess file and a child folder does NOT have an .htaccess file then the security rules and rewrite rules in the parent folder will be applied to the child folder. If the child folder has its own .htaccess file then it will follow the security rules and rewrite rules of its own .htaccess file instead of the parent .htaccess file.

    @skeitel - No, a subfolder/child folder .htaccess file cannot be applied to a parent folder. the rules are applied from parent to child.

    Each site should have BPS installed and each site should have its own .htaccess files that were created using AutoMagic and then activating all BulletProof Modes.

    I still do not know exactly what type of WordPress installations you have, but i think they are sub folder installations and not true subdomain wordpress installations.
    Are you saying that you have WordPress websites set up like this.

    WebsiteA - / installed in the root website folder
    WebsiteB - /WebsiteB installed in a sub folder called WebsiteB
    WebsiteC - /WebsiteC installed in a sub folder called WebsiteC

    A subdomain site URL would look like this - mysubdomain.example.com

    did you setup DNS in your web host control panel to have your other sites point to your main domain or have you done any other DNS settings anywhere else?

  14. skeitel
    Member
    Posted 1 year ago #

    What I have is what you describe as Website C. I don't have mysubdomain.example.com

    Regarding DNS, I have not re-directed anyting manually. I just use the auto-installation script from Bluehost so I don't know exactly how this works, sorry.

    I'll try to install BPS in the subfolder website and see how that goes then.

    Thanks again

  15. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Is the problem still occurring or is the problem resolved?

  16. bhpress
    Member
    Posted 1 year ago #

    @AITpro Just so you know, .htaccess works in a waterfall approach (what I have always heard it called). Like you said all information in the parent will take affect in the child if there is no .htaccess. That being said, if there is a .htaccess in the child directory, it needs to contain some information so that it doesn't still use the parent directories settings. For example if you don't want the redirects in the parent directory being used on the child, you would need to create the .htaccess in the child and simply add RewriteEngine On. That way the child directory would look there for redirects and see that there aren't any.

    I hope I made sense :)

  17. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yes, that is correct.

  18. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Resolving due to lack of response. If the problem is resolved please confirm that it is resolved. If it is not resolved please state that the problem is not resolved.

  19. ramkumaritrvs
    Member
    Posted 1 year ago #

    hello,
    i got the same error.i installed bulletproof security plugin.

    i have installed (wordpress)www.taywolt.com.
    my sub domain is http://www.demo.taywolt.com.(html)

    while i tried to access my subdomain it shows 403 error.

    how can i give solve this?

  20. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    First fix your subdomain naming convention and see if that solves the problem. You have a double subdomain prefix. It should be just demo.taywolt.com without the www prefix.

  21. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic