WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] BPS Preventing Contact Form 7 from working?? (9 posts)

  1. ScubaCool
    Member
    Posted 2 years ago #

    Hi everyone

    My site recently got hacked... and BPS was suggested by a number of WP Professionals. So far it is working a treat which is great!

    I need to allow my customers to upload images to me as part of a custom design service. However I think that BPS is preventing file uploads for security purposes.

    How do I allow the files to be uploaded?

    Here is the contact 7 form used on my site:
    http://scubacool.co.uk/products-page/custom-design-options/

    The uploads are being stored to
    /***/***/wpcf7_uploads

    There is a .htaccess file in there, I open it up and it just says 'Deny All From'

    Any help, ideas or suggestions would be great :-)

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Actually i don't think BPS is blocking the uploads, but it is possible. To Take BPS out of the equation for testing do these steps:

    To take BPS out of the equation completely for testing.
    1. Make a backup of your .htaccess files using BPS Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Test your plugin or theme.
    5. Restore your .htaccess files using BPS Restore.
    To completely uninstall BPS you would do the steps 2 and 3 and then just delete the BPS plugin on the WP Plugins page.

    If after you put your site in Default Mode and uploading does work then let me know and i will test Contact Form 7 uploading.

    The Deny All .htaccess file in the wpcf7_uploads folder must be put there by contact form 7 and it would not be blocking uploading and would only block people from viewing or opening the files from a browser.

    Please check the Contact Form 7 website FAQ page regarding uploads to make sure you have done all the upload settings correctly >>> http://contactform7.com/faq/

  3. ScubaCool
    Member
    Posted 2 years ago #

    Hi

    Thank you for getting in touch.

    That is exactly what I did.

    I deactivated BPS, activated default mode etc and the form worked perfectly without uninstalling BPS.

    Re-established BPS security and I receive the contact form information minus the image upload?? Frustrating?

    Any idea's?

  4. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Ok I will test Contact Form 7 uploading and see what is being blocked. It is most likely going to be that the uploader is calling a wp-admin file to perform the uploading and the bypass/skip rule that will be needed is this one below. Will post back here shortly after testing.

    http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#Full-Screen-Background-Images-Pro

  5. ScubaCool
    Member
    Posted 2 years ago #

    Hi

    Adding the code you mentioned
    # Full Screen Background Images Pro bypass / skip rule
    RewriteCond %{REQUEST_URI} (media-upload\.php) [NC]
    RewriteRule . - [S=2]

    Works!!

    I shall do more extensive testing this evening to confirm but thank you so much!! :)

  6. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Cool. Yep it seemed like a logical solution match. ;) I'll add this to the BPS plugin testing and compatibility page. Thanks for confirming this.

  7. ScubaCool
    Member
    Posted 2 years ago #

    Hi

    Correction, for some reason it worked for me fine hence my last message...

    I have asked some friends to try from different PC's around the world and I am getting their emails but not their image uploads :-(

    I have asked them to clear their broswer caches etc to ensure no residual problems...

  8. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Ok i'll also test your form. Double check that the wp-admin .htaccess file does still contain the bypass rule. let me know if you get the image upload. Also i wonder if since CF7 is using a wp-admin file and wp-admin requires authentication then maybe authentication would be required in order to upload a file?

  9. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    After testing BPS and CF7 together BPS is not blocking image uploading. I was able to successfully upload an image and it was attached to the email without adding any bypass/skip rules. I think you have not configured CF7 correctly. Or if the issue is that files are not being uploaded to a folder and not uploaded as an email attachment then you probably have an upload folder problem of some kind.

    This is the CF7 configuration / shortags that i used for successful testing.

    For "Form"
    <p>[file your-file filetypes:pdf|txt|png|jpg|gif limit:2mb]</p>

    For "Mail"
    File attachments:
    [your-file]

    The wpcf7_uploads folder does not contain an uploaded image whether or not BPS is in BulletProof Mode or in Default Mode so BPS is not a factor here. I did not research how to configure file uploads as the help information for CF7 is very vague, but in conclusion since an image is being successfully attached to an email test then BPS is not blocking CF7.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic