[Plugin: BulletProof Security] Compatible with reverse proxies?

  • Resolved kilakiwi

    (@kilakiwi)


    11 years, 7 months ago

    I’m having some trouble configuring bulletproof for CloudFlare, and thought that before I spend all day on this I should check: Is BPS compatible with reverse proxies, such as CloudFlare? If so, do you have setup recommendations?

    I added CloudFlare’s IPs to my allow list for <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">, but my site still crashes when the Bulletproof .htaccess file is enabled. Any other suggestions?

    FYI, my BPS installation is on my primary domain at GoDaddy, and my CloudFlare site is aliased under that primary domain on the same server. Thanks.

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author AITpro

    (@aitpro)

    11 years, 7 months ago

    Both BPS and BPS Pro work seamlessly with CloudFlare. You do not need to change anything or configure BPS or BPS Pro to work with CloudFlare. The FilesMatch section is just protecting those critical files from being accessible from a Browser. So if you wanted to be able to view these files from your Browser you would add your own IP address.

    Plugin Author AITpro

    (@aitpro)

    11 years, 7 months ago

    If your site is crashing then this is most likely because of a problem with the root .htaccess file itself on your particular Server.

    Try these troubleshooting steps.

    Some web hosts disable using the Options Directive in .htaccess files. comment out #Options -Indexes with a pound sign

    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    #Options -Indexes

    1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Test your plugin, theme or website.
    5. Restore your .htaccess files after testing using the BulletProof Security built-in Restore.

    Post this information about your Server/website in your reply. You will find this information on the BPS System Info page:
    Server Type:
    Operating System:
    Server API:

    Thread Starter kilakiwi

    (@kilakiwi)

    11 years, 7 months ago

    Thank you very much for your help. After you said it should work, I re-enabled BPS (after deleting the CloudFlare IPs I had added to FilesMatch). It’s working PERFECTLY now. This is a huge relief, because Bulletproof protects all of my aliased sites with one install on my primary domain, including two multisite installs, and I don’t have to add them to CloudFlare and set my blocks up site by site.

    I think was initially crashed the site was that my CloudFlare plugin itself was not configured. I assumed it was BPS, because I usually have to turn it off while adding sites or re-installing WordPress, but had forgotten to do so when setting up CloudFlare.

    Bulletproof continues to amaze me. Thank you again.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: BulletProof Security] Compatible with reverse proxies?’ is closed to new replies.