WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] During update to version .47.3 .htaccess file persimmon changed (10 posts)

  1. WayneM1
    Member
    Posted 1 year ago #

    I just did the ver .47.2 to ver .47.3 update.

    The .htaccess file permission was changed during the update to unlock the file. It does not automatically re-lock.

    The recommended permission is 404
    If you don't use the "edit/upload/download" tab feature to re-lock, the permission will be 644

    I noted this here in the support forums for the last release, too. I thought you had indicated that it would be fixed - just wanted to make sure you are aware that it's stilling doing that.

    Again, thanks for the great plugin! :-)

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I had indicated that i thought the CHMOD 404 was working fine and would double check the coding. it does work fine on testing sites so I need to know what your Server API is to see why it is not working on your Server/website. Or there could be some other cause why it is not working on your site.

    Please post these BPS System Info fields below for your website:

    Server Type:
    Operating System:
    Server API:
    Multisite:

    Here is a section of the coding that performs the CHMOD 404 based on your Server API.

    if (@$permsHtaccess == '644.') {
    	if (substr($sapi_type, 0, 3) == 'cgi' || substr($sapi_type, 0, 9) == 'litespeed' || substr($sapi_type, 0, 7) == 'caudium' || substr($sapi_type, 0, 8) == 'webjames' || substr($sapi_type, 0, 3) == 'tux' || substr($sapi_type, 0, 5) == 'roxen' || substr($sapi_type, 0, 6) == 'thttpd' || substr($sapi_type, 0, 6) == 'phttpd' || substr($sapi_type, 0, 10) == 'continuity' || substr($sapi_type, 0, 6) == 'pi3web' || substr($sapi_type, 0, 6) == 'milter') {
    	chmod($filename, 0404);
    	}
    	}
  3. WayneM1
    Member
    Posted 1 year ago #

    Okay.

    Here are the settings...

    Server Type: Apache
    Operating System: Linux
    Server API: cgi-fcgi - Your Host Server is using CGI.
    Multisite: Multisite is Not enabled

    This is no big deal as far as how great BPS works. If I have to check and change the lock setting on the file, I can do that.

    Thanks again.

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    hmm yeah this one is baffling me. Your SAPI type is CGI so the CHMOD 404 should be working. Which web host do you have? I have access to around 100 web hosts worldwide so if your web host is one that i have access too then i can test BPS on this host. Thanks.

  5. WayneM1
    Member
    Posted 1 year ago #

    Hosting = HostGator.com (usually quite good with all settings) running on shared hosting server.

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep the coding should work fine on HostGator. one of my testing sites is on a HostGator shared account so i know already that it should work fine. This is a weird problem because if another plugin or something else was interfering with BPS then typically you would be seeing other problems as well besides just having a CHMOD issue. Please post a list of all the plugins you have installed. If you do not want to post them here then send them through the ait-pro.com contact form. thanks.

  7. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    And actually I may decide to NOT automatically do the CHMOD 404 depending on how many people are having this problem. So far it is only a handful of people. I know of 6 web hosts out of 100's the strictly impose 644 permissions for .htaccess files. And BPS checks the SAPI so this does not apply to DSO configured Servers. The CHMOD 404 will not be done for DSO configured Servers.
    http://wordpress.org/support/topic/plugin-bulletproof-security-403-after-updating?replies=5

  8. WayneM1
    Member
    Posted 1 year ago #

    Intalled Plugins:

    Advanced Most Recent Posts Mod
    Akismet
    ALO EasyMail Newsletter
    BulletProof Security
    Duplicate Post
    Kalin's Post List
    Limit Login Attempts
    My Custom CSS
    NoSpamNX
    Simple Lightbox
    TimThumb Vulnerability Scanner (deactivated)
    TinyMCE Advanced
    Under Construction

    I don't think that hostgator is not allowing 644 .htaccess files, as I can change that with the lock/unlock feature (and via file manager).

  9. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I am not familiar with some of these plugins, but none of them appear to be plugins that would do anything to interfere with the CHMOD. I will install/test them and see what happens.

  10. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    After testing all these plugins none of them interfered with the CHMOD to 404 and i tested on a HostGator testing site for good measure so this is going to one of those unsolved mysteries i guess. I am not really sure what might be blocking the CHMOD??? Since the CHMOD coding is working the way it should for most folks then there is not anything to fix. ;) Thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.