WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
Upload and Download Backups (26 posts)

  1. sweetmelody
    Member
    Posted 3 years ago #

    I've installed the latest BPS plugin - version .45.9. Everything is looking good and I'm loving it. However, there're 3 errors listed in 'General BulletProof Security File Checks' box:

    Your File Upload settings are NOT backed up yet
    Your File Download settings are NOT backed up yet
    Your File Upload settings are NOT backed up yet

    How do I solve the problem?

    Thank you!

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Hi,

    BPS .46 was released today so these checks are no longer being done. There was a security vulnerability with the uploader code that was borrowed so we removed it and wrote new uploading and downloading code for BPS. File Uploading is now AutoMagic - no setup required and File Downloading is one click - no setup required. Neither of these now need to be backed up because they are auto configured. Thanks.

    - Ed

  3. sweetmelody
    Member
    Posted 3 years ago #

    Thank you for the great plugin.

    I've upgraded to BPS .46, the upload & download error messages are solved but there's a new error message saying:

    (red font) Deny All protection NOT activated for BPS Master /htaccess folder
    (green font) √ Deny All protection activated for /wp-content/bps-backup folder

    How do I solve the 'red font' error message? Thanks!

  4. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Very Welcome!

    Yep that is actually a status check message to remind you to Activate Deny All htaccess protection for the BPS Master /htaccess folder.
    To do that you would go to the Security Modes page and Activate BulletProof Mode for the BPS Master /htaccess folder. This function is really there to detect any problems early on with folder permisssions for the BPS Master /htaccess folder. It will most likely be completely automated down the road, but for now this extra click serves a purpose.
    Thanks,
    Ed

  5. sweetmelody
    Member
    Posted 3 years ago #

    Thanks, followed the steps and the error message is gone.

    However, many things are working awkward in my WP dashboard today:
    1. can't delete plugins
    2. can't drag widgets in widgets area
    3. can't change settings in plugins

    As they will lead to a page 'Page Not Found'.

    I guess this is due to the overwrites in .htaccess.

    Please help, thanks!

  6. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Ok update your custom permalink structure
    Go to Settings >>> Permalinks
    check to make sure PHP5 is running on your WordPress site
    Go to the BPS System Info page >>> check PHP version it should start with a 5 not a 4.
    If you see that the PHP version is 4 then let my know what web host you are using so i can give you the correct directive for your host to force PHP5 to run. Or if you want me to fix the problem for you then create a temporary admin account for me and send that info to edward[at]ait-pro[com] Thanks.
    Ed

  7. sweetmelody
    Member
    Posted 3 years ago #

    I had just transferred my site to Bluehost as an addon domain. Hence, it will be in a sub directory (maindomain - public_html - addondomain). Can I still use BPS for a sub directory?

    For Settings >>> Permalinks. I didn't see any thing which say whether it's a PHP5.

    Thank you for your reply.

  8. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    addon domains do not require any additional "special" modifications. An addon domain should be seen by htaccess and BPS as if it is the main domain for the hosting account.

    I have added a new function that will check to make sure that permalinks have been enabled. Permalinks must be enabled in order for BPS to function correctly. This check will be included in BPS .46.1. send me an email to email address I have listed above and i will send you the new files. Your BPS installation will still show .46 so that when .46.1 is officially released you will be notified to upgrade.

    Also send me your website URL in order for me to see your website. Thanks.
    Ed

  9. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Actually I decided just to update .46 with these additions so even simpler for anyone is just to uninstall and reinstall BulletProof to get these new features. This will not affect your current .htaccess files. It will only update the BPS plugin files themselves. If you want to keep your current master files – secure.htaccess, default.htaccess, etc then back them up and after you reinstall BPS restore them. Thanks.
    Ed

  10. sweetmelody
    Member
    Posted 3 years ago #

    Hi Ed,

    I have reinstalled BPS security plugin after moving to another web host. In addition, I have checked BPS security info, permalinks are enabled and it's running PHP5.

    However there're some problems in WP dashboard:

    1. I can't change any settings in WP dashboards - change Buddypress settings, password, drag widgets in widget area, etc. All the attempts will lead to an error page:

    example url and message -
    http://{domain.com}/wp-admin/admin.php?page=bp-general-settings

    403 Permission Denied
    You do not have permission for this request /wp-admin/admin.php?page=bp-general-settings

    2. I will be directed to the setting page that I have locked off from WP dashboard when I log in. For example, if I log off from WP dashboard widget settings area, then I will be directed to the widget setting page when I log in. This is something unusual as no matter which setting page I log off from WP dashboard, I should be directed to the main WP dashboard page.

    Are these problems due to the no-present of .htaccess in wp-admin folder? The following are the red messages in BPS status:

    NO .htaccess file was found in your /wp-admin folder
    Your Current wp-admin .htaccess File is NOT backed up yet

  11. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Hi,
    Insteaad of trying to guess what is going on with your particular setup why don't you send me your website URL so i can look at your site and see exactly what your particular problem is. Thanks.

  12. sweetmelody
    Member
    Posted 3 years ago #

    Already emailed the link to you. Anyway, here's the url.

  13. wp.Man
    Member
    Posted 3 years ago #

    BPS .46 - minor conflict with Atahualpa theme (3.6.4, maybe others)

    Atahualpa offers an option to export/import a file that contains all theme settings. the export button directs to:

    http://your_website/?bfa_ata_file=settings-download

    with the secure BSP root htaccess in place, this link doesn't work. in my case

  14. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    @sweetmelody - Yep I found your email with your URL - it was spammed. Please send the requested info in my email reply. Thanks.

    @wp.Man - Ok thanks for the heads up. I will install and test this Theme. Will post the fix here and on the AITpro Plugin / Theme testing page. Thanks.

    Ed

  15. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    @wp.Man - Yikes the download pop up redirect is leaving the /wp-admin area. I need to look at this some more. This does not appear to be a quick fix and i am concerned that by adding a rule to allow this i might be taking part in allowing something that might open up a security vulnerability. I will need to look at this in depth. Thanks.

    -Ed

  16. wp.Man
    Member
    Posted 3 years ago #

    hi Ed - thanks for your fast response and for looking into this.

    re: the download pop-up leaving the admin area -- do you think this is this a concern the Atahualpa dev needs to made aware of (security concern)? or is this only possible with BPS installed?

    thanks

  17. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    @wp.Man - I don't think it is a big deal as far as security goes, but I am not going to add a fix for this one. I am not happy with what this allows so on this one i am going to have to say that if someone wants to do an export with this Theme then they will have to temporarily put their site in Default Mode. Thanks.

    -Ed

  18. wp.Man
    Member
    Posted 3 years ago #

    good enough!
    thanks for looking into it!

  19. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    @sweetmelody - whoops i didn't see that you had asked if activating the wp-admin BulletProof Mode was necessary. Yes it is because the way .htaccess files work is that the rules in a parent file / folder are applied to all subfolders of that parent so the root .htaccess file rules will be applied to the /wp-admin folder, which you don't want because of the RewriteRule and RewriteBase rules in the root .htaccess file. The wp-admin BulletProof file does not contain RewriteRule and RewriteBase so what happens is that if an .htaccess file exists in a subfolder then that folder will follow the rules in the .htaccess file that is in that folder. Basically nullifying the parent / root htaccess file. I was looking too deep on this one. The BuddyPress and GenesisConnect thing already had me thinking that it was another more complex issue. LOL. Thanks.

    Ed

  20. Viktor Vladimirovich
    Member
    Posted 3 years ago #

    Hello,
    After installation of a plug-in at me the site is blocked.
    Help to solve a problem

    Здравствуйте,
    После установки плагина у меня заблокирован сайт.
    Помогите решить проблему

  21. Viktor Vladimirovich
    Member
    Posted 3 years ago #

    Hello,
    After installation of a plug-in at me the site is blocked.
    Help to solve a problem

    site http://stockmarketru.com

  22. esmi
    Forum Moderator
    Posted 3 years ago #

    Stop posting the same question!

  23. Viktor Vladimirovich
    Member
    Posted 3 years ago #

    Has solved a problem independently

  24. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Well done! Sorry I didn't respond back to you sooner. I check the forums throughout the day between work. Glad to hear you got it figured out. :) Thanks.
    Ed

  25. sweetmelody
    Member
    Posted 3 years ago #

    @AITpro
    Ed, thank you for the help! You are a genius! ☺

  26. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    @sweetmelody - Ha ha I wish. Very welcome and thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.