Plugin Author
AITpro
(@aitpro)
Hi,
BPS .46 was released today so these checks are no longer being done. There was a security vulnerability with the uploader code that was borrowed so we removed it and wrote new uploading and downloading code for BPS. File Uploading is now AutoMagic – no setup required and File Downloading is one click – no setup required. Neither of these now need to be backed up because they are auto configured. Thanks.
– Ed
Thank you for the great plugin.
I’ve upgraded to BPS .46, the upload & download error messages are solved but there’s a new error message saying:
(red font) Deny All protection NOT activated for BPS Master /htaccess folder
(green font) √ Deny All protection activated for /wp-content/bps-backup folder
How do I solve the ‘red font’ error message? Thanks!
Plugin Author
AITpro
(@aitpro)
Very Welcome!
Yep that is actually a status check message to remind you to Activate Deny All htaccess protection for the BPS Master /htaccess folder.
To do that you would go to the Security Modes page and Activate BulletProof Mode for the BPS Master /htaccess folder. This function is really there to detect any problems early on with folder permisssions for the BPS Master /htaccess folder. It will most likely be completely automated down the road, but for now this extra click serves a purpose.
Thanks,
Ed
Thanks, followed the steps and the error message is gone.
However, many things are working awkward in my WP dashboard today:
1. can’t delete plugins
2. can’t drag widgets in widgets area
3. can’t change settings in plugins
As they will lead to a page ‘Page Not Found’.
I guess this is due to the overwrites in .htaccess.
Please help, thanks!
Plugin Author
AITpro
(@aitpro)
Ok update your custom permalink structure
Go to Settings >>> Permalinks
check to make sure PHP5 is running on your WordPress site
Go to the BPS System Info page >>> check PHP version it should start with a 5 not a 4.
If you see that the PHP version is 4 then let my know what web host you are using so i can give you the correct directive for your host to force PHP5 to run. Or if you want me to fix the problem for you then create a temporary admin account for me and send that info to edward[at]ait-pro[com] Thanks.
Ed
I had just transferred my site to Bluehost as an addon domain. Hence, it will be in a sub directory (maindomain – public_html – addondomain). Can I still use BPS for a sub directory?
For Settings >>> Permalinks. I didn’t see any thing which say whether it’s a PHP5.
Thank you for your reply.
Plugin Author
AITpro
(@aitpro)
addon domains do not require any additional “special” modifications. An addon domain should be seen by htaccess and BPS as if it is the main domain for the hosting account.
I have added a new function that will check to make sure that permalinks have been enabled. Permalinks must be enabled in order for BPS to function correctly. This check will be included in BPS .46.1. send me an email to email address I have listed above and i will send you the new files. Your BPS installation will still show .46 so that when .46.1 is officially released you will be notified to upgrade.
Also send me your website URL in order for me to see your website. Thanks.
Ed
Plugin Author
AITpro
(@aitpro)
Actually I decided just to update .46 with these additions so even simpler for anyone is just to uninstall and reinstall BulletProof to get these new features. This will not affect your current .htaccess files. It will only update the BPS plugin files themselves. If you want to keep your current master files – secure.htaccess, default.htaccess, etc then back them up and after you reinstall BPS restore them. Thanks.
Ed
Hi Ed,
I have reinstalled BPS security plugin after moving to another web host. In addition, I have checked BPS security info, permalinks are enabled and it’s running PHP5.
However there’re some problems in WP dashboard:
1. I can’t change any settings in WP dashboards – change Buddypress settings, password, drag widgets in widget area, etc. All the attempts will lead to an error page:
example url and message –
http://{domain.com}/wp-admin/admin.php?page=bp-general-settings
403 Permission Denied
You do not have permission for this request /wp-admin/admin.php?page=bp-general-settings
2. I will be directed to the setting page that I have locked off from WP dashboard when I log in. For example, if I log off from WP dashboard widget settings area, then I will be directed to the widget setting page when I log in. This is something unusual as no matter which setting page I log off from WP dashboard, I should be directed to the main WP dashboard page.
Are these problems due to the no-present of .htaccess in wp-admin folder? The following are the red messages in BPS status:
NO .htaccess file was found in your /wp-admin folder
Your Current wp-admin .htaccess File is NOT backed up yet
Plugin Author
AITpro
(@aitpro)
Hi,
Insteaad of trying to guess what is going on with your particular setup why don’t you send me your website URL so i can look at your site and see exactly what your particular problem is. Thanks.
Already emailed the link to you. Anyway, here’s the url.
BPS .46 – minor conflict with Atahualpa theme (3.6.4, maybe others)
Atahualpa offers an option to export/import a file that contains all theme settings. the export button directs to:
http://[your_website]/?bfa_ata_file=settings-download
with the secure BSP root htaccess in place, this link doesn’t work. in my case
Plugin Author
AITpro
(@aitpro)
@sweetmelody – Yep I found your email with your URL – it was spammed. Please send the requested info in my email reply. Thanks.
@wp.Man – Ok thanks for the heads up. I will install and test this Theme. Will post the fix here and on the AITpro Plugin / Theme testing page. Thanks.
Ed
Plugin Author
AITpro
(@aitpro)
@wp.Man – Yikes the download pop up redirect is leaving the /wp-admin area. I need to look at this some more. This does not appear to be a quick fix and i am concerned that by adding a rule to allow this i might be taking part in allowing something that might open up a security vulnerability. I will need to look at this in depth. Thanks.
-Ed
hi Ed – thanks for your fast response and for looking into this.
re: the download pop-up leaving the admin area — do you think this is this a concern the Atahualpa dev needs to made aware of (security concern)? or is this only possible with BPS installed?
thanks
