WordPress.org

Ready to get started?Download WordPress

Forums

Use as featured image link not working (33 posts)

  1. tudor07
    Member
    Posted 2 years ago #

    EDIT: SOLVED !

    I just removed the BulletProof htacces file.

  2. AITpro
    Member
    Posted 2 years ago #

    So you're saying that now your website is unprotected against hackers? Doesn't sound like such a good solution to me. ;) Most likely the problem is with the Theme you are using. It is common pratice to use words like "select" and other dangerous SQL command words which are being filtered by BPS. There is no technical reason to use dangerous words like "select". They are typically used out of simplicity and logic, but unfortuately it is not a good practice. See this link for a solution or at least the direction you should be looking if for the problem with your Theme.
    http://wordpress.org/support/topic/use-as-featured-image-link-not-working?replies=31

  3. AITpro
    Member
    Posted 2 years ago #

    Also i want to make this point. If BPS is blocking something in a plugin or in a Theme that is seen as unsafe, an exploit or a vulnerability then you should look at the root reason and cause for why it is seen as unsafe and why BPS is protecting you from the script running on your site. A classic example is this. A Zero Day Vulnerability exists in TimThumb, phpThumb and the Thumb scripts which allow someone to remotely inject code via the vulnerabilities in these scripts. A new patch and solution just recently was found, but if your Theme or plugin is using an older version of these thumbnailer scripts then your website is hackable. BPS offers an htaccess skip rule to not apply any protection to your thumbnailer scripts to allow them to function correctly. So what occurs here is that if you use the skip rule then you have effectively made your website vulnerable to being hacked via the thumbnailer script because you are telling BPS to not block it. If you are using a thumbnailer script in your Theme or any Plugins please take a look at this post by Mark Maunder for the problem and solution to this issue.

    http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

    So in summary it is always wiser to look at the root cause of a problem so that you can see the full extent of the problem and then apply an appropriate solution. Thanks.
    Ed

Topic Closed

This topic has been closed to new replies.

About this Topic