Forums

WordPress › Support » Plugins and Hacks

BulletProof Security
[resolved] WP Twin auto-backup not working with BPS Pro (9 posts)

  1. nigeldv
    Member
    Posted 4 months ago #

    Hey

    Really love BPS Pro and I have been a fan of WP twin for sometime now. It would be great to get the wp twin auto backup working with BPS Pro if possible.

    The command for the cron job is:
    wget -O /dev/null 'http://example.com/wptwin-autobackup.php?mode=clone&clonekey=my-clone-key'

    This does not generate a back up at all when the cron job is actioned and the automated email I get back is this:

    http://example.com/wptwin-autobackup.php?mode=clone&clonekey=my-clone-key
    Resolving example.com... (IP address)
    Connecting to example.com|(IP address)|:80... connected.
    HTTP request sent, awaiting response... 403 Forbidden
    2012-12-30 13:33:01 ERROR 403: Forbidden.

    I have tried this with the lynx -source instead of wget as suggested but this produces nothing at all.

    Any assistance would be great.

    Thanks in advance.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author
    Posted 4 months ago #

    Hmm the lynx -source command should work fine, but you can do the alternative method of removing wget from the BPS security filters in your root .htaccess file instead.

    http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#WP-Twin-AUTO-BACKUP

  3. nigeldv
    Member
    Posted 4 months ago #

    AITpro thanks for the quick response. I will contact my host re the lynx -source command and see what comes back.

    I ran the auto backup cron last night having removed wget from the BPS security filters and it looks like it worked. I will test the package later today and see if it is good.

    I would be interested to know what kind of vulnerability I am opening my sites up to with the wget removed. Are you able to assist with this please?

    Many thanks

  4. AITpro
    Member
    Plugin Author
    Posted 4 months ago #

    There is very little risk in removing any of the RewriteCond %{HTTP_USER_AGENT} filters. These filters are bot level nuisance filters and a hacker who knows what they are doing can easily create/spoof the User Agent since wget and cURL can be run from a plain scripts/commands. The only way to really block wget and cURL 100% effectively is to have some non-public variable/Query String in the equation.

    Examples:

    $ wget --user-agent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3" URL-TO-DOWNLOAD

$useragent = 'Google';
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt ($ch, CURLOPT_REFERER, "http://www.google.com/bot.html");

  5. nigeldv
    Member
    Posted 4 months ago #

    AITpro

    Thanks for this. It is very helpful.

    I have tested the clone which was created through use of the wget command, following the removal of wget from the BPS security filters, and loaded it up to a test site. The appearance of the site it great at the frontend, however when I login to the admin end I am immediately redirected to the login page for the original site.

    e.g. cloned site is: exampleA.com
    clone is created on exampleB.com

    Attempt to login to exampleB.com/wp-admin immdiately redirects me to:
    exampleA.com/wp-login.php?redirect_to=http%3A%2F%2FexampleB.com%2Fwp-admin%2F&reauth=1

    Are you able to assist/advise please?

    Many thanks.

  6. AITpro
    Member
    Plugin Author
    Posted 4 months ago #

    That sounds like an issue with your wp-config.php DB connection info and not a BPS issue. Check your wp-config.php file to ensure that you have entered the correct DB connection info for this cloned site.

  7. AITpro
    Member
    Plugin Author
    Posted 4 months ago #

    Is this issue/problem resolved? If so, please resolve this thread. Thanks.

  8. AITpro
    Member
    Plugin Author
    Posted 4 months ago #

    Is this issue/problem resolved? If so, please resolve this thread. Thanks.

  9. AITpro
    Member
    Plugin Author
    Posted 4 months ago #

    Resolving this Thread due to lack of response. If the issue/problem is still occurring please unresolve this Thread. Thank you.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags