Bullet Proof Security and TimThumb

Resolved ianfrancisryan@eircom.net
(@ianfrancisryaneircomnet)

10 years, 7 months ago

I am using a third party theme for a site I am developing. The theme uses TimThumb for displaying thumbnail images. I am also using the Bullet Proof security plugin V .49.2 on the site.

With the Bullet Proof Security secure .htaccess enabled in the root, thumbnail placeholders appear on the frontend instead of the thumbnail images themselves. When I right click on the thumbnail placeholder and select to “View Image” I get the error:

403 Forbidden Error Page

If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

When I use a default (non Bullet Proof Security) .htaccess in the root then the thumbnail images are displayed as expected.

Can you advise what I need to do to resolve this issue?

Many Thanks

http://wordpress.org/plugins/bulletproof-security/

Viewing 9 replies - 1 through 9 (of 9 total)

Plugin Author AITpro
(@aitpro)

10 years, 7 months ago

Check your BPS Security log and post the error directly related to this issue/problem. If you do not see an error logged for this in the BPS Security log then right mouse click on the thumbnail and choose: Chrome: Copy link address, IE: Copy shortcut, Firefox: Copy Link Location, Safari: Copy Link and paste the link/URL here.

Thread Starter ianfrancisryan@eircom.net
(@ianfrancisryaneircomnet)

10 years, 7 months ago

Thanks for the reply.

The script that handles my TimThumb is named tn.php. I have identified that for the script to work I need to add tn.php to the TimThumb rule in my root secure .htaccess as follows:-

RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php|tn\.php) [NC]

How/where do I change this line such that the change is retained whenever I generate a new secure.htaccess file in Bullet Proof Security? I have tried to apply the change in the file under the “htaccess File Editor” -> “secure.htaccess” tab. However, when I then create a secure.htaccess file under the “Security Modes” tab the new secure.htaccess file does not retain the change to the TimThumb rule that I applied under the under the “htaccess File Editor” -> “secure.htaccess” tab but instead shows the default rule :-

RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]

i.e. the rule with the inclusion of the tn.php filename.

Plugin Author AITpro
(@aitpro)

10 years, 7 months ago

Great job on figuring this out! You would add this custom code to BPS Custom Code. This Forum link below has step by step instructions on how to do that.
http://forum.ait-pro.com/forums/topic/images-not-displaying-after-bulletproof-security-free-plugin-was-enabled-and-configured/#post-3828

Plugin Author AITpro
(@aitpro)

10 years, 7 months ago

Oops I just realized the step by step instructions are for the other skip/bypass option. Give me a minute and I will update that Forum Topic with step by step instructions for the Timthumb Forbid code.

Plugin Author AITpro
(@aitpro)

10 years, 7 months ago

Ok the Forum Topic help info has been updated and includes the Timthumb Forbid Custom Code steps now. Thanks.

Thread Starter ianfrancisryan@eircom.net
(@ianfrancisryaneircomnet)

10 years, 7 months ago

Sorry. Where do I find the updated Timthumb Forbid Custom Code steps?

Thread Starter ianfrancisryan@eircom.net
(@ianfrancisryaneircomnet)

10 years, 7 months ago

It’s Ok. I figured it out.

Many Thanks for the help.

Plugin Author AITpro
(@aitpro)

10 years, 7 months ago

So everything is working correctly now? Thanks.

Thread Starter ianfrancisryan@eircom.net
(@ianfrancisryaneircomnet)

10 years, 7 months ago

Working perfectly thanks.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Bullet Proof Security and TimThumb’ is closed to new replies.