Plugin Author
AITpro
(@aitpro)
Delete this testing text from the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS text box:
# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden – Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
Click the Save Root Custom Code button.
Go to the Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root folder BulletProof Mode.
Then try to use the htaccess file editor to make the modification/edit as stated above. If that does not work then do the download, edit and upload method as stated above.
That worked. I was able to user the htaccess editor.
I was able to get a purchase to complete properly. Where do we go from here? I need to be able to maintain this; is this a hosting issue?
And, by the way; THANKS for all your help.
Steve
Plugin Author
AITpro
(@aitpro)
Very interesting that the htaccess File Editor POST Form works, but not the Custom Code POST Form. The first main difference that comes to mind is that the Custom Code Form saves code to your WordPress database and the htaccess File Editor writes code directly into your root htaccess file.
Do you have any other plugins installed on your website that do anything related to database filtering or security? It is going to be more likely that there is some kind of security rule at the server level that protects your database from SQL Injection attacks and the BPS Pro Query String Exploits code has code that matches SQL Injection attacks so that code is mistakenly seen as a threat. Contact your host ask them if they have any kind of security measure in place that would prevent the BPS Query String Exploits code from being saved to your database using a Form that POST’s the data to your database. You can send them the BPS Query String Exploits section of code so that they can see what code is not being allowed to be saved to your database.
We use Wordfence; that’s the only other security stuff on the site. I’ll contact Godaddy and let you know.
Plugin Author
AITpro
(@aitpro)
Hmm we have Go Daddy hosting too. Web Classic hosting and not the newer cPanel hosting or Managed WordPress hosting so most likely it is not a host server issue, unless of course cPanel or Managed WordPress hosting do have some sort of DB security filter/measure. I will install Wordfence and see if it is causing this problem.
We are using a cPanel hosting package.
Plugin Author
AITpro
(@aitpro)
Tested Wordfence and it is not interfering with or preventing saving BPS Custom Code. So check with Go Daddy and see what they say.
GoDaddy’s answer:
There should be no problems adding this to your hosting .htaccess file if you are getting 406 errors due to mod security I will need to know exactly what you are requesting and from what IP address so that we can duplicate this and white list your IP address. This is on a shared hosting account so you do not have access to server files but you do have access to the sites .htaccess file.
Plugin Author
AITpro
(@aitpro)
The HTTP Status Response code was a 404 Not Found error which usually means there is a problem with a URL/permalink. But just because you are seeing a 404 error visually does not really mean that is the real error that is occurring. It could be an “after the fact” error. ie X error occurs first and the final error result that is displayed is 404.
If you have access to your server logs then check the time and date the errors were occurring and send them to Go Daddy support.
Here is the most common thing that I have seen that causes this strange 404 error that is really not a 404 error.
issue/problem: the particular PHP server version that you are using is fubar. Either something went wrong when it was compiled or there is a major configuration problem.
The solution that works in 100% of these cases: switch to a different PHP server version by either using a php/php.ini htaccess handler in your root htaccess file or if the host does not use or allow php/php.ini htaccess handlers then ask them to switch your PHP server version.
In one case a person switched from PHP 5.3.x to 5.4.x and the same problem was occurring. The person switched to PHP 5.5.x and the problem was no longer occurring. You want to go up in PHP versions and not down. ie 5.3.x to 5.4.x to 5.5.x.
Plugin Author
AITpro
(@aitpro)
And what that means above for that particular person having to switch to 5.5.x is that both the 5.3.x and 5.4.x PHP server versions on that server were fubar. BPS works on all PHP server versions from 5.0 to 6.0.
Interesting; the server we are on is running PHP Version 5.5.34
Sorry, meant PHP Version 5.4.34
Plugin Author
AITpro
(@aitpro)
Do you have access to your server log file? If so, post the error from your server log file. Maybe it will have a clue about what is going on with your server?
