Adding memberpress

Well, I did what the link said and posted the code into the custom bottom box.

Unfortunately, as I’d discovered after doing something slightly different before, from the second I did that and cleared the security logs they started filling up with messages.

For example:

[403 GET Request: 25th August 2016 – 11:03 pm]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxx.xxx.xxx.xxx
Host Name: xxx.xxx.xxx.xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://www.domain.com/wxyz/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
REQUEST_URI: /wxyz/wp-content/plugins/memberpress/images/memberpress-16@2x.png
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0

and

[403 GET Request: 25th August 2016 – 11:03 pm]
Event Code: PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxx.xxx.xxx.xxx
Host Name: xxx.xxx.xxx.xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://www.domain.com/wxyz/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
REQUEST_URI: /wxyz/wp-content/plugins/memberpress-aws/tooltip.js?ver=4.6
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0

Dozens in a matter of minutes, all relating to memberpress.
I followed the link to topic/security-log-event-codes/ but I frankly couldn’t make any sense of what I found there.

The event code PFWR-PSBR-HPR I can only assume to be the same as that reported, which is PSBR-HPR.

I added the following into the skip codes box, previous was 12, so this one number 13:

# MemberPress skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wxyz/wp-content/plugins/memberpress-aws/ [NC]
RewriteRule . – [S=13]

But that stops nothing. I’m assuming it’s correct.
I tried to work out what I’m supposed to do with the second error code, the one that I think needs to be fixed in the wp-admin htaccess, but I cannot for the life of me see any way to correlate the error message with any of the information on the error codes page, and there’s nothing I can see anywhere about how to allow memberpress to work.

I first installed bps a couple of hours ago and I’ve been looking at this last bit for an hour now and I’m losing the will to live.

First, the line you mentioned – RewriteCond /home/domainname/public_html/wxyz/wp-content/uploads/mepr/rules/%1 -f – was edited by me when I pasted it here, just to conceal the real names. As far as I can see there’s no way to publish private data in these forums.

I notice that your example above doesn’t use
<IfModule mod_rewrite.c>
…
</IfModule>
at the start and end, which mine, copied from the original htaccess code, does. Is that relevant? Other than that the code is identical to original.

Also my server uses nginx as a reverse proxy and I know that has caused all sorts of grief with redirects. Don’t know if that makes a difference.

I notice, oddly, that in the original htaccess, the memberpress code gets inserted just before the #end wordpress part. I didn’t think that was normal, but it worked so..

Truth is, “So you will need to correct that fubar MemberPress htaccess code mistake manually in your code.” doesn’t help in my case as I have no idea what to write or even what I should be looking to achieve.

If I get the pro version of bps, will that sort itself out automatically or will this repeat itself? I have a site under constant attack at present, but which does not exist without memberpress…so I must find an answer pronto!

Okay, I haven’t heard from memberpress, but my hosting guys at futurehosting.com have, as usual, bent over backwards to help.

The adjusted the htaccess entry to:

<IfModule mod_rewrite.c>
RewriteCond %{HTTP_COOKIE} mplk=([a-zA-Z0-9]+)
RewriteCond /home/xxxxx/public_html/xxxxx/wp-content/uploads/mepr/rules/%1 -f
RewriteRule ^(.*)$ – [L]
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-includes|wp-content/plugins|wp-content/themes)
RewriteCond %{REQUEST_URI} !\.(php|phtml|jpg|jpeg|gif|css|png|js|ico|PHP|PHTML|JPG|JPEG|GIF|CSS|PNG|JS|ICO)
RewriteRule . /xxxx/wp-content/plugins/memberpress/lock.php [L]
</IfModule>

It still looks the same to little ol’me but the crap has vanished from the security logs. Hope that doesn’t just mean they’ve been broken!!!!

It looks to me like they added this via cpanel to the htaccess file. I’m a little wary of just one thing…..if I start clicking stuff like ‘activate secure htaccess’ or whatever it’s called, will that overwrite what they added? I’m not sure what overwrites what and when..

Sorry for being dumb.

Excellent…glad to know it wasn’t me being a dummy!!