Support » Plugin: All In One WP Security & Firewall » AIOWPS in conflict with Rest API & AMP?

  • Hi,
    This is some strange stuff I detected while trying to publish posts with the AMP plugin active (my theme is transitional and pages/posts are automatically sanitized when published). But I found a second issue with “Site Health”.
    What’s even worse is I have another WP for a customer with almost the same setup (well, it uses WooCommerce too, where mine doesns’t) and there’s no problem.

    => AIOWPS is configured with the default setup (score = 220), which means that the option @ Miscellaneous/WP REST API is unchecked and the .htaccess file is empty. WP/plugins/theme… are all updated to latest version.

    Problem when checking WP “Site Health” with AIOWPS
    ==================================================
    => error messages:
    1/ The REST API is one way WordPress, and other applications, communicate with the server. One example is the block editor screen, which relies on this to display, and save, your posts and pages.
    The REST API request failed due to an error.
    Error: [] cURL error 7: Failed to connect to 127.0.0.1 port 80: Connection refused
    2/ Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.
    The loopback request to your site failed, this means features relying on them are not currently working as expected.
    Error: [] cURL error 7: Failed to connect to 127.0.0.1 port 80: Connection refused
    3/ The scheduled event, aiowps_hourly_cron_event, failed to run. Your site still works, but this may indicate that scheduling posts or automated updates may not work as intended.
    4/ Background updates ensure that WordPress can auto-update if a security update is released for the version you are currently using.
    Warning – Could not confirm that the wp_version_check() filter is available.
    Passed – No version control systems were detected.
    Passed – Your installation of WordPress doesn’t require FTP credentials to perform updates.
    Passed – All of your WordPress files are writable.

    Problem when checking/sanitzing a page with AMP plugin
    ======================================================
    => error message: URL validation failed. Error code: 302. Tried to find which URL and what error code this is with no luck so far…
    => Check/sanitizing is not performed.

    If I disable AIOWPS, everything works again.
    I tried disabling most of the plugins I use and the only one I found so far to be the culprit seems to be AIOWPS.
    Once again, I have an other WP with same theme, same base plugins etc. and there are no problems.

    Below the full information for my WP with the problem above.

    What could I check to find a solution to this problem? AIOWPS is deactivated…
    Sincerely
    DJM

    ### wp-core ###
    version: 5.2.2
    site_language: fr_FR
    user_language: en_US
    permalink: /%postname%/
    https_status: true
    user_registration: 0
    default_comment_status: open
    multisite: false
    user_count: 2
    dotorg_communication: true

    ### wp-paths-sizes ###
    wordpress_path: /srv/data/web/vhosts/www.didiermary.fr/htdocs
    wordpress_size: 69.60 MB (72985767 bytes)
    uploads_path: /srv/data/web/vhosts/www.didiermary.fr/htdocs/wp-content/uploads
    uploads_size: 197.81 MB (207421059 bytes)
    themes_path: /srv/data/web/vhosts/www.didiermary.fr/htdocs/wp-content/themes
    themes_size: 9.78 MB (10250187 bytes)
    plugins_path: /srv/data/web/vhosts/www.didiermary.fr/htdocs/wp-content/plugins
    plugins_size: 75.37 MB (79031550 bytes)
    database_size: 22.17 MB (23248896 bytes)
    total_size: 374.73 MB (392937459 bytes)

    ### wp-active-theme ###
    name: Neve
    version: 2.3.15
    author: ThemeIsle
    author_website: https://themeisle.com
    parent_theme: none
    theme_features: hfg_support, title-tag, post-thumbnails, automatic-feed-links, custom-logo, html5, customize-selective-refresh-widgets, custom-background, themeisle-demo-import, align-wide, editor-color-palette, fl-theme-builder-headers, fl-theme-builder-footers, header-footer-elementor, lifterlms-sidebars, lifterlms, amp, menus, yoast-seo-breadcrumbs, widgets
    theme_path: /srv/data/web/vhosts/www.didiermary.fr/htdocs/wp-content/themes/neve

    ### wp-themes (1) ###
    Twenty Nineteen: version: 1.4, author: the WordPress team

    ### wp-plugins-active (25) ###
    ActivityPub: version: 0.7.2, author: Matthias Pfefferle
    Akismet Anti-Spam: version: 4.1.2, author: Automattic
    AMP: version: 1.2.0, author: AMP Project Contributors
    Better Click To Tweet: version: 5.8.2, author: Ben Meredith
    Elementor: version: 2.5.16, author: Elementor.com
    Enhanced Media Library: version: 2.7.2, author: wpUXsolutions
    Glue for Yoast SEO & AMP: version: 0.4.3, author: Joost de Valk
    Google Analytics Dashboard for WP (GADWP): version: 5.3.8, author: ExactMetrics
    Gutenberg: version: 6.0.0, author: Gutenberg Team
    Insert Headers and Footers: version: 1.4.4, author: WPBeginner
    Login LockDown: version: v1.7.1, author: Michael VanDeMar
    MailChimp Activity: version: 1.0.5, author: ibericode
    Mailchimp for WordPress: version: 4.5.2, author: ibericode
    Nested Pages: version: 3.0.11, author: Kyle Phillips
    Neve Pro Addon: version: 1.0.1, author: ThemeIsle
    Redirection: version: 4.3.1, author: John Godley
    Schema App Structured Data: version: 1.13.0, author: Hunch Manifest
    Semantic-Linkbacks: version: 3.9.3, author: Matthias Pfefferle
    Share Buttons by AddThis: version: 6.2.5, author: The AddThis Team
    Smush: version: 3.2.1, author: WPMU DEV
    Syndication Links: version: 4.1.3, author: David Shanske
    WebFinger: version: 3.2.3, author: Matthias Pfefferle
    Webmention: version: 3.8.9, author: Matthias Pfefferle
    WP Sitemap Page: version: 1.6.2, author: Tony Archambeau
    Yoast SEO: version: 11.5, author: Team Yoast

    ### wp-plugins-inactive (5) ###
    All In One WP Security: version: 4.3.9.4, author: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy
    Gutenberg Blocks and Template Library by Otter: version: 1.2.3, author: ThemeIsle
    Optimize Database after Deleting Revisions: version: 4.8.0, author: CAGE Web Design | Rolf van Gelder, Eindhoven, The Netherlands
    W3 Total Cache: version: 0.9.7.5, author: Frederick Townes
    WordPress Importer: version: 0.6.4, author: wordpressdotorg

    ### wp-media ###
    image_editor: WP_Image_Editor_Imagick
    imagick_module_version: 1687
    imagemagick_version: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
    imagick_limits:
    imagick::RESOURCETYPE_AREA: 122 MB
    imagick::RESOURCETYPE_DISK: 1073741824
    imagick::RESOURCETYPE_FILE: 768
    imagick::RESOURCETYPE_MAP: 512 MB
    imagick::RESOURCETYPE_MEMORY: 256 MB
    imagick::RESOURCETYPE_THREAD: 32
    gd_version: 2.2.4
    ghostscript_version: 9.25

    ### wp-server ###
    server_architecture: Linux 4.9.124-paas-2270098 x86_64
    httpd_software: Apache
    php_version: 7.3.6 64bit
    php_sapi: fpm-fcgi
    max_input_variables: 2500
    time_limit: 180
    memory_limit: 256M
    max_input_time: 60
    upload_max_size: 128M
    php_post_max_size: 128M
    curl_version: 7.52.1 OpenSSL/1.0.2l
    suhosin: false
    imagick_availability: true
    htaccess_extra_rules: false

    ### wp-database ###
    extension: mysqli
    server_version: 5.7.23-23-log
    client_version: mysqlnd 5.0.12-dev – 20150407 – $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $

    ### wp-constants ###
    WP_HOME: undefined
    WP_SITEURL: undefined
    WP_CONTENT_DIR: /srv/data/web/vhosts/www.didiermary.fr/htdocs/wp-content
    WP_PLUGIN_DIR: /srv/data/web/vhosts/www.didiermary.fr/htdocs/wp-content/plugins
    WP_MAX_MEMORY_LIMIT: 256M
    WP_DEBUG: false
    WP_DEBUG_DISPLAY: true
    WP_DEBUG_LOG: false
    SCRIPT_DEBUG: false
    WP_CACHE: false
    CONCATENATE_SCRIPTS: undefined
    COMPRESS_SCRIPTS: undefined
    COMPRESS_CSS: undefined
    WP_LOCAL_DEV: undefined

    ### wp-filesystem ###
    wordpress: writable
    wp-content: writable
    uploads: writable
    plugins: writable
    themes: writable

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    But I found a second issue with “Site Health”.
    What’s even worse is I have another WP for a customer with almost the same setup (well, it uses WooCommerce too, where mine doesns’t) and there’s no problem.

    Just one question, are the sever specs for the working site the same as the server specs for the non working site?

    Regards

    • This reply was modified 2 years, 2 months ago by mbrsolution.
    • This reply was modified 2 years, 2 months ago by mbrsolution.
    Thread Starter cybeardjm

    (@didierjm)

    Hi @mbrsolution absolutely, as far as I know.
    Both use the same hosting company (Gandi.net), not same server (2 separate accounts), same PHP & SQL versions, same default PHP configuration.

    I see 1 difference only so far:
    php_version: 7.3.0 64bit (working)
    php_version: 7.3.6 64bit (not working)

    Sincerely
    DJM

    Info for the working WP
    =======================

    ### wp-core ###
    version: 5.2.2
    site_language: fr_FR
    user_language: en_US
    permalink: /%postname%/
    https_status: true
    user_registration: 0
    default_comment_status: open
    multisite: false
    user_count: 5
    dotorg_communication: true

    ### wp-paths-sizes ###
    wordpress_path: /srv/data/web/vhosts/www.uvva.fr/htdocs
    wordpress_size: 251.63 MB (263855712 bytes)
    uploads_path: /srv/data/web/vhosts/www.uvva.fr/htdocs/wp-content/uploads
    uploads_size: 151.29 MB (158643684 bytes)
    themes_path: /srv/data/web/vhosts/www.uvva.fr/htdocs/wp-content/themes
    themes_size: 10.35 MB (10854787 bytes)
    plugins_path: /srv/data/web/vhosts/www.uvva.fr/htdocs/wp-content/plugins
    plugins_size: 153.78 MB (161254565 bytes)
    database_size: 44.01 MB (46152286 bytes)
    total_size: 611.08 MB (640761034 bytes)

    ### wp-dropins (1) ###
    advanced-cache.php: true

    ### wp-active-theme ###
    name: Neve Child
    version: 1.0.0
    author: ThemeIsle
    author_website: https://themeisle.com
    parent_theme: Neve
    theme_features: hfg_support, post-thumbnails, title-tag, automatic-feed-links, custom-logo, html5, customize-selective-refresh-widgets, custom-background, themeisle-demo-import, align-wide, editor-color-palette, fl-theme-builder-headers, fl-theme-builder-footers, header-footer-elementor, lifterlms-sidebars, lifterlms, amp, menus, woocommerce, wc-product-gallery-zoom, wc-product-gallery-lightbox, wc-product-gallery-slider, yoast-seo-breadcrumbs, widgets
    theme_path: /srv/data/web/vhosts/www.uvva.fr/htdocs/wp-content/themes/neve

    ### wp-themes (2) ###
    Neve: version: 2.3.15, author: ThemeIsle
    Twenty Nineteen: version: 1.4, author: the WordPress team

    ### wp-plugins-active (30) ###
    Akismet Anti-Spam: version: 4.1.2, author: Automattic
    All In One WP Security: version: 4.3.9.4, author: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy
    AMP: version: 1.2.0, author: AMP Project Contributors
    Elementor: version: 2.5.16, author: Elementor.com
    Enhanced Media Library: version: 2.7.2, author: wpUXsolutions
    Facebook for WooCommerce: version: 1.9.15, author: Facebook
    Glue for Yoast SEO & AMP: version: 0.4.3, author: Joost de Valk
    Google Analytics Dashboard for WP (GADWP): version: 5.3.8, author: ExactMetrics
    Gutenberg: version: 6.0.0, author: Gutenberg Team
    Insert Headers and Footers: version: 1.4.4, author: WPBeginner
    MailChimp Activity: version: 1.0.5, author: ibericode
    Mailchimp for WooCommerce: version: 2.1.17, author: Mailchimp
    Mailchimp for WordPress: version: 4.5.2, author: ibericode
    Nested Pages: version: 3.0.11, author: Kyle Phillips
    Neve Pro Addon: version: 1.0.1, author: ThemeIsle
    Orbit Fox Companion: version: 2.8.4, author: Themeisle
    Redirection: version: 4.3.1, author: John Godley
    Schema App Structured Data: version: 1.13.0, author: Hunch Manifest
    Smush: version: 3.2.1, author: WPMU DEV
    Social Warfare: version: 3.6.1, author: Warfare Plugins
    Tag Groups: version: 1.22.0, author: Chatty Mango
    WooCommerce: version: 3.6.5, author: Automattic
    WooCommerce Admin: version: 0.14.0, author: WooCommerce
    WooCommerce Blocks: version: 2.2.1, author: Automattic
    WooCommerce Google Analytics Integration: version: 1.4.9, author: WooCommerce
    WooCommerce Systempay Payment: version: 1.7.1, author: Lyra Network
    Woo Related Products: version: 3.3.2, author: Vagelis P.
    WPForms Lite: version: 1.5.3.1, author: WPForms
    WP Sitemap Page: version: 1.6.2, author: Tony Archambeau
    Yoast SEO: version: 11.5, author: Team Yoast

    ### wp-plugins-inactive (7) ###
    Block Gallery: version: 1.1.6, author: Rich Tabor
    Duplicator: version: 1.3.14, author: Snap Creek
    Gutenberg Blocks and Template Library by Otter: version: 1.2.3, author: ThemeIsle
    Messenger Customer Chat: version: 1.3, author: Facebook
    Search & Replace: version: 3.2.1, author: Inpsyde GmbH
    W3 Total Cache: version: 0.9.7.5, author: Frederick Townes
    WP to Buffer: version: 3.5.2, author: WP Zinc

    ### wp-media ###
    image_editor: WP_Image_Editor_Imagick
    imagick_module_version: 1687
    imagemagick_version: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
    imagick_limits:
    imagick::RESOURCETYPE_AREA: 122 MB
    imagick::RESOURCETYPE_DISK: 1073741824
    imagick::RESOURCETYPE_FILE: 768
    imagick::RESOURCETYPE_MAP: 512 MB
    imagick::RESOURCETYPE_MEMORY: 256 MB
    imagick::RESOURCETYPE_THREAD: 32
    gd_version: 2.2.4
    ghostscript_version: 9.25

    ### wp-server ###
    server_architecture: Linux 4.9.124-paas-2270098 x86_64
    httpd_software: Apache
    php_version: 7.3.0 64bit
    php_sapi: fpm-fcgi
    max_input_variables: 2500
    time_limit: 180
    memory_limit: 256M
    max_input_time: 60
    upload_max_size: 128M
    php_post_max_size: 128M
    curl_version: 7.52.1 OpenSSL/1.0.2l
    suhosin: false
    imagick_availability: true
    htaccess_extra_rules: true

    ### wp-database ###
    extension: mysqli
    server_version: 5.7.23-23-log
    client_version: mysqlnd 5.0.12-dev – 20150407 – $Id: 401a40ebd5e281cf22215acdc170723a1519aaa9 $

    ### wp-constants ###
    WP_HOME: undefined
    WP_SITEURL: undefined
    WP_CONTENT_DIR: /srv/data/web/vhosts/www.uvva.fr/htdocs/wp-content
    WP_PLUGIN_DIR: /srv/data/web/vhosts/www.uvva.fr/htdocs/wp-content/plugins
    WP_MAX_MEMORY_LIMIT: 256M
    WP_DEBUG: false
    WP_DEBUG_DISPLAY: true
    WP_DEBUG_LOG: false
    SCRIPT_DEBUG: false
    WP_CACHE: false
    CONCATENATE_SCRIPTS: undefined
    COMPRESS_SCRIPTS: undefined
    COMPRESS_CSS: undefined
    WP_LOCAL_DEV: undefined

    ### wp-filesystem ###
    wordpress: writable
    wp-content: writable
    uploads: writable
    plugins: writable
    themes: writable

    Thread Starter cybeardjm

    (@didierjm)

    OK, the “working” server just migrated to PHP 7.3.6 too and everything still works fine…
    Sincerely
    DJM

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    So, both servers have the same specs as well as the sites but in one site you still have issues. Is this correct?

    Regards

    Thread Starter cybeardjm

    (@didierjm)

    Hi @mbrsolution yep, that’s the problem I’m trying to solve… Did many tests so far, and don’t know what else to investigate…
    Just disabled ALL plugins (except Akismet & AIOWPS) and switched back to the Twenty Nineteen theme… exactly same error with default values for AIOWPS (score = 220, .htaccess empty).
    Sincerely
    DJM

    Thread Starter cybeardjm

    (@didierjm)

    Did one more test (no plugin/2019 theme) : disabled all security and firewall features in AIOWPS (score = 55) => same conflict with Rest API.
    Deactivated AOIWPS (only plugin is Akismet) => no more problem.
    Deleted AIOWPS and reinstalled (score 55) : problem’s back…
    Don’t understand…
    Sincerely
    DJM

    Thread Starter cybeardjm

    (@didierjm)

    Just checked something else I hadn’t thought about yet and it gets worse… The problem I have is with http://www.didiermary.fr / But, I also have amf.didiermary.fr, a subdomain which means it runs on exactly the same instance.
    AIOWPS is active (score 335) and I don’t have any problem when checking Site Health (AMp is running but the theme is not transitional, so can’t test).
    Will reinstall the latest WordPress update, in case anything happened last time…
    Sincerely
    DJM

    Thread Starter cybeardjm

    (@didierjm)

    WordPress 5.2.2 re-installed. Problem persists.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, I am not really sure how to tackle this issue. The reason being is because our plugin works with one site but not the other even though the specs are the same or very similar. The only thing I can suggest is that one feature in one of the servers is different to the other server. What do you think?

    Regards

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @didierjm,
    Did you try doing some tests on the problematic site whereby you leave the aiowps plugin active but try to find which of the features might be causing this?
    I would start with testing the firewall rules and any enabled features in the brute force menu.

    Hi diderjm,

    Did you find a solution? Just starting to work through a similar issue.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘AIOWPS in conflict with Rest API & AMP?’ is closed to new replies.