• Resolved DougM

    (@effortlessenglishclub)


    What does this mean? I clicked the AutoFix but that didn’t make the notice go away.

    If this Notice does not go away after running the Setup Wizard, use the BPS UI|UX|AutoFix Debug tool. Click the UI|UX Options page Question Mark help button for more information.

    It shows the notice below and I have no idea how to fix whatever it is that needs to be fixed.

    The only custom code I have is:

    # PHP/php.ini handler htaccess code
    AddHandler application/x-httpd-ea-php74___lsphp .php .php7 .phtml

    Notice I’m seeing

    BPS AutoFix Debug: Custom Code Text Box Number and Plugin or Theme Name
    CC Root Text Box 10: WooCommerce Plugin
    CC Root Text Box 12: WooCommerce WorldPay Extension

    —————————————-

    BPS UI|UX Debug: Scripts|Styles Dequeued
    Script Dequeued: jquery-ui-autocomplete
    Script Dequeued: wf_licensing_301
    Script Dequeued: cl-smart-advice-admin
    Style Dequeued: woobewoo-for-all-admin-wpf
    Style Dequeued: fs_common
    Style Dequeued: wp-jquery-ui-dialog
    Style Dequeued: cl-smart-advice-admin
    Style Dequeued: acf-global
    
    BPS UI|UX Debug: SLF: CSS Script Loaded
    /plugins/bulletproof-security/admin/css/bps-blue-ui-theme.css
    _____________________________________________________
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-mscan-ajax.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-ui-tabs.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-ui-dialog.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-ui-accordion.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-encryption.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/crypto-js/crypto-js.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/elementor/assets/js/common.min.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/elementor/assets/js/admin.min.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/elementor/assets/js/app-loader.min.js
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author AITpro

    (@aitpro)

    Here are the manual fixes below for CC Root Text Box 10: WooCommerce Plugin and CC Root Text Box 12: WooCommerce WorldPay Extension AutoFix fixes. After doing these steps below run the BPS Setup Wizard again. The BPS AutoFix Debug tool checks your plugins and then displays which AutoFix fixes should have been created.

    1. Copy the code below to this BPS Root Custom Code text box: 10. CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
    2. Click the Save Root Custom Code button.
    # WooCommerce shop, cart, checkout & wishlist URI skip/bypass rule
    RewriteCond %{REQUEST_URI} ^.*/(shop|cart|checkout|wishlist).* [NC]
    RewriteRule . - [S=14]
    
    # WooCommerce order & wc-ajax=get_refreshed_fragments Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} .*(order|wc-ajax=).* [NC]
    RewriteRule . - [S=13]
    1. Copy the BPS Query String Exploits code below (the “java” user agent has already been removed in the code below) to this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: Modify Query String Exploit code here
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.
    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker. 
    # Use BPS Custom Code to add or remove user agents temporarily or permanently from the 
    # User Agent filters directly below or to modify/edit/change any of the other security code rules below.
    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] 
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE BPS QUERY STRING EXPLOITS
    Thread Starter DougM

    (@effortlessenglishclub)

    Thank you for the quick reply. I wish I could have gotten back to this sooner.

    I’ve gone through the steps outlined and I now have this showing on the htaccess file options page.

    BPS AutoFix Debug: Custom Code Text Box Number and Plugin or Theme Name
    No Plugin or Theme AutoFix Custom Code Whitelist Rules were found
    htaccess File Options
    BPS UI|UX Debug: Scripts|Styles Dequeued
    Script Dequeued: jquery-ui-autocomplete
    Script Dequeued: wf_licensing_301
    Script Dequeued: cl-smart-advice-admin
    Style Dequeued: woobewoo-for-all-admin-wpf
    Style Dequeued: fs_common
    Style Dequeued: wp-jquery-ui-dialog
    Style Dequeued: cl-smart-advice-admin
    Style Dequeued: acf-global
    
    BPS UI|UX Debug: SLF: CSS Script Loaded
    /plugins/bulletproof-security/admin/css/bps-blue-ui-theme.css
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-mscan-ajax.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-ui-tabs.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-ui-dialog.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-ui-accordion.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/bps-encryption.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/bulletproof-security/admin/js/crypto-js/crypto-js.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/elementor/assets/js/common.min.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/elementor/assets/js/admin.min.js
    
    BPS UI|UX Debug: SLF: js Script Loaded
    /plugins/elementor/assets/js/app-loader.min.js

    And at the top of the dashboard I have just this:

    BPS AutoFix Debug: Custom Code Text Box Number and Plugin or Theme Name
    No Plugin or Theme AutoFix Custom Code Whitelist Rules were found

    I did activate and resave my WPRocket and go through the process of adding those settings to the htaccess.

    Thank you for the support. I appreciate it.

    • This reply was modified 5 months, 2 weeks ago by DougM.
    Plugin Author AITpro

    (@aitpro)

    If you are no longer seeing the AutoFix notice then the problem is fixed and you can turn off debugging.

    Plugin Author AITpro

    (@aitpro)

    Important Note: BPS dequeues scripts and styles that load in BPS plugin pages ONLY. This prevents other plugins and themes scripts and styles from breaking BPS plugin pages.

    Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. I still receive email notifications when threads have been resolved.

    • This reply was modified 5 months, 2 weeks ago by AITpro.
Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.