WordPress.org

Forums

BulletProof Security
[resolved] BP generated error in speel checker (36 posts)

  1. srd44
    Member
    Posted 2 years ago #

    After instaling BP and doing what ever it is one does with the files, my spell checker no longer works, and I need it!. I get this message

    Error response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head> <title>403 Forbidden</title>

    Any suggestions.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Is the spell checker a plugin or is this something else in WordPress or your Browser? Please describe in detail what and where the spell checker is. Thanks.

  3. srd44
    Member
    Posted 2 years ago #

    Not a plugin. It is the spell checker found in the WP editor in the dashboard.

  4. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Are you talking about the WordPress Default WYSIWYG Toggle spellchecker button on the default WordPress WYSIWYG editing toolbar when editing Posts and Pages on the WordPress Edit Post and Edit Page pages?

    If so, I have tested this in the English Language and I do not see any 403 errors.

    When and where does the error occur?
    What exactly are you doing at the time the error occurs? Please be very specific with the details of the issue/problem.

    Example: I am in this WordPress page and I click X or do X and then Y happens.

  5. srd44
    Member
    Posted 2 years ago #

    Yes.

    What am I doing? pressing the spell check button as I
    m typing in my post.

    Again, I believe the error is created by the BP plugin and its rewriting (?) or redirecting of wp-admin folders ?? .htaccess ??

  6. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    I have tested using the default WordPress WYSIWYG editor and did not see any errors. No one has ever reported any error with the WordPress WYSIWYG spellchecker in 3 years. Do you see an error in your BPS Security Log? If so, post that error.

    To eliminate that BPS is causing the issue/problem do these steps:

    Source: http://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

    If you think that BulletProof Security is causing a plugin conflict or any other issue on your website that is causing something not to work, then please use these steps below to take BulletProof Security out of the equation completely for testing. There is no need to deactivate BulletProof Security because it has a built-in Default Mode that allows you to put WordPress in a default state without deactivating BulletProof Security. If you find that BulletProof Security does have a conflict with another plugin then please check the BulletProof Security Plugin Compatibility Issues – Testing and Fixes Page to see if a fix (bypass/skip rule) is already listed. If your plugin is not listed and you have confirmed that BulletProof Security is definitely causing a conflict then please post a comment in this Forum.

    1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Test your plugin or theme.
    5. Restore your .htaccess files using BulletProof Security built-in Restore.

  7. srd44
    Member
    Posted 2 years ago #

    Thanks for the reply. I did these steps and the error still exists, except the message is now this:

    Error response: <!doctype html>
    <!--[if lt IE 7]> <html class="no-js ie6 lt-ie9 lt-ie8 lt-ie7" lang="en-US" prefix="og: http://ogp.me/ns#"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 lt-ie9 lt-ie8" lang="en-US" prefix="og: http://ogp.me/ns#"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 lt-ie9" lang="en-US" prefix="og: http://ogp.me/ns#"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US" prefix="og: http://ogp.me/ns#"> <!--<![endif]--> <head> <meta charset="UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Page Not Found » Contradictions in the BibleContradictions in the Bible</title> <link rel="profile" href="http://gmpg.org/xfn/11" /> <link rel="pingback" href="http://contradictionsinthebible.com/xmlrpc.php" /> <style type="text/css"> #wrapper { max-width: 1140px !important;} </style> .....

    and it goes on

  8. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Ok are you saying that you put BPS in Default Mode and you are still seeing these errors?

  9. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Do steps 1-4 and test and let me know if you are still seeing the errors.

    1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Test your plugin or theme.

  10. srd44
    Member
    Posted 2 years ago #

    yes, as per previous post

  11. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Ok then the problem is not related to BPS. When you put BPS in Default Mode you are eliminating BPS as the source of the issue/problem - BPS is completely out of the equation when you are in Default Mode.

    Looking at your history of comment posts you have made I came across this one and checked your website. I believe the problem is that your Theme is not compatible with your WordPress version.

    Your Theme: brunelleschi
    Your installed WordPress version: 3.5.1

    http://wordpress.org/support/topic/163-header-b-options-not-working?replies=27

    At this point since you have confirmed that BPS is not the cause of the issue/problem (403 errors are an Internet standard HTTP Status code and are not specific or exclusive to BPS) then you will need to try the standard WordPress troubleshooting steps.

    Deactivating plugins 1 by 1
    Switching your Theme to the WordPress 2011 or 2012 Themes for testing.

  12. srd44
    Member
    Posted 2 years ago #

    The spell checker worked fine untill 2 days agos when I stupidly updated a bunch of plugins, and installed BP. Updates are a really killer.

    That said, I'm not totally convinced that BP is not the problem. I feel that even when disactivated, the plugin has shifted certain files or hide them, and that is still creating the problem. I will try disactivating the plugins 1-by-1 tough

  13. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    By putting BPS Pro in Default Mode you are removing everything that BPS has added/changed/modified on your website. When you put BPS in Default Mode, BPS is no longer affecting/changing anything on your website. BPS has built-in troubleshooting so that you do not need to deactivate BPS like you would normally do for other plugins. Putting BPS in Default Mode is the equivalent of deactivating the BPS plugin.

    Personally I would switch your Theme first since that is most likely the problem and not your plugins.

  14. srd44
    Member
    Posted 2 years ago #

    Wrong!

    Theme is NOT the problem. I've had this theme for 3 months w/working spell checker til 3 days ago.

    I STILL think and can access per my web-host the files that BP has modified, hide, or whatever. They are still there.

    I've gone through the plugins one by one and the problem presists.

  15. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    If you still believe that BPS is causing this issue/problem then remove BPS.

    Do these steps
    1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Deactivate and delete the BPS plugin.

    If the problem is still occurring then at this point you will know for sure that BPS is not causing the problem. Thanks.

  16. srd44
    Member
    Posted 2 years ago #

    I thnak you for your help, but you are gravely mistaken. BP's plugin is deleted yet I see BP all over my files at hostgater -- sorry. It was changed something that is effecting the spell checker or wp-admin folder

  17. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    "...I see BP all over my files at hostgater..."

    What does this statement above mean?
    What are you seeing and where?

    BPS only adds 2 .htaccess files to your website - 1 in the website root folder and 1 in the wp-admin folder, a /wp-content/bps-backup folder for your backups that you create and the BPS plugin files in this plugin folder /plugins/bulletproof-security.

  18. srd44
    Member
    Posted 2 years ago #

    it's there in the .htaccess file

  19. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    What is there in the .htaccess file?
    Do you see the standard default WordPress .htaccess code in that .htaccess file?

    http://codex.wordpress.org/Using_Permalinks#Creating_and_editing_.28.htaccess.29

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress
  20. srd44
    Member
    Posted 2 years ago #

    Yes. It's just prefaced by: # BP security message

  21. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Yes. It's just prefaced by: # BP security message

    I do not understand what you are saying above. What BP security message and where?

  22. srd44
    Member
    Posted 2 years ago #

    You trying to access this plugin? from Ventura?

  23. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Do you mean that you are seeing this commented out help information in your root .htaccess file? If this is what you are seeing then the # signs mean that all of this help text is commented out.

    #   BULLETPROOF PRO 5.6.1 SECURE .HTACCESS          
    
    # If you edit the  BULLETPROOF PRO 5.6.1 SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # This removes all of the BPS security code and replaces it with just the default WP htaccess code
    # To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.
  24. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Yes, I was checking your website for the cause of this problem. I also checked to see if you still had BPS installed.

  25. srd44
    Member
    Posted 2 years ago #

    Help me understand this. How can you or another access a wp-content file by adding this extension onto the url?

  26. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    The WordPress /wp-content/plugins folder is publicly accessible to anyone. Try it yourself by typing in the URL to any file in the plugins folder.

    I see that you have or had the Wordfence plugin installed. Have you double checked all of your Wordfence settings if you still have it installed to make sure Wordfence is not causing this problem?

  27. srd44
    Member
    Posted 2 years ago #

    Yes I unpluged that too. but still did not correct problem.

    I find this alarming that these folders can be activated. I also think I saw an .htaccess file "to deny" in there too. Does that make sense?

  28. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Well with website security the best approach is to protect things based on an action approach.

    Example: bad hacker X does bad action Y and Z is the result = Forbidden.

    Trying to do things like hiding things does not really work because it is not actually NOT possible to hide anything. So if you are taking an action website security approach then it is not necessary to try and hide anything.

    I just tested running an attack on your website and it was blocked/Forbiddent so it appears that the .htaccess file in your website root folder is a BPS htaccess file. Delete the .htaccess file in your website root folder and then test your spellchecker again.

  29. srd44
    Member
    Posted 2 years ago #

    Nope. I just reinstalled BP. I see the different .htaccess file now.

    I also reinstaled Sucurri which claims "to harden" wp-content from access.

    Anyway, I can't figure out the spell checker thing

  30. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Did you enable the wp-content .htaccess protection in Sucuri? Do you see an .htaccess file in your /wp-content folder - /wp-content/.htaccess? If so, you need to delete this .htaccess file and then test your spellchecker again.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.