Support » Plugin: BulletProof Security » BPS Alert: what to do?

  • Resolved Justanother WordPressbeginner

    (@justanother-wordpressbeginner)


    I have updated the BPS plugin and since that I receive the “BPS Alert! Your site does not appear to be protected by BulletProof Security” message, recommending fix it through the Security Status page. I’ve read the Read Me’s in that section and it’s getting me even more confused. All my recommended permissions are updated, except root folder. Could somebody tell me, in simple words, what I must exactly do to put things in order?

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 15 replies - 1 through 15 (of 31 total)
  • Plugin Author AITpro

    (@aitpro)

    Does the Automatic htaccess file updating Alert go away after you refresh your Browser?

    If not, then go the System Info page and post this information below:
    DNS Name Server:
    Server Type:
    Operating System:
    Server API:

    Same issue here, here is my info:

    DNS Name Server:
    Public IP / Your Computer IP Address: 86.179.221.91
    Server Type: Apache
    Operating System: Linux
    Server API: cgi-fcgi – Your Host Server is using CGI.

    Background info:
    Fresh install of WP.
    Install BPS
    Create htaccess files
    protect root
    protect admin
    refresh, everything looks fine.
    click on another WP tab, go back to BPS and get BPS alert.

    Permissions issue?

    Justanother WordPressbeginner

    (@justanother-wordpressbeginner)

    No, the alert doesn’t go away after refreshing the browser.
    My information on the System Info page is:
    DNS Name Server: ns1.bluehost.com
    Server Type: Apache
    Operating System: Linux
    Server API: cgi-fcgi-Your Host Server is using CGI.

    Plugin Author AITpro

    (@aitpro)

    Ok since the System Info is good to go for both of you then that eliminates any sort of compatibility issues/problems.

    @davesyntax – These are the 2 most likely causes of the issue/problem.

    1. You have another plugin or your Theme is using the WordPress flush_rewrite_rules function. This function removes/deletes “flushes” your root .htaccess file code when clicking on links, clicking on settings pages and I have also seen this function used in a way that it just randomly deletes/flushes your website security/root .htaccess code.

    2. The broken cPanel HotLink Protection Tool problem.

    Both of these common problems can be prevented from occurring over and over by locking your root .htaccess file.
    1. Deactivate all plugins.
    2. Activate Root folder BulletProof Mode.
    3. Go to the BPS Edit/Upload/Download tab page and click the Lock htaccess File button.
    4. Activate all your plugins again.

    Let me know what happens after doing the steps above.

    @Justanother… – BlueHost has started a new Cloud service that uses .htaccess code that has some issues with both BPS and W3TC and possibly, but not confirmed yet – WP Super Cache. So what I need to know first is if you are using the new BlueHost Cloud service. Thanks.

    Justanother WordPressbeginner

    (@justanother-wordpressbeginner)

    Thank you AIT. I use the basic Bluehost one year subscription. I don’t use the BlueHost cloud service.

    Plugin Author AITpro

    (@aitpro)

    Ok do these steps:

    1. First go to the Security Status page and post what you see there.
    2. Next go to the Edit/Upload/Download page and post all of the file write checks that you see – “File Open and Write test successful!…”

    Hi AIT – thanks for getting back – and dealing with 2 different issues at once:

    I got past step 3 – lock down htaccess. and now the whole site is Error 403 forbidden.

    I have shell access, so let me know what to edit/delete.
    thanks

    Plugin Author AITpro

    (@aitpro)

    Ok then your Host/Server does not allow you to lock the root .htaccess file with 404 file permissions. Change the root .htaccess file permission back to what it was – probably 644 so that you can log back into your site.

    With all your plugins still deactivated at this point. Do you see the BPS Alert or is it gone?
    Does your Host use cPanel? This issue/problem may be caused by the cPanel HotLink Protection tool so you may or may not see the BPS Alert at this point.
    If you do not see the BPS Alert then next activate plugins one by one until you find the one that is causing the issue/problem, which will most likely be the flush_rewrite_rules problem.

    Changing the htaccess file to 644 gave me control.
    All plugins disabled apart from BPS.
    No error warning now!

    I’m running a dedicated server, controlled through Plesk.
    Here are the results,

    Issues with 2 plugins:

    WordPress SEO – v1.4.4
    WooCommerce – v2.0.5

    Plugin Author AITpro

    (@aitpro)

    Yep, both of these plugins use the WordPress flush_rewrite_rules function so what this means for you is that if you activate or deactivate these plugins or click on any of these plugins settings pages then you will need to activate Root BulletProof Mode again after you click or update either of these plugins settings. Unfortunately, since your Host does not allow you to lock your root .htaccess file you cannot prevent this from happening each time you click or update settings for these plugins.

    Plugin Author AITpro

    (@aitpro)

    hmm I have never experimented with this before, but try changing your root .htaccess file permissions to 444. Most likely this will not work, but its worth a try anyway.

    That seems fine – .htaccess is set 444.
    I can access site and BPS seems fine. Will these plugins now fail? I suppose there is only 1 way to find out

    Both plugins are now active and seem to be working fine 🙂
    Great support.

    Plugin Author AITpro

    (@aitpro)

    wow no way. I should have thought of this a long time ago. Jeez.

Viewing 15 replies - 1 through 15 (of 31 total)
  • The topic ‘BPS Alert: what to do?’ is closed to new replies.