WordPress.org

Support

Support » Plugins and Hacks » BulletProof Security » [Resolved] BPS block the WpRemote Plugin

[Resolved] BPS block the WpRemote Plugin

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author AITpro

    @aitpro

    I have contacted wp-remote to get more info and am waiting on their response/reply. Whitelisting wp-remote is going to be done with the example code i have posted in the thread below, but what i need to know from them is the URI condition.

    Please see this thread
    http://wordpress.org/support/topic/heads-up-need-confirmation-on-this-whitelist-skipbypass-code?replies=1

    Or of course this additional RFI and remote file website security protection can be negated/not used by simply commenting out the HTTP Rererrer line of code with a # sign. i included the additional wp-remote whitelisted IP address line of code just for reference since you would not actually see this in your root .htaccess file and has been specifically added to move forward with finding the complete solution.

    # RewriteCond %{HTTP_REFERER} ^.*your-website-domain-name.com.* [OR]
    # RewriteCond %{REMOTE_ADDR} ^107.22.153.142

    Plugin Author AITpro

    @aitpro

    Or maybe a better approach would be to create a separate Whitelist rule such as this and to add this above skip/bypass rule #12. This would logically allow full access to all website files from IP 107.22.153.142 and would skip to RewriteRule . /index.php [L] and skip/bypass all BPS security filters.

    # Whitelist wpremote skip/bypass
    RewriteCond %{REMOTE_ADDR} ^107.22.153.142
    RewriteRule . - [S=13]
    Plugin Author AITpro

    @aitpro

    I am not getting any response from the wpremote folks so if you are willing to test this code above i would very much appreciate that. Thanks.

    Plugin Author AITpro

    @aitpro

    And i had a similar issue with another type of remote plugin and just adding a typical plugin skip/bypass rule worked fine so actually try this first. This skip/bypass rule would go right above skip/bypass rule #12 – # Adminer MySQL management tool data populate – in your root .htaccess file.

    # wpremote skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wpremote/ [NC]
    RewriteRule . - [S=13]
    Plugin Author AITpro

    @aitpro

    This is not a new problem and is a very old issue. I got thrown off by several folks telling me this was a new problem and it is not. This is of course my fault for not checking that first. That was my first thought, but 3 people telling me this was a new issue got me going down the stupid road. 😉

    here is the old solution >>> http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#wpremote

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Resolved] BPS block the WpRemote Plugin’ is closed to new replies.
Skip to toolbar