WordPress.org

Support

Support » Plugins and Hacks » [Resolved] BulletProof Security ~ htaccess Core

[Resolved] BulletProof Security ~ htaccess Core

  • lbs42807
    Member

    @lbs42807

    Multiple issues here. First of all I didn’t get much support when learning how to create a webpage at school so I am completely lost and have no idea how to fix this without step by step instructions so my pages aren’t broken and I can run updates in my cPanel without getting permission denied errors. Here’s the first one:

    1)You do not currently have an .htaccess file in your wp-admin folder to backup.
    2)Deny All protection NOT activated for /wp-content/bps-backup folder
    An .htaccess file was NOT found in your wp-admin folder.
    BulletProof Mode for the wp-admin folder MUST also be activated when you have BulletProof Mode activated for the Root folder.
    3)An .htaccess file was NOT found in your /wp-admin folder
    4)Your Current wp-admin .htaccess file is NOT backed up yet

    I really need help and can’t seem to find anyone to talk to or respond.

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Author AITpro
    Participant

    @aitpro

    Ok in order to help you I need details about the exact problem is occurring.

    In regards to cPanel and BPS:
    The only thing that BPS does that can affect cPanel in any way is that you can lock your root .htaccess file with 404 permissions in BPS. So if you are trying to do something in cPanel that needs the root .htaccess file to be unlocked then you just need to unlock it either within BPS or using FTP or cPanel itself to change file permissions from 404 to 644. Also there is an ongoing issue with a broken tool in cPanel called the HotLink Protection Tool that breaks BPS and will also break your website. See this sticky post for specific details >>> http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=2

    These are the details that i need to start troubleshooting the problem that is occurring on your specific website.

    Have you clicked the AutoMagic buttons and activated all BulletProof Modes?

    Have you tried to put BPS in Default Mode by using these steps below?
    1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Test your plugin or theme.
    5. Restore your .htaccess files using BulletProof Security built-in Restore.

    Plugin Author AITpro
    Participant

    @aitpro

    Hello lbs42807,

    Please provide a status update.

    Thank you.

    Plugin Author AITpro
    Participant

    @aitpro

    Hello lbs42807,

    Please provide a status update.

    Thank you.

    Plugin Author AITpro
    Participant

    @aitpro

    Resolving due to lack of response. If the problem is still occurring please post another comment. Thank you.

    mlhwebsites
    Member

    @mlhwebsites

    I have seen lots of threads related to this issue and am still confused so any help would be appreciated. I have the free bulletproof plugin and “better wp security” plugin. On most of my logins to wp I check Bulletproof security status and it shows: “The WP readme.html file is not .htaccess protected”. Instead of the 404 .htaccess it has changed to 644. I then do the “Activate Website Root Folder .htaccess Security Mode”. This corrects both problems but has to be repeated on most subsequent logins which means the site is vulnerable in between.
    I would like to see if then can be resolved prior to upgrading.

    Server Type: Apache
    Operating System: Linux
    Server API: cgi-fcgi – Your Host Server is using CGI.

    If this should be posted in a different thread please advise.

    Thanks very much
    mlhwebsites

    Plugin Author AITpro
    Participant

    @aitpro

    I am not exactly sure what Better WP Security is doing these days, but yes you are correct that that plugin somehow breaks the BPS check for the readme.html file. I believe the simplest solution would be to copy the Better WP Security .htaccess code to BPS Custom Code in the: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here text box, click the Save Root Custom Code button, go to the Security Modes page, click the Create secure.htaccess File button and activate Root folder BulletProof Mode again.

    mlhwebsites
    Member

    @mlhwebsites

    Thank you much for your unbelievably quick response!

    Do you know where I can find the Better WP Security .htaccess code? Is the .htaccess in the root folder the one I should backup in case this breaks something? I can try this in one of my test sites.

    Before trying this I am trying to determine when this is triggered by monitoring all sites to see when the 404 changes to 644. I know better wp security is not your problem but for info purposes while it’s 404: In their dashboard it shows “Better WP Security is allowed to write to wp-config.php and .htaccess.” but under System Info it says: “neither of these are writeable”. This seems like a conflict.

    Thanks again – I appreciate your tim

    Plugin Author AITpro
    Participant

    @aitpro

    BPS has a built-in .htaccess editor on the BPS Edit/Upload/Download page where you can edit your .htaccess files. To see a video tutorial on how to add custom code to BPS Custom Code click on the Custom Code Video Tutorial link on the BPS Custom Code page.

    Plugin Author AITpro
    Participant

    @aitpro

    I don’t even like testing Better WP Security. It has wrecked a couple of my test sites so if i can avoid that plugin i do. 😉 it does some things with the database that do not have simple “undo” capability so you end up wiping the entire site to get rid of that plugin.

    mlhwebsites
    Member

    @mlhwebsites

    The only reason I added it was it did some things Bulletproof didn’t such as logging 404 errors (detection), monitoring changed files etc. I’ve had one site hacked so I get nervous. Perhaps I should deactivate it for a while to see if that stops the 404 to 644.

    Plugin Author AITpro
    Participant

    @aitpro

    Well in general 404 file permissions means Read-Only and 644 means allow writing so if a file has 404 permissions then it is locked and is not writable until it is unlocked to 644 file permissions. So the message you posted above from Better WP Security does not make sense. it should be 404 not writable. 644 is writable. 😉 Probably just a coding mistake in Better WP Security where the check or the displayed message for the check is backwards. 😉

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘[Resolved] BulletProof Security ~ htaccess Core’ is closed to new replies.