Plugin Author
AITpro
(@aitpro)
you can either allow the single quote code character or do not allow it in Query Strings, searches, URL’s, etc.
http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939
Thread Starter
isaacl
(@isaacl)
Thanks!
Will I have to edit that every time a new version comes out?
Or will it automatically keep those settings there?
And thanks for all your hard work on the plugin!
Plugin Author
AITpro
(@aitpro)
When you add code to BPS Custom Code it is saved permanently.
Very welcome!
Thread Starter
isaacl
(@isaacl)
One more question – has anything changed in that code since that post?
Plugin Author
AITpro
(@aitpro)
Yes, that Forum Topic has been updated recently (i believe sometime in the last 2 weeks) and does contain the newest/most current BPS Query String Exploits .htaccess code.
Thread Starter
isaacl
(@isaacl)
One more thing – when I try to save the custom code, it tries to direct me to http://domain.com/#bps-tabs-7, which takes me back to the main site, instead of what I assume should be http://domain.com/wp-admin/admin.php?page=bulletproof-security/admin/options.php#bps-tabs-7
Any idea why that’s happening?
Plugin Author
AITpro
(@aitpro)
hmm that is odd.
Go to the Security Modes page and put BPS in Default Mode and then try and click the Save Root Custom Code button. that will tell you if something is wrong with your root .htaccess file/code.
Thread Starter
isaacl
(@isaacl)
It only seems to happen once I paste the new BPSQSE BPS QUERY STRING EXPLOITS code, and it doesn’t actually save, but if I go into the custom code tab, and save it as is, without adding anything, it saves correctly…
Plugin Author
AITpro
(@aitpro)
Ok I kind of thought that might be what is going on. My next psychic guess is that the code contains some hidden formatting.
Do these steps.
Go to the htaccess File Editor tab page, click on the secure.htaccess tab, scroll down in the contents of the file until you come to the BPS Query String Exploits section of code, copy the BPS Query String Exploits section of code to this Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: Modify Query String Exploit code here and then click the Save Root Custom Code button.
Example:
# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
...
...
...
# END BPSQSE BPS QUERY STRING EXPLOITS
Plugin Author
AITpro
(@aitpro)
…is that the code contains some hidden formatting…
During the copy and paste it is possible depending on how the copy and paste was done that the code now contains hidden formatting. for example if you copy .htaccess code to a Microsoft Word doc it will be instantly corrupted and contain hidden formatting. 😉
Thread Starter
isaacl
(@isaacl)
No go.
Any chance you can take a quick look at it? I’ll give you login info to the site…
Thank!
Thread Starter
isaacl
(@isaacl)
And if I just save the first and last lines, it seems to save…
Plugin Author
AITpro
(@aitpro)
The only logical explanation I can think of that makes sense is that something is blocking some of the .htaccess code. Something like mod_security SecRules/SecFilters or possibly just another plugin that you have installed either intentionally or some sort of conflict or possibly your theme.
Deactivate all of your plugins except for BPS and test.
Temporarily switch your theme to a WordPress theme: 2011, 2012, 2013 or 2014 and test.
Let me know what happens.