Support » Plugin: BulletProof Security » Get rid of the

  • Resolved G-Olly

    (@g-olly)


    Hi there, just wondering how I get rid of the “BPS Setup Wizard AutoFix” that now appears at the top of all my admin pages since the last update. I have tried to implement the autofix which it did without a problem but the pop up box is still there. I cannot find anywhere to turn it off in the BPS settings either. Please advise.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author AITpro

    (@aitpro)

    You can turn the BPS Setup Wizard AutoFix notification off on the Setup Wizard Options page > AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) > AutoFix Off. It would be better to figure out why the BPS Setup Wizard AutoFix notification is still being displayed after running the Setup Wizard. The most likely cause of this problem is BPS Query String Exploits custom code in this BPS Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS

    Go to the BPS Custom Code tab page > click the Root htaccess File Custom Code accordion tab > copy and paste the custom code in the 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS Custom Code text box in your forum reply so I can take a look at it.

    Plugin Author AITpro

    (@aitpro)

    Is the issue/problem still occurring or is it resolved?

    Hi there,

    This is the error that I am receiving from BPS Setup wizard Autofix:

    “Error: Your PHP Configuration Memory Limit is set to: 32M. WordPress needs a bare minimum Memory Limit setting of 64M to perform well. Contact your Web Host and ask them to increase your memory limit to the maximum memory limit setting allowed by your Host.”

    The strange thing is that on all other system checks (theme, other plugins) I am getting 256M (which is configured in my php.ini, wp-config.php). trying to figure out where BPS is getting this information. I know that this is the default for WP, so is it coming from this?

    My custom code:

    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker. 
    # Use BPS Custom Code to add or remove user agents temporarily or permanently from the 
    # User Agent filters directly below or to modify/edit/change any of the other security code rules below.
    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] 
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE BPS QUERY STRING EXPLOITS
    • This reply was modified 1 year, 10 months ago by  G-Olly.
    Plugin Author AITpro

    (@aitpro)

    On the BPS System Info page you will see these PHP memory checks.

    PHP Memory Usage: 5.93 MB – how much PHP config memory is being used at idle.
    WordPress Admin Memory Limit: 256M – this is internally set by WP
    WordPress Base Memory Limit: 40M – this is internally set by WP
    PHP Actual Configuration Memory Limit: 128M – This is your actual PHP configuration memory limit that is set in your php.ini file or .user.ini file on your host server.

    If you see 32M for PHP Actual Configuration Memory Limit then contact your web host and ask them to increase your PHP memory limit to 128M.

    Try this to see if it fixes the BPS Setup Wizard AutoFix notification problem. Use the Custom Code Export feature to make a backup of all your custom code. Click the Delete Custom Code button. Run the Setup Wizard again.

    If the BPS Setup Wizard AutoFix notification is no longer being displayed then you will need to manually add your backed up custom code back into BPS Custom Code text boxes one by one and test to find out if/which custom code you have added is causing the BPS Setup Wizard AutoFix notification problem.

    Plugin Author AITpro

    (@aitpro)

    Did anything ever happen with this issue/problem? Do you need any additional help?

    • This reply was modified 1 year, 9 months ago by  AITpro.
    Plugin Author AITpro

    (@aitpro)

    Assuming this thread can be resolved at this point? If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Get rid of the’ is closed to new replies.