Title: Issue with the Better Analytics plugin
Last modified: August 30, 2016

---

# Issue with the Better Analytics plugin

 *  Resolved [isaacl](https://wordpress.org/support/users/isaacl/)
 * (@isaacl)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/)
 * I’m seeing a bunch of these entries in the BPS security log (I removed the IP
   address):
 * [403 GET / HEAD Request: June 29, 2015 – 12:18 pm]
    Event Code: PSBR-HPR Solution:
   [http://forum.ait-pro.com/forums/topic/security-log-event-codes/](http://forum.ait-pro.com/forums/topic/security-log-event-codes/)
   REMOTE_ADDR: x.x.x.x Host Name: static-x-x-x-x.nycmny.fios.verizon.net SERVER_PROTOCOL:
   HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: x.x.x.x HTTP_X_CLUSTER_CLIENT_IP:
   REQUEST_METHOD: GET HTTP_REFERER: [https://mydomain.com/](https://mydomain.com/)
   REQUEST_URI: /wp-content/plugins/better-analytics/js/loader.php?ver=1.0.5.js 
   QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/
   537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
 * I tried following another thread ([https://wordpress.org/support/topic/conflict-with-social-share-plugin](https://wordpress.org/support/topic/conflict-with-social-share-plugin)),
   and added this in under the CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES area:
 *     ```
       # S=13: Better Analytics skip/bypass rule
       RewriteCond %{REQUEST_URI} ^/wp-content/plugins/better-analytics/ [NC]
       RewriteRule . - [S=13]
       ```
   
 * I also added this under the CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/
   BYPASS RULE area (with mydomain set to my site’s domain):
 *     ```
       # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
       # Only Allow Internal File Requests From Your Website
       # To Allow Additional Websites Access to a File Use [OR] as shown below.
       # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
       # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
       RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
       RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
       RewriteRule .* index.php [F,L]
       RewriteCond %{REQUEST_URI} (loader\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
       RewriteCond %{HTTP_REFERER} ^.*mydomain.com.*
       RewriteRule . - [S=1]
       ```
   
 * However, I am still seeing the errors in the security log.
 * Any ideas how I can get this working?
 * Thanks a lot!
 * Edit: I just realized that I had to change the get-noapi-counts line in the second
   block to loader, and remove the second entry (updated above), but that still 
   isn’t working, and I’m still seeing the errors in the log.
 * [https://wordpress.org/plugins/bulletproof-security/](https://wordpress.org/plugins/bulletproof-security/)

Viewing 15 replies - 1 through 15 (of 38 total)

1 [2](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/page/3/?output_format=md)
[→](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/page/2/?output_format=md)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280113)
 * I have a feeling that your server or something else you have installed on your
   server may be blocking the loader js script. At least that is the case on my 
   XAMPP testing server. Try turning off BPS Security Logging on the Security Log
   page and see if a 403 error is displayed by your server. BPS logs all 403 errors
   whether or not they are related to or caused by BPS.
 * The Source Code of the embedded js code looks incorrect to me, but maybe it is
   supposed to be embedded using the htmlentities and json_encode php functions.
 *     ```
       Code in this plugin that creates the js embedded code in the Source Code.
       <script type='text/javascript' src='" . plugins_url('better-analytics/js/loader.php') . "?ver=" . BETTER_ANALYTICS_VERSION . ".js' id='ba_s' data-o=\"" . htmlentities(json_encode($jsonOptions)) . "\"></script>";
   
       The outputted js embedded code the Source Code.
       <script type='text/javascript' src='http://demo5.local/wp-content/plugins/better-analytics/js/loader.php?ver=1.0.5.js' id='ba_s' data-o="{&quot;tid&quot;:&quot;UA-7731227-2&quot;,&quot;co&quot;:{&quot;userId&quot;:1},&quot;g&quot;:68456,&quot;dl&quot;:&quot;\\.avi|\\.doc|\\.exe|\\.gz|\\.mpg|\\.mp3|\\.pdf|\\.ppt|\\.psd|\\.rar|\\.wmv|\\.xls|\\.zip&quot;,&quot;s&quot;:0,&quot;a&quot;:0}"></script>
       ```
   
 *  Thread Starter [isaacl](https://wordpress.org/support/users/isaacl/)
 * (@isaacl)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280119)
 * Good call.
    After disabling the security logging, I’m still getting a 403 error.
   Any way of figuring out what else could be causing that? Thanks a lot!
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280125)
 * Also activate Default Mode for the root htaccess file to completely eliminate
   the root htaccess file and let me know if you are still seeing a 403 error.
    
   My gut is telling me that something is wrong with the embedded js code, but I
   am not 100% sure about what the js code is supposed to do/work.
 *  [digitalpoint](https://wordpress.org/support/users/digitalpoint/)
 * (@digitalpoint)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280128)
 * The loader.php script is supposed to have the htmlentities / json_encode stuff
   on it.
 * If you strip the loader.php script down to it’s most basic form it still throws
   a 403 from the server.
 * It could be something as simple as permission issues on the PHP file, but not
   sure why that would be when the rest of the PHP files don’t have an issue. I 
   suspect something in your web server’s configuration that is intercepting the
   request and blocking it for some reason.
 * It’s not an issue with the path to the file, because you can load non-PHP files
   in that directory (for example ba.js), but the other PHP file in that directory(
   universal.php) throws the same 403.
 * Normally running the wp-content/plugins/better-analytics/better-analytics.php
   file directly would give an error saying it’s not allowed, but also getting the
   403 error there as well.
 * Based on that, I’d guess there’s something in your web server that doesn’t allow
   direct PHP execution of anything within the wp-content folder as even wp-content/
   index.php is giving you the same error on your server.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280130)
 * [@digitalpoint](https://wordpress.org/support/users/digitalpoint/) – thanks for
   veryifying the js code is good. Just looked a little unusual to me so was not
   really sure if it was good or not.
 *  Thread Starter [isaacl](https://wordpress.org/support/users/isaacl/)
 * (@isaacl)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280158)
 * I tried Default Mode, and I’m still getting that error, so there must be something
   else blocking it, but since I don’t get any error message in the log, I have 
   no clue what the issue is.
    I’m going to have to do some more digging to see 
   what else could be the issue…
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280162)
 * Check with your host. If your host is using mod_security then a SecRule or SecFilter
   could be blocking the php and/or js script/code. Also your server log may have
   more clues about what exactly is being blocked.
 *  Thread Starter [isaacl](https://wordpress.org/support/users/isaacl/)
 * (@isaacl)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280163)
 * I host my own site, so I guess I have to dig deeper…
 * In the Apache error log, I see this:
 * AH01797: client denied by server configuration: /home/user/public_html/wp-content/
   plugins/better-analytics/js/loader.php
 * And I forgot to mention, I recently upgraded my server to Apache 2.4 and PHP 
   5.5, but I doubt that’s the issue…
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280164)
 * Open your Apache httpd.conf file and look for any code/directives that could 
   be blocking something. If you are using vhost then check your vhost conf file
   too.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280165)
 * I’m pretty sure the issue does not have to do with open_basedir since you would
   be seeing a specific open_basedir error message.
 *  [digitalpoint](https://wordpress.org/support/users/digitalpoint/)
 * (@digitalpoint)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280166)
 * This might get you on the right track… looks like it’s something new in Apache
   2.4.3…
 * [http://stackoverflow.com/questions/10351167/apache-client-denied-by-server-configuration](http://stackoverflow.com/questions/10351167/apache-client-denied-by-server-configuration)
 * [http://httpd.apache.org/docs/current/upgrading.html#access](http://httpd.apache.org/docs/current/upgrading.html#access)
 *  Thread Starter [isaacl](https://wordpress.org/support/users/isaacl/)
 * (@isaacl)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280168)
 * Weird that this is only with one plugin if that’s the problem.
    And the cPanel
   documentation seemed to say that it should be backwared compatible, but I’ll 
   see what I can find… Thanks!
 *  [digitalpoint](https://wordpress.org/support/users/digitalpoint/)
 * (@digitalpoint)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280175)
 * Well whatever it is, it seems to be blocking *just* PHP files, and just within
   wp-content folder… so if it’s not that Apache thing, you probably are going to
   need to go digging in your Apache config and/or .htaccess files to figure out
   what rule is causing it.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280177)
 * [@digitalpoint](https://wordpress.org/support/users/digitalpoint/) – The BPS 
   Default Mode root htaccess file is just a standard WP htaccess file that just
   does the Rewrite Loop. So at this point it is safe to say that the block is coming
   from something on the server/server config.
 * [@isaacl](https://wordpress.org/support/users/isaacl/) – WP plugins share one
   common thing – that they are WP plugins, other than that there are literally 
   millions of unique things that plugins do so you need to figure out what unique
   thing that Better Analytics is doing that is being specifically blocked by your
   server. It could be something like how a script is called or loaded or many other
   possible things. The first step is isolating what is doing what. So you want 
   to make sure your httpd.conf or vhost conf file is not restricting something 
   that should not be restricted.
 *  Thread Starter [isaacl](https://wordpress.org/support/users/isaacl/)
 * (@isaacl)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/#post-6280178)
 * Going to do some digging.
    Since I haven’t had issues with any other plugins,
   I’m wondering what’s different about the way that this is being loaded – I would
   guess that there might be something set up to block direct loading of php files
   in the wp-content folder from external sources, but no other plugins seem to 
   be affected, so I’m not really sure what’s happening…

Viewing 15 replies - 1 through 15 (of 38 total)

1 [2](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/page/3/?output_format=md)
[→](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/page/2/?output_format=md)

The topic ‘Issue with the Better Analytics plugin’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

 * 38 replies
 * 3 participants
 * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/)
 * Last activity: [10 years, 11 months ago](https://wordpress.org/support/topic/issue-with-the-better-analytics-plugin/page/3/#post-6280339)
 * Status: resolved