WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: Better WP Security] PHP Images Don't Display when Better Security is Active

[Resolved] [Plugin: Better WP Security] PHP Images Don't Display when Better Security is Active

Viewing 10 replies - 1 through 10 (of 10 total)
  • Try turning off “filter suspicious query strings” and the long urls option both under “System Tweaks”

    Same issue. Tried both of the above and it looks like its the “filter suspicious query strings”. An example URL that is being blocked is…

    wp-content/plugins/special-recent-posts/lib/phpimage.php?width=75&height=75&rotation=no&file=L2hvbWUxL2V4cG9zdXQzL3B1YmxpY19odG1sL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDEyLzA4LzIwMTIwODEwLTAyMDYwOS5qcGc=

    Any way to config better wp security to allow this, but still block other suspicious strings?

    @tnault No. But turning off only one feature still gives you the security of others. The problem is there are so many plugins that conflict with that feature in different ways (all of which can also be interpreted as an attack in the wrong hands) that I couldn’t possibly exclude them all without compromising the feature itself.

    Thanks for the follow-up! I’m not a coder by trade, but it would seem fairly straight forward to add a sort of “white list” option to allow specific urls…or similar to the SSL feature that forces ssl for URLS matching */url/*. While this would leave a vulnerability for that one match it would still allow the rest of the site and functions to be protected….just a thought.

    Better WP Security is still a remarkable plugin and one that I am very grateful for. Thanks for all your hard work and dedication to making wordpress a more secure platform.

    @tnault

    It would be easy to add the feature but the usability of such a feature could trouble many. For example, if a wildcard or regex was needed for a plugin exclusion (this would be the case with many of the plugins) entering it wrong could lead to all sorts of problems.

    Most likely what I’ll do sometime in the near future is a low/medium/high setting for the feature to try to make it as usable as possible while also eliminating many of the conflicts.

    Cool! Totally understand …thanks again!

    Hi Bit51,

    I am having issues with the plugin turning off all images when the plugin is active.
    I disabled the “filter suspicious query strings” and the “long urls option” which has had no effect.

    Its all images, not just the thumnails.
    http://blogs.newschool.edu/social-justice/

    Disabling the plugin entirely fixes the problem, but I would not want to do that. This is only an issue with this version of the plugin.

    cb

    I have also just found that viewing images directly displays a huge block of code

    example – http://blogs.newschool.edu/social-justice/files/2012/08/SJRC_book_covers2-225×300.jpg

    I also get this message when updating a setting.

    “Settings Saved. You will have to manually add rewrite rules to your configuration. See the Better WP Security Dashboard for a list of the rewrite rules you will need.”

    @batec drop me an email at info [at] bit51 [dot] com and we’ll see what we can work out. I’m wondering if something is processing your images before they are displayed in the browser.

    i have used the childshly simple 1.0100 and i got the same thing all images are block in theme option and website display I disabled the “filter suspicious query strings” and the “long urls option” which has had no effect.
    how to solve it

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘[Resolved] [Plugin: Better WP Security] PHP Images Don't Display when Better Security is Active’ is closed to new replies.