Support » Plugin: BulletProof Security » [Plugin: BulletProof Security] 500 errors on update from .47.1 to .47.3.

  • Resolved amfm


    I had BulletProof Security
 version .47.1 installed and I attempted to update to .47.3. WordPress claimed the update was successful, and on the next page I received the following alerts:

    “BPS Automatic htaccess File Update in Progress. Refresh Your Browser To Clear The BPS Alert.
    BPS .47.1 Upgrade Notice
    Adding new htaccess security filters included in version .47.2. Refresh your Browser to continue adding new security filters for version .47.3.
    BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder
    If you are upgrading BPS this Alert will go away after you Refresh your Browser.
    If you still see this Alert after refreshing your Browser then Activate BulletProof Mode for your wp-admin folder.
    BulletProof Mode for the wp-admin folder MUST be activated when you have BulletProof Mode activated for the Root folder.
    Check the BPS Security Status page to view your BPS Security Status.”

    The first time this happened I hit refresh on my browser and received 500 errors on my site and my site backend. Disabling/deleting the BPS plugin folder didn’t correct. Through SFTP I restored the BPS plugin folder, root htaccess, and wp-admin htaccess from a backup I had (version .47.1.) The site then functioned correctly, but with the older version. I decided to try again and proceeded as above, but when the alerts appeared I clicked the link for the BPS Security Status page within the alert. The same 500 errors and corrections were made. I would love to update to the latest version but I am not sure what is interfering. Thanks in advance for your help.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author AITpro


    Ok since your host uses cPanel and you posted this other problem (see link below) a while back that was caused because of the broken cPanel HotLink Protection Tool then this problem is most likely also being caused by the broken cPanel HotLink Protection Tool.

    BPS needs to unlock your .htaccess file during the automatic upgrade. The cPanel HotLink Protection tool will destroy your root .htaccess file as soon as your root .htaccess file is unlocked (you cannot disable the broken cPanel HotLink Protection Tool because enable/disable is also broken).

    So what you can do is this. If BPS sees that the version number in your root .htaccess file is .47.3 it will NOT do the automatic .htaccess file update and unlock your root .htaccess file. So you will need to manually change the .htaccess file version number in your root .htaccess file from .47.1 to .47.3. Then do the upgrade to .47.3. After the upgrade installation is completed you will need to use AutoMagic and then Activate BulletProof Mode for your root folder. Your root .htaccess file is unlocked during this process, but only for a split second so there is not enough time for the Broken cPanel HotLink Protection tool to destroy your root .htaccess file.

    That worked! You are fantastic. And I can’t believe how troublesome that damn cpanel hotlink protection continues to be. It keeps sneaking into the unlikeliest of scenarios.

    Thanks once again for your speedy and thorough support!

    Okay, I reset my browser and all of my images on my site have disappeared since performing this update as you suggested. I also noticed that even the small pics on the create new post page (the tiny mce or whatever those little links are called?) My site is mainly images so I need to get this fixed!

    Any idea what could’ve happened?

    Plugin Author AITpro


    Yeah hard to believe that the broken HotLink Protection Tool problem has been going on for over 10 years now. Scary.

    Is this a MU/Network installation, standard single site installation or Giving WordPress its own Directory installation of WordPress?
    Did you click the AutoMagic buttons before activating the Root folder BulletProof Mode?
    Did you have any custom code that you manually added to your old root .htaccess file for a plugin or theme to display image files correctly?
    If you use the BPS Custom Code feature it will save any custom code permanently so that when you click the AutoMagic buttons that custom code is automatically added to your root .htaccess file.

    If you post your full URL to image files on your website then i can tell you exactly why you are not seeing image files. Or if you want your site to remain anonymous just replace your domain name with

    Also double check the Hotlink Protection Tool again. If there is any code in any of the boxes then delete it. And the problem will continue to happen over and over again if your root .htaccess file is not locked with 404 permissions.

    So, I reverted my site back to BPS version .47.1 and my images returned. I also noticed when I was trying to correct this that even my image library on the backend was showing up as broken links, as were any images on the dashboard (the small plug image next to “plugins” for example.) (On a much smaller scale, I once had an image not show up because it had the word shadow in the name and it was triggering a security filter in my htaccess that included the word “shadow.” In this case I have no idea what would cause every single image site-wide to fail.)

    In answer to your questions:
    -It is a standard single site installation.
    -Yes, I automagic-ed both buttons before activating all bulletproof modes.
    -I have custom code in my root, but all of that was in the BPS custom code feature to include it permanently and as far as I can tell it appeared to transfer correctly. I don’t have any special code for displaying image files correctly to the best of my knowledge.

    I thought it could be something in the new BPS htaccess file interfering with some of my custom code… I glanced at the two root htaccess files side by side and the only difference I could see (let me know if I’m missing something) was this code that was in the .47.3 htaccess:

    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]

    I also noticed that there is a space at the bottom of the page on .47.1 htaccess but not on the .47.3 one.

    No idea. I didn’t see a difference between the wp-admin htaccess files. For now I am leaving .47.1 in place until I can iron this out. Thanks again for any help.

    Plugin Author AITpro


    Ok well to test if this new security filter is causing the problem add it to your current root .htaccess file and see if the problem occurs again. it is a possibility that i could be causing the problem, but unlikely.

    The space at the bottom is ok and will not cause any problems.

    Hmm BPS does not filter out the word “shadow”. Are you using another security plugin that is filtering this word out or maybe you are saying that you added that word to a BPS security filter.

    If you post your full URL to image files on your website then i can tell you exactly why you are not seeing image files. Or if you want your site to remain anonymous just replace your domain name with

    Issue resolved! User error on my part.

    After successfully updating I noticed that the new htaccess had BPS hotlink protection commented out, so I removed the #’s to activate, failing to notice that the automagic had also stripped my domain from the hotlink code. So, I have since updated to .47.3, corrected and activated the hotlink code, refreshed browser and my site is working great.

    I also thought I would let you know that updating as you instructed left my htaccess unlocked for editing, but I locked it quickly to avoid problems with cpanel.

    Thanks again for your quick and excellent help!

    P.S. the shadow example I gave above was not BPS code, just an unusual example of how htaccess code has effected a site image in the past.

    Plugin Author AITpro



    Yeah someone else mentioned that the root .htaccess file was not being relocked on automatic update. There must be some condition that i am missing. The code is supposed to CHMOD your root .htaccess file back to 404 after updating it and it works fine on testing sites. Can you imagine how pissed off I’m going to be if i find out the broken cPanel HotLink Protection Tool is also causing this problem? LOL

    Good job in figuring out the problem. 🙂
    And i guess you know that the BPS HotLink Protection coding really does work since you blocked your own site from being able to view images. ha ha ha.

    Ha! Yes, BPS hotlink protection worked very well!

    I have no doubt Cpanel hotlink protection will continue to haunt everyone with its horrible, horrible ways. I filed a complaint with my host months ago, but nothing has changed, probably will be around for another decade.

    Plugin Author AITpro


    Overall i think cPanel is an awesome GUI and everything else in it works fine, but yeah the HotLink Protection Tool will probably be broken until the end of time. 😉

    If there was something in BPS that i could change i would change it, but this is not isolated to BPS. If you google this problem you will see that it was going on long before BPS ever existed. 😉 The only thing that i have found that works to stop it from doing damage is to lock your root .htaccess file.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘[Plugin: BulletProof Security] 500 errors on update from .47.1 to .47.3.’ is closed to new replies.