[Plugin: BulletProof Security] Bulletproof hindering Google Analtyics dashboard plugins.

  • Resolved Tom Finley

    (@hifidesign)


    11 years, 7 months ago

    We’ve use GA Dashboard, GA Dashboard Widget, Google Analyticator, and Analytics360. In every case Bulletproof is now causing these dashboard stats widgets to break, within the past week or two. Did something change?

    I saw in another support thread that this likely has to do with OAuth. I also got the impression that it was resolved from that thread. Is there some way to get these all to play nicely with each other?

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author AITpro

    (@aitpro)

    11 years, 7 months ago

    Have you tried this fix and the problem is still occurring?
    http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#GoogleAnalyticsDashboard

    It is possible that something has changed in those plugins so what i would need is the Query strings to see what might be blocked. In your address bar you will see a URL and it will contain a query string. post the portion of the query string starting from the question mark character.

    Plugin Author AITpro

    (@aitpro)

    11 years, 7 months ago

    There are several different Google analytics plugins so please list each one with a link to the plugins main page and i will test each one.

    I tested Google Analytics Dashboard – Author Carson McDonald
    http://wordpress.org/extend/plugins/google-analytics-dashboard/

    And found 2 things that are blocked by BPS.

    Root .htaccess file modification – comment out this security filter with a pound sign.

    #RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]

    wp-admin .htaccess file modification – Add this skip/bypass rule to BPS Custom Code – “CUSTOM CODE WPADMIN PLUGIN FIXES: Add ONLY WPADMIN personal plugin fixes code here” so that admin-ajax.php can be called by Google Analytics Dashboard. 

    # Google Analytics Dashboard skip/bypass
RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
RewriteRule . - [S=2]
    Plugin Author AITpro

    (@aitpro)

    11 years, 7 months ago

    One of dilemma’s that we discuss at AITpro on a regular basis is – Is it better to start from the maximum security settings by default and then deal with case by case issues to create skip/bypass rules or would it be better to start from medium security and then offer a maximum security option with one click. I personally do not think that is really a good solution and what would be much more effective and advanced approach would be to capture the error generated and automatically generate a solution based on the known set of conditions. This is in the works at this point and is in experimental testing.

    admin-ajax.php is a completely safe file to be allowed by default for plugin calls so this file will be added as a standard allowed file in the wp-admin .htaccess file in the next version release of BPS.

    # Allow wp-admin files that are called by plugins
RewriteCond %{REQUEST_URI} (press-this\.php|admin-ajax\.php) [NC]
RewriteRule . - [S=1]

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: BulletProof Security] Bulletproof hindering Google Analtyics dashboard plugins.’ is closed to new replies.