Support » Plugin: BulletProof Security » [Plugin: BulletProof Security] Cannot browse to images, 404 error

  • Resolved prjt


    Hi there,

    First I would like to say I love this plug-in and that the support from AITpro on the community seems amazing. Great work.

    I am running WordPress 3.3.1 and hav installed the Jigsaw Theme from ThemeForest.

    After installing BulletProof I have the following issues:

    1. When I upload images, they are not visible in the web-browser. For example: this image. The files are getting uploaded to my /assets/ folder, and I can download them via FTP, but they do not display on the web. Do I need to make changes to the .htaccess file?
    2. I get the “Either a BPS .htaccess file was NOT found in your root folder or you have not activated BulletProof Mode for your Root folder yet, Default…” error AND the “wp-config.php is NOT .htaccess protected by BPS” error. All of my .htaccess files are present, so I’m not sure why I receive this error.

    Any help would be greatly appreciated. Thank you.


Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Author AITpro


    1. I checked your site and do not see any image files to check. Without seeing an actual image file i have no way of knowing if the image really exists. Please post a test image.

    2. Are you using the most current version of BPS .htaccess files? They should be .46.9. If you have older versions of the .htaccess files then use AutoMagic to create new Master .htaccess files and activate BulletProof Modes again.

    Thank you for the rapid response AITpro. 😀

    I linked directly to the image in my post, but you can see the broken image on this page: I have no other way of linking to the image since the direct link is broken:

    Please let me know if there is any other information I can provide you.

    Also, I did use the AutoMagic buttons and then activated each of the BulletProof Modes but I still get the error.

    Kind regards,

    Plugin Author AITpro


    Oh ok now i understand what the problem is. You are telling WP to look in a folder called /assets in the root of your website, but there really is not a folder called /assets at that URL address. So what you need to figure out is what the correct URL actually really is. If the /assets folder really is in the root of your website then the images should be displayed by going to the literal URL, but they are not.

    Also how are you doing the subdomain site? is it done with DNS or .htaccess or some other way?

    Thank you so much for you help… I feel really dumb. I changed my upload directory and now everything works fine.

    The subdomain has been set using a DNS A record. Do you think that is the reason why I’m receving the BulletProof error? I should mention that the error disappears for a short while (5 – 10 seconds) right after I use the AutoMagic buttons and activation. However, the BulletProof .htaccess files DO exist on my server and are unchanged.

    Plugin Author AITpro


    eh it happens. 😉 no biggee. its usually the silly stuff that screws me up too.

    Are you using a cPanel tool called HotLink Protection by any chance? it is an .htaccess file destroyer and it cannot be disabled because disable is also broken for that tool. The only way to stop that destructive malfunctioning tool is to lock your root .htaccess file with 404 permissions.

    Do you have the 6scan plugin installed – it breaks BPS. In order to work with that plugin you will need to manually remove the blank spaces that this plugin adds to your root .htaccess file. it adds 2 blank spaces in front of the pound sign here>>> # BULLETPROOF .46.9 >>>>>>> SECURE .HTACCESS which throws off the BPS .htaccess file version check.

    When BPS creates your root .htaccess file what RewriteBase do you see in the root .htaccess file? Are you doing anything like Giving WordPress its own directory? Is your SAPI type DSO or CGI? you will find your SAPI type under System Info?

    Thanks AIT,

    My cPanel does have HotLink protection (marked as disabled). I will definitely lock my .htaccess file. I don’t have the 6scan plugin installed– luckily.

    The RewriteBase on my .htaccess file is ‘/’. Is this what it is supposed to be?

    Also, I noticed that when an image is pointed to directly, it will show up but WordPress likes to point to images using the ‘attachment_id’ and none of these images appear on the web. Is this because of BP?

    I thought the problem might be with how I was attaching images to pages, but when I tried changing the attachment_id to the file URL in WordPress, the images are still not showing up:

    Plugin Author AITpro


    Ok you have subdomain set up with a DNS A record in your Control Panel, but what is the real structure of your website?

    For example lets say you have an api subdomain setup.

    The A record points to folder /api

    The site structure is /api at the root of the domain

    the /api folder has a rewritebase of /

    the question is where is /front?

    I doubt attachment_id has anything to do with it, but if the coding of how that is handled is fubar then yeah i guess it could be whack.

    Also since this Theme is doing a different way of handling images other then the normal WordPress method then i think it would be wise to check with the Theme creators at this point. I’m sure they have come across this issue before.

    /front is tied to my cpanel user: /home/username/public_html/

    Does that answer your question regarding site structure?

    Also, I will check with the theme creators regarding the image handling.

    Thank you,

    Plugin Author AITpro


    /front would actually need to be at some physical folder location in order for things to work correctly. so if you are saying that the full path to the front folder is this /home/username/public_html/front then that would make sense. the /front folder would be located in the root of your domain like the example i provided above and the correct rewritebase would be /.

    There is no /front folder… the root is /home/username/public_html/

    I have my /wp-content , /wp-admin , and /wp-includes folder in there.

    Should I re-install wordpress in a directory named /front?

    Plugin Author AITpro


    This is the way I would do it and have always done subdomain sites.

    I want a sudomain site in the /front folder, which will have this url.

    Create the front folder off of your /public_html website root / root domain.

    Create the DNS A record to /front – test everything at this point by putting an index.html file in your /front folder to make sure everything is working correctly first.

    Install the subdomain WordPress site in the /front folder.

    your URL path is

    and very important to note.

    You would also have another installation of WordPress in a folder called


    for the main site.

    Both of these are considered a WordPress Root folder installations.

    If you added a subfolder WordPress site to this subdomain site and WP root installation. then you would install another instance of WordPress in a subfolder of /front


    the URL to that site would be

    if you added a subfolder site to the main site then you would install another instance of WordPress in this folder


    The URL would be

    Plugin Author AITpro


    Resolving – not a BPS issue.

    Are you using a cPanel tool called HotLink Protection by any chance? it is an .htaccess file destroyer and it cannot be disabled because disable is also broken for that tool. The only way to stop that destructive malfunctioning tool is to lock your root .htaccess file with 404 permissions.

    Hi AIT Pro

    I have a similar problem related to Hotlink Protection. Hope to get your input.


    Plugin Author AITpro


    My reply will be in the other thread you started. In the quote you referenced, I was referring specifically to a tool that is included with cPanel tools called “HotLink Protection”. It has been broken since 2008. In your other thread you have posted some .htaccess hotlink protection coding. If you are using the cPanel HotLink Protection tool then it will it will wipe out your .htaccess code in your Root .htaccess file. I was not referring to adding hotlink protection .htaccess code in general.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘[Plugin: BulletProof Security] Cannot browse to images, 404 error’ is closed to new replies.