Title: [Plugin: BulletProof Security] Google Analytics plugin by Joost conflicts
Last modified: August 20, 2016

---

# [Plugin: BulletProof Security] Google Analytics plugin by Joost conflicts

 *  Resolved [footyblogger](https://wordpress.org/support/users/footyblogger/)
 * (@footyblogger)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/)
 * Hi,
 * I’ve installed BPS and it works great apart from conflicts with 2 google analytics
   plugins.
 * 1) The first is [Google Analytics for Worpdress](http://wordpress.org/extend/plugins/google-analytics-for-wordpress/)
   by Joost de Valk, whereby i get the a massive error message in the analytics 
   column on my posts page. the message begins:
 * 403 Permission Denied
    You do not have permission for this request /wp-admin/
   admin-ajax.php?action=gad_fill_ppp&pid=127&count=0&cookie=fc%….
 * and causes my posts page to hang.
 * 2) The second is with Google Analytics dashboard by Carson McDonald, which i’ve
   tried to implement the fix you outline here
 * [http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#GoogleAnalyticsDashboard](http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#GoogleAnalyticsDashboard)
 * but i cannot find this line in either my root or wp-admin .htaccess files:
    RewriteCond%{
   QUERY_STRING} ^.*(\[|\]|\(|\)||%3c|%3e|%5b|%5d).* [NC,OR]
 * any help much appreciated?
    thanks
 * [http://wordpress.org/extend/plugins/bulletproof-security/](http://wordpress.org/extend/plugins/bulletproof-security/)

Viewing 15 replies - 1 through 15 (of 19 total)

1 [2](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/page/2/?output_format=md)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952568)
 * Thank you for posting the query string. 😉 Makes it nice and simple to see the
   issue. Google Analytics for WordPress is calling admin-ajax.php for use in this
   plugin so you just need to allow this action in the wp-admin .htaccess file. 
   You can add this skip/bypass rule to BPS wp-admin Custom Code CUSTOM CODE WPADMIN
   PLUGIN FIXES: and save it so that it is saved permanently to your DB. Then activate
   BulletProof Mode for your wp-admin folder again.
 *     ```
       # GAW admin-ajax.php skip/bypass rule
       RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
       RewriteRule . - [S=2]
       ```
   
 * For Google Analytics Dashboard the .htaccess code only exists in the Root .htaccess
   file and not the wp-admin .htaccess file for BPS. I need to update this on the
   plugin testing and compatibility page. You will find that security filter in 
   this section of the BPS security filters coding.
 *     ```
       ...
       ...
       ...
       RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
       RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
       RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]
       RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]
       RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
       ...
       ...
       ...
       ```
   
 * Thanks.
 *  Thread Starter [footyblogger](https://wordpress.org/support/users/footyblogger/)
 * (@footyblogger)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952628)
 * Thanks, the Google Analytics for WordPress bypass has worked to get rid of the
   403 error but just has flatlines where it should show pageviews, exits and uniques
   stats for each post. Does this need time to rebuild the data?
 * The google analytcs dashboard fix has worked, if i use the auto magic buttons
   to create a new secure .htaccess file, will i need to change that line again?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952641)
 * I’m not really sure how the Google Analytics for WordPress plugin is supposed
   to work so i will install it and test it. Will post my findings back here after
   testing.
 * If you add plugin fixes to the BPS Custom Code plugin fixes text area it is permanently
   saved to your WP Database (until you delete it of course) so that each time you
   click the secure.htaccess AutoMagic button that custom code will be included 
   in your new .htaccess master file (AutoMagic creates master .htaccess files) 
   and then when you activate BulletProof Mode for your Root folder (copies and 
   renames the master .htaccess file to your website root folder) you will see that
   your custom code is included in your Root .htaccess file.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952652)
 * I didn’t realize that Google Analytics for WordPress was adding to Custom Variables
   within Google Analytics itself so my guess is you would have to wait the normal
   24 hour period for GA stats to be updated. So let me know if you do not see updated
   GA info tomorrow. Very Cool plugin! Thanks.
 *  Thread Starter [footyblogger](https://wordpress.org/support/users/footyblogger/)
 * (@footyblogger)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952691)
 * Yes Joost makes a lot of good plugins. Cool, nohing is still showing yet, but
   will give it some more time to populate, thanks for the fix.
 * re Google analytics dashboard, I understand that if you have custom code then
   it will continue to be added when you update, but I had to change the line within
   the actual root .htaccess file itself from:
 * RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]
 * to:
    RewriteCond %{QUERY_STRING} ^.*(\[|\]||%3c|%3e|%5b|%5d).* [NC,OR]
 * so i thought if i create a new .htaccess file from the automagic buttons i would
   lose my changes, as i altered the code in the root .htaccess file itself. So 
   wouldn’t it get overwritten when a new one is created?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952706)
 * Yes, since this is an important standard BPS security filter rule that will remain
   as it is in all future versions of BPS then it would have to be manually modified
   again if you used AutoMagic again, but as of BPS .47.2, BPS will autoupdate itself
   on upgrade and change the .htaccess file version numbers and add any new .htaccess
   security filters automatically so that you do not have to use AutoMagic after
   you upgrade BPS each time. These autoupdates do not change/alter any customization’s
   you have made to your .htaccess files. So your security filter modification would
   remain as it is now.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952716)
 * No news is usually good news, but checking in with you to see if everything is
   good now. Please confirm whether or not this thread can be resolved. Thanks.
 *  Thread Starter [footyblogger](https://wordpress.org/support/users/footyblogger/)
 * (@footyblogger)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952721)
 * That’s good news to hear about the security filter updating in future versions
   of BPS.
    I was waiting to see if the analytics section of the posts page populated,
   but it is still showing nothing. Not a big deal as my analytics are still tracking
   and the Google analytics dashboard widget is now showing after amending the .
   htaccess code, but must be some minor conflict between the two plugins. Thanks
   for your help with this, much appreciated.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952732)
 * On my XAMPP testing site everything appears to be working normally for the Google
   Analytics for WordPress plugin, but since this is a local install then the only
   data that was recorded on the Google Analytics site in Custom Variables was the
   administrator login since I do not get traffic to my local XAMPP installation.
   When i have some extra time I will install this plugin on a Live site and confirm
   that it works in a Live environment as well. Thanks.
 *  Thread Starter [footyblogger](https://wordpress.org/support/users/footyblogger/)
 * (@footyblogger)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952742)
 * Thanks, i’d be interested to know the results.
    Just one more question, in the‘
   edit/upload/download menu’ when i click ‘Lock .htaccess file’ it causes my site
   to crash and give a ‘403 forbidden access’ error message when i try to access
   any page on the actual site. Does the .htaccess file need to be locked?
 * At the minute in the file editing it says:
    File Open and Write test successful!
   The secure.htaccess file is writable. File Open and Write test successful! The
   default.htaccess file is writable. File Open and Write test successful! The maintenance.
   htaccess file is writable. File Open and Write test successful! The wpadmin-secure.
   htaccess file is writable. File Open and Write test successful! Your currently
   active root .htaccess file is writable. File Open and Write test successful! 
   Your currently active wp-admin .htaccess file is writable.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952746)
 * No, the .htaccess file does not need to be locked. This is just an additional“
   bonus” security measure. Most likely your web host has created a strict rule 
   on your Server that .htaccess files can only have 644 permissions. Which web 
   host do you have so i can make a note of it? Thanks.
 *  Thread Starter [footyblogger](https://wordpress.org/support/users/footyblogger/)
 * (@footyblogger)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952748)
 * Interesting, when i create the .htaccess files with the auto-magic buttons and
   then activate all four options, about 10 minutes later i get the browser message
   pop up saying i don’t have BPS security activated and to go to the BPS settings
   page. I then go through the same process and about 10 minutes later i get the
   same message saying i don’t have BPS security activated even though i used the
   auto-mgic buttons and have activated Bulletproof mode on all four options.
 * I have managed to get rid of the 403 error and by locking the .htaccess file 
   in the ‘edit/upload/download’ menu, the error message about not having BPS security
   that pops up at the top of the browser disappears.
 * My .htaccess permissions are set to 404 as per the recommended permissions in
   the ‘security status’ menu. I use Justhost.com.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952749)
 * It sounds like either you have the classic cPanel Broken HotLink Protection tool
   problem, which will automatically change your root .htaccess file and add gibberish
   broken code to it or you have another plugin installed that is modifying the 
   root .htaccess file at regular intervals automatically. There is a wp pre-made
   function called flush_rewrite_rules() that is very problematic if used incorrectly
   as it will remove all .htaccess code and replace it with the default wp .htaccess
   code.
 * You originally stated that you were unable to look your root .htaccess file and
   now you stated that you have changed it to 404 permissions. I assume you then
   changed the file permissions manually with FTP. Some hosts (not many – i think
   around 6 total out of 100’s) will automatically reset .htaccess permissions to
   644 after you try and change the permissions.
 * So what you need to check at this point are these things:
    1. check cPanel and
   see if you see the HotLink Protection Tool. 2. make a copy of your root .htaccess
   file and then when it is changed automatically again after the 10 minute interval
   make another copy and compare the 2 files and see what has been modified. 3. 
   recheck the root .htaccess file permissions when the problem occurs again and
   see if the permissions are set back to 644. 4. the 6scan plugin also used to 
   break BPS and add blank spaces to the root .htaccess file, but it has been a 
   long while since i checked to see if that plugin is still doing that.
 *  Thread Starter [footyblogger](https://wordpress.org/support/users/footyblogger/)
 * (@footyblogger)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952763)
 * I have a hotlink protection tool under ‘security options’ but no broken hotlink
   protection tool in my cpanel. Not sure if this is the same thing? The blurb says
   “
   Hotlink protection prevents other websites from directly linking to files (as
   specified below) on your website. Other sites will still be able to link to any
   file type that you don’t specify below (i.e., HTML files).”
 * I changed the permissions via FTP and they are still set to 404, so hopefully
   they are not ones that are automatically reset.
 * After i lock the file i don’t receive the warning message that BPS security is
   not active. I’m not running 6scan and the only other security plugin i have is‘
   WP security scan’ by Website defender if this has any conflict?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/#post-2952765)
 * The cPanel HotLink Protection tool is a tool in cPanel – that is the thing that
   i was referring to that is broken. I have posted more info about this problem
   with a Sticky Thread Post since the problem continues pop up year after year –
   see more details here – [http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=2](http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=2)
 * Ok well by locking the .htaccess file with 404 permissions then you are blocking
   something else that has been causing the problem. Sure sounds like the cPanel
   Hotlink Protection Tool problem, but if it is not then some other plugin you 
   have installed was automatically writing to your root .htaccess file when it 
   was not locked. There are not any conflicts between BPS and the WP Security scan
   plugin that i am aware of.

Viewing 15 replies - 1 through 15 (of 19 total)

1 [2](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/page/2/?output_format=md)

The topic ‘[Plugin: BulletProof Security] Google Analytics plugin by Joost conflicts’
is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

## Tags

 * [BPS](https://wordpress.org/support/topic-tag/bps/)

 * 19 replies
 * 4 participants
 * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/)
 * Last activity: [13 years, 3 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-google-analytics-plugin-by-joost-conflicts/page/2/#post-2952814)
 * Status: resolved