[Resolved] [Plugin: BulletProof Security] Needs quite some more work
For starters, this plugin does not actually edit an existing htaccess, it just makes an incorrect new one. I’ve got a network and whether network activated or just the main site, the WP htaccess code for a network is replaced with the code of a single install. Pretty silly. I didn’t even try if the plugin would try to locate the folder of a subsite when I’d try it there.
Second, turning on wp-admin security immediately results in a white sceen. PHP error?
Yes file editing is done on the upload/download/edit page where BPS has a built-in File Editor for editing the htaccess master files. AutoMagic is on the Security Modes page. I assume you are saying you have a multisite installation? MU will require an extra effort on your part and you should not use the AutoMagic buttons to create your Master htaccess files. BPS is designed with the most common WordPress installation in mind, which is going to be a single site WP installation. Also the general idea is that BPS is designed to work for regular folks, designers, coders and developers so it includes both automatic file creation and manual editing. I didn’t write any MU specific coding, but maybe down the road I’ll add specific coding just for MU or maybe even create an additional version of BPS that is designed specifically with MU in mind, but like i said the current version of BPS will require a little manual effort on your part.
I assume the wp-admin white screen error was actually related to the root htaccess file being created using AutoMagic for an MU site. AutoMagic is just for WP single site installations. I’ll be sure to add a note not to use AutoMagic if you have an MU site on the next update of BPS. Thanks.
Ok, but are you saying that in case of a network (indeed, what used to be called multisite or MU), you can’t use your plugin’s admin screen then?
Something I’ve wondered about is if the plugin should be network activated or rather not. Like I said, it’s not going to find any actual folders of the subsites when a user is going to use the plugin in a subsite.
I will at some point add the additional coding functions that will detect whether or not it is a WordPress network installation / MU installation and all the other aspects of Network / MU sites and automate everything. This is a very simple and easy thing to code, but time consuming like all coding is. 😉 I just have not gotten around to writing that code yet because it had very low priority in the overall BPS growth and priorities list. It was decided very early on that if someone had a network installation / MU site(s) then their level of WordPress expertise would most likely be a bit more advanced then someone brand new to WordPress with very little experience. You have a very valid point in regards to how htaccess should handle multiple sites from a central location without actually stating that. htaccess in general is a very grey area to most people. When you google information regarding htaccess coding you will find a lot of bits and pieces of a much larger puzzle and if you understand the info well enough you can assemble the bits and pieces together to create comprehensive and logical htaccess solutions (and some really cool and fun stuff with htaccess too).
In regards to the admin screen issue i am unclear about what you mean exactly. Network / MU sites have had very little attention and focus because this area has not been prioritized for the reason i stated above. I can put you in touch with an Network / MU expert (Scott) that has contributed to BPS regarding what Network / MU site setup entails. There is also info in the BPS guide that Scott contributed regarding Network / MU sites. And this below is one of his statements regarding Network / MU sites.
“…for a subdomain install. I did just a normal Activate (not Network Activate) which seemed appropriate since there is only one root (and one root .htaccess). I verified (after making the change I mentioned above) that both the main blog and another subdomain blog were protected against your example search hack. I don’t think a subfolder MU setup would be any different, but haven’t verified that….”
Regarding this statement you made…
“Like I said, it’s not going to find any actual folders of the subsites when a user is going to use the plugin in a subsite.”
Depending on how things were set up this may be true. I would have to defer to Scott’s expertise in this area because quite frankly I have spent very little time looking at Network / MU site requirements.
BPS is currently designed with a single site focus and htaccess in general is intended to be used in a literal way for specific domains / directories, but can also be coded / modified / used as and in a central / root location and way so that multiple sites can all be “controlled” from one central domain or root directory.
Also from what Scott is saying it appears that a site specific installation in a WordPress Network / MU environment works fine.
Also just an FYI the standard htaccess coding generated / used for a WordPress Network / MU site is different from the htaccess coding that is generated / used for a WordPress single site. So the AutoMagic buttons are designed to ONLY generate / create single site htaccess code at this point. That is the reason you would not want to use the AutoMagic buttons for a WP Network / MU site. In the case of a subsite in a Network environment you may be able to use the AutoMagic buttons, but I have not checked or tested that. Also one of the best features about BPS, in my personal opinion, is that you can create anything you want – you are not forced to use preset / predetermined htaccess coding. Thanks.
Ok, I get your point. Even though I have a multisite setup, I’m not exactly a coding expert though. In fact, setting up a network is fairly easy. I can meddle around a bit with htaccess, but perhaps it would be an idea to just give the code that needs to be added in order for the plugin to work. Right now, there’s only the automatic htaccess update from the plugin admin screen that immediately wrecks the site (hense my admin screen option). It was unclear to me what the alternative was.
In any case, I’ve let myself be inspired by an old AskApache Password Protect to get the protection I was looking for (new AskApaches don’t work for me either, probably due to old server software or something). So no high priority.
Yep when I have some spare time I will write that Network / Multisite code that will automate the specific personal issue that you encountered and share it. It’s on my list and getting closer to the top of that list. 😉
Nope you have automatic setup for automatic single site installations and setups and you have the built-in File editor for full manual control setups. The automatic create buttons are for single site WordPress installations only or if you were doing bulk installations of BPS – installing BPS on 100’s of single site websites at a time. The BPS built-in File Editor is where you would manually copy and paste your htaccess code between your htaccess files and create your custom htaccess master files the way you want them. Personally the only time i ever use AutoMagic is when i have mulitple site installations and i want to get BPS installed and setup and lock the site down in less than a minute (huge time saver for bulk installations). Then if i need to tweak or add additional htaccess coding customizations I will go back and add those customizations with the built-in File Editor. I personally prefer full manual control, but that is just me. 😉
Cool as long as you have at least some sort of website security in place then you should not have to worry about spending hours or days repairing or restoring your work and website(s). Make sure to always create current backups so if something does go wrong you have a disaster recovery plan in place. Good luck.
- The topic ‘[Resolved] [Plugin: BulletProof Security] Needs quite some more work’ is closed to new replies.