WordPress.org

Support

Support » Plugins and Hacks » BulletProof Security » [Plugin: BulletProof Security] Upload and Download Backups

[Plugin: BulletProof Security] Upload and Download Backups

  • I’ve installed the latest BPS plugin – version .45.9. Everything is looking good and I’m loving it. However, there’re 3 errors listed in ‘General BulletProof Security File Checks’ box:

    Your File Upload settings are NOT backed up yet
    Your File Download settings are NOT backed up yet
    Your File Upload settings are NOT backed up yet

    How do I solve the problem?

    Thank you!

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 15 replies - 1 through 15 (of 25 total)
  • Plugin Author AITpro

    @aitpro

    Hi,

    BPS .46 was released today so these checks are no longer being done. There was a security vulnerability with the uploader code that was borrowed so we removed it and wrote new uploading and downloading code for BPS. File Uploading is now AutoMagic – no setup required and File Downloading is one click – no setup required. Neither of these now need to be backed up because they are auto configured. Thanks.

    – Ed

    Thank you for the great plugin.

    I’ve upgraded to BPS .46, the upload & download error messages are solved but there’s a new error message saying:

    (red font) Deny All protection NOT activated for BPS Master /htaccess folder
    (green font) √ Deny All protection activated for /wp-content/bps-backup folder

    How do I solve the ‘red font’ error message? Thanks!

    Plugin Author AITpro

    @aitpro

    Very Welcome!

    Yep that is actually a status check message to remind you to Activate Deny All htaccess protection for the BPS Master /htaccess folder.
    To do that you would go to the Security Modes page and Activate BulletProof Mode for the BPS Master /htaccess folder. This function is really there to detect any problems early on with folder permisssions for the BPS Master /htaccess folder. It will most likely be completely automated down the road, but for now this extra click serves a purpose.
    Thanks,
    Ed

    Thanks, followed the steps and the error message is gone.

    However, many things are working awkward in my WP dashboard today:
    1. can’t delete plugins
    2. can’t drag widgets in widgets area
    3. can’t change settings in plugins

    As they will lead to a page ‘Page Not Found’.

    I guess this is due to the overwrites in .htaccess.

    Please help, thanks!

    Plugin Author AITpro

    @aitpro

    Ok update your custom permalink structure
    Go to Settings >>> Permalinks
    check to make sure PHP5 is running on your WordPress site
    Go to the BPS System Info page >>> check PHP version it should start with a 5 not a 4.
    If you see that the PHP version is 4 then let my know what web host you are using so i can give you the correct directive for your host to force PHP5 to run. Or if you want me to fix the problem for you then create a temporary admin account for me and send that info to edward[at]ait-pro[com] Thanks.
    Ed

    I had just transferred my site to Bluehost as an addon domain. Hence, it will be in a sub directory (maindomain – public_html – addondomain). Can I still use BPS for a sub directory?

    For Settings >>> Permalinks. I didn’t see any thing which say whether it’s a PHP5.

    Thank you for your reply.

    Plugin Author AITpro

    @aitpro

    addon domains do not require any additional “special” modifications. An addon domain should be seen by htaccess and BPS as if it is the main domain for the hosting account.

    I have added a new function that will check to make sure that permalinks have been enabled. Permalinks must be enabled in order for BPS to function correctly. This check will be included in BPS .46.1. send me an email to email address I have listed above and i will send you the new files. Your BPS installation will still show .46 so that when .46.1 is officially released you will be notified to upgrade.

    Also send me your website URL in order for me to see your website. Thanks.
    Ed

    Plugin Author AITpro

    @aitpro

    Actually I decided just to update .46 with these additions so even simpler for anyone is just to uninstall and reinstall BulletProof to get these new features. This will not affect your current .htaccess files. It will only update the BPS plugin files themselves. If you want to keep your current master files – secure.htaccess, default.htaccess, etc then back them up and after you reinstall BPS restore them. Thanks.
    Ed

    Hi Ed,

    I have reinstalled BPS security plugin after moving to another web host. In addition, I have checked BPS security info, permalinks are enabled and it’s running PHP5.

    However there’re some problems in WP dashboard:

    1. I can’t change any settings in WP dashboards – change Buddypress settings, password, drag widgets in widget area, etc. All the attempts will lead to an error page:

    example url and message –
    http://{domain.com}/wp-admin/admin.php?page=bp-general-settings

    403 Permission Denied
    You do not have permission for this request /wp-admin/admin.php?page=bp-general-settings

    2. I will be directed to the setting page that I have locked off from WP dashboard when I log in. For example, if I log off from WP dashboard widget settings area, then I will be directed to the widget setting page when I log in. This is something unusual as no matter which setting page I log off from WP dashboard, I should be directed to the main WP dashboard page.

    Are these problems due to the no-present of .htaccess in wp-admin folder? The following are the red messages in BPS status:

    NO .htaccess file was found in your /wp-admin folder
    Your Current wp-admin .htaccess File is NOT backed up yet

    Plugin Author AITpro

    @aitpro

    Hi,
    Insteaad of trying to guess what is going on with your particular setup why don’t you send me your website URL so i can look at your site and see exactly what your particular problem is. Thanks.

    Already emailed the link to you. Anyway, here’s the url.

    BPS .46 – minor conflict with Atahualpa theme (3.6.4, maybe others)

    Atahualpa offers an option to export/import a file that contains all theme settings. the export button directs to:

    http://[your_website]/?bfa_ata_file=settings-download

    with the secure BSP root htaccess in place, this link doesn’t work. in my case

    Plugin Author AITpro

    @aitpro

    @sweetmelody – Yep I found your email with your URL – it was spammed. Please send the requested info in my email reply. Thanks.

    @wp.Man – Ok thanks for the heads up. I will install and test this Theme. Will post the fix here and on the AITpro Plugin / Theme testing page. Thanks.

    Ed

    Plugin Author AITpro

    @aitpro

    @wp.Man – Yikes the download pop up redirect is leaving the /wp-admin area. I need to look at this some more. This does not appear to be a quick fix and i am concerned that by adding a rule to allow this i might be taking part in allowing something that might open up a security vulnerability. I will need to look at this in depth. Thanks.

    -Ed

    hi Ed – thanks for your fast response and for looking into this.

    re: the download pop-up leaving the admin area — do you think this is this a concern the Atahualpa dev needs to made aware of (security concern)? or is this only possible with BPS installed?

    thanks

Viewing 15 replies - 1 through 15 (of 25 total)
  • The topic ‘[Plugin: BulletProof Security] Upload and Download Backups’ is closed to new replies.
Skip to toolbar