Support » Plugin: Events Manager » Test Email Settings not working with BulletProof Security

  • Resolved Daedalon

    (@daedalon)


    The following button has never worked for me: WP-admin’s Events > Settings > Emails > Email Settings > Test Email Settings. After clicking it shows “Checking…” for about a second before reverting back to original text at the same time as “Server Error” appears right below the button in red text. The email does not come through and no other message is displayed.

    Curiously, all the other emails except the test email do come through, which is why I remember reporting this only once some years ago but haven’t followed up before this. The issue occurs only with this AJAX-based test.

    This time around I also found the reason to be a conflict between Events Manager and BulletProof Security: after deactivating both root and wp-admin folder protection in BPS, the test email went through.

    Would be great to:

    1) Have these plugins work together out-of-the-box, or at least
    2) Have a manual workaround for solving the conflict and
    3) Have either of the plugins automatically detect the conflict and suggest the workaround

    • This topic was modified 4 years, 1 month ago by Daedalon.
Viewing 5 replies - 1 through 5 (of 5 total)
  • 1. Yes, probably requires htaccess whitelisting code added to BPS Custom Code.
    2. I will post a solution (htaccess whitelisting code) once you check your BPS Security Log and post a security log entry that shows what is being blocked in Events Manager.
    3. Increased BPS automation (autofix, autowhitelisting) is coming in the future – No ETA.

    BPS plugin troubleshooting steps: http://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

    Hi Ed, thanks for the quick reply. Here’s the security log entry:

    [403 GET Request: [DATE]]
    Event Code: WPADMIN-SBR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 127.0.0.1
    Host Name: localhost
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: [IP]
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: [DOMAIN]/wp-admin/edit.php?post_type=event&page=events-manager-options
    REQUEST_URI: /wp-admin/admin-ajax.php?lang=en&_check_email_nonce=[NONCE]&dbem_mail_sender_name=[SENDER_NAME]&dbem_mail_sender_address=[USER]%40[DOMAIN]&dbem_rsvp_mail_send_method=wp_mail&dbem_smtp_html=0&dbem_smtp_html_br=1&dbem_rsvp_mail_port=[PORT]&dbem_rsvp_mail_SMTPAuth=1&dbem_smtp_host=localhost&dbem_smtp_username=&dbem_smtp_password=&action=em_admin_test_email
    QUERY_STRING:
    HTTP_USER_AGENT: [AGENT]

    Looks like you need a wp-admin htaccess file skip/bypass rule for these files: edit.php and admin-ajax.php. Do the steps below and let me know it fixes the problem.

    1. Add the wp-admin htaccess code skip/bypass rule below to this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and Activate wp-admin Folder BulletProof Mode.

    Note: The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip/bypass rule [S=1]. If you have other wp-admin skip/bypass rules already then either combine them or add this skip/bypass rule separately above the other rules and change the skip #. Example: If you already have skip #’s 2 and 3 then this rule would be skip rule #4.

    # wp-admin admin-ajax.php & edit.php file skip/bypass rule
    RewriteCond %{REQUEST_URI} (admin-ajax\.php|edit\.php) [NC]
    RewriteRule . - [S=2]
    • This reply was modified 4 years, 1 month ago by AITpro.
    • This reply was modified 4 years, 1 month ago by AITpro.

    Works, thanks!

    Btw, this notification in BPS could contain the Activate button in itself:

    wp-admin Custom Code saved successfully! Go to the Security Modes tab page and click wp-admin Folder BulletProof Mode Activate button to add/create your new Custom Code in your wp-admin htaccess file.

    Great! Thanks for confirming that worked. To add a button to a displayed message would require that the displayed message is a “Form”. I believe this is possible to do, but I also believe that would create a possible security vulnerability. We have looked at doing that, but do not feel it is 100% safe to do that. 😉

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Test Email Settings not working with BulletProof Security’ is closed to new replies.