iThemes Security (formerly Better WP Security)
WP Better Security LinkedIn Problem (8 posts)

  1. RyanJBaron
    Posted 3 years ago #

    I noticed a problem, the plugin seems to cause a problem with linked in, after installing the plugin on my site LinkedIn was no longer working, when I added my link to linkedin to share it I it wouldn't find a summary image, or even the link itself. I believe this is the problem:
    When the LinkedIn Bot was attempting to request the page from the server it was getting stuck in a redirect loop while looking for the 403 error page and eventually causing a 500 error.

    I have deactivated the plugin and the links seem to be working once again. Are others having this same issue? Is there a solution?

    I really like this plugin, and would like to continue to use it, the security features are awesome, but I need to be able to post my content on linkedin.



  2. Nick Ker
    Posted 3 years ago #

    Same here. It seems like it is blocking OpenGraph for Facebook, LinkedIn and Google+

  3. wp_kc
    Posted 3 years ago #

    Since I have several web sites with OpenGraph data in use and they work fine with BWPS installed, I don't think that is the problem. I can think of two other possibilities...

    1) You have something preventing hot-linking. You need to allow hotlinking for systems like LinkedIn and Facebook to grab images from your site.

    2) You have the IP addresses of LinkedIn/Google/Facebook/whatever servers in your ban list. Perhaps because you have a lot of 404 errors on your site and they got banned automatically, or for some other reason.

  4. Nick Ker
    Posted 3 years ago #

    Turns out that it was the Default Banned List. When I removed the manually added IPs, the problem persisted. When I disabled the Default List, OpenGraph stuff started working again.

  5. webcreative
    Posted 2 years ago #

    Nick, when you disable the Default list, don't you think that creates a security loophole? #just thinking

    Wonder if there is an alternative.


  6. nathanbrauer
    Posted 2 years ago #

    Hi all,

    Our blog had the same issue.

    This the offending rule is RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR]. It basically blocks any user agent which starts with "link" (which, of course, includes "LinkedIn").

    To resolve the issue on your site:

    1. Read the whole set of instructions before acting.
    2. Temporarily Disable the "Default Banned List" (in the "Ban" tab)
    3. Edit /wp-content/plugins/better-wp-security/inc/admin/hackrepair-apache.inc -> search for ^Link and comment out the line with # (the line should become #RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR]
    4. Do the same in /wp-content/plugins/better-wp-security/inc/admin/hackrepair-nginx.inc
    5. Re-enable the "Default Banned List"
    6. That's all! :)
  7. nathanbrauer
    Posted 2 years ago #

    I've reported this bug there:

    Please show your interest in an official fix by commenting.

  8. wp_kc
    Posted 2 years ago #

    I think that HackRepair list is of very limited value. Any hacker worth their salt would make sure to set the user agent to something normal looking before accessing your web site.

    In fact, I do this myself to my own web sites. I use a real cron job to handle WordPress' scheduled tasklist. After installing BWPS I noticed the cron job wasn't working. It turns out that WGET is one of the user agents in the HackRepair list.

    So I simply used the user-agent option of wget and it started working again... like this....

    wget --user-agent="Mozilla/5.0" http://www.mydomain.com/wp-cron.php?doing_wp_cron

    Pretty sure most hackers would do the same, and the evidence of that is all over my log files.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic