[Plugin: Bulletproof Security] A possible bug on wordpress featured image.

  • Resolved cardan

    (@cardan)


    13 years, 12 months ago

    Hi, first, I would like to thank the developer of this plugin. Although I only have a very short interaction, but reading all the reviews, I believe this is a great plugin (perhaps even a bit too great, see my “possible bug”). I even recommended this plugin on another forum.

    But (there’s a but :P) I would like to report a possible bug.

    I have installed the plugin, activated and configured my settings (easy to use, very clear explanation / guide from the dev’s site, two thumbs up!). But after that, I am having problems using a built in wordpress thumbnail image.

    A little background of my site, it is a site where a user can log in (as author) and then they can make post, uploading images and use the featured image.. feature. And because of the niche of the site (garment / clothing) therefore images are perhaps the most important thing and I am using the featured image all over the site.

    Problems detail: User and even I as an admin *can* upload images but we *can not* using featured image. The message error was “WPSetAsThumbnail” is not defined, resource not found “load-script.php” and “media.php”, and looks like that some javascript files were failed to load as well.

    I am not a savvy PHP and javascript programmer, but to my understanding, *something* must’ve caused these files were failed to load / defined / found. I have deactivated all plugins and re-upload load-script.php and media.php but still got the same error.

    To be fair, I was installing and set 3 plugins at once when this error occurred, two of them are caching related plugins, and the other one, bulletproof security. All were deactivated and I still got the same problem.

    How could I “blame” this to BulletProof security you ask? Because, I finally found a solution. I uploaded a new htaccess file (a wordpress default) and overwrite the custom htaccess created by BulletProof security, and everything works like it suppose to be.

    Well, that’s it. I am really hoping I can use this plugin, because it is easy and working great (although again, I don’t have many experiences with it, but I really believe this is a great plugin) but unfortunately for me, I can’t use this plugin due to the nature of my site.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter cardan

    (@cardan)

    I believe I have managed to isolate the problem, using a dumb but logically-should-be-effective method, that is commenting every single command until I found which one causes the problem :P.

    That means I have a security hole in my site (probably shouldn’t write this in an open forum :P) but as a temporary solution, I take my chance. It’s just one command and compare to the other features this plugin given me.. it’s a very good trade-off for me, and I will keep trying to patch this hole.

    If the plugin author would like to know about this issue, or any other user is having the same problem, that is a user with Author level can’t make a featured image on his / her post after installing this plugin, just let me know by replying to this thread (I have subscribed), and I will send the code. Yes, I am aware that this isn’t a bulletproof (;)) method to filter a potential hacker.

    Or, you could try it yourself, simply by downloading the htaccess file and commenting each command until your problem solved.

    Hi,
    I didn’t see this post until just right now. Sorry about that. I am definitely interested in the solution you came up with and you brought up something that needs more thought – Author roles with BPS for certain tasks. I was not aware that BPS was blocking any Author level functions so I would definitely like to take a look at the problem. Please email me at edward[at]ait-pro[dot]com. Thank you.
    Regards,
    Ed

    Thread Starter cardan

    (@cardan)

    I have to take back my posts. Looks like it was a false alarm. Interestingly, I still have the problem everyonce in awhile, but if I refreshed to page, and try it (set the featured image) again, then everything works like it suppose to be. Maybe it was because the page didn’t loaded completely, but TBH, I’m not completely sure.

    Thank you Ed for your concern (in the past two days he has been testing and exploring what could went wrong, definitely a pro!) and for the plugin.

    My pleasure. And I had never really explored Author Roles regarding uploading media so it was time well spent. In general principle since BPS is doing its thing at the htaccess server root level it should not have any affect on Roles in WP since that function is already in the loop, but it is always good to verify with actual testing. Glad you have the issue mostly figured out. Sounds like you may have connectivity problems with your actual ISP connection, but there are too many things that could be causing that to even begin to offer you any kind of solution. ?? Thanks.
    Regards,
    Ed

    Hi Ed,

    I have a similar problem.
    The htaccess file BPS generates prevents me from setting a featured image.
    I can upload the image but when i click the ‘set as featured image’ nothing happens.

    I’ll be glad to hear your thoughts about this.

    tnx,
    David.

    Sounds like you have not activated BulletProof Mode for your wp-admin folder. The root and wp-admin BulletProof Modes must be used / activated together. Activating just one or the other will cause problems. Thanks.

    WARNING!!! By default the root .htaccess file in BPS has an .htaccess skip rule to allow a Theme or Plugin thumbnailer script to function normally and not be protected by BPS. Thumbnailer scripts are automatically seen by BPS as a threat, exploit or vulnerability because of the general nature of these scripts. If your Theme or Plugin is using a thumbnailer script such as, TimThumb, phpThumb, Thumb or any variations of these scripts you should check to make sure they are recently patched versions of these scripts.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Plugin: Bulletproof Security] A possible bug on wordpress featured image.’ is closed to new replies.