500 error since BulletProof Security .53.1

Go to the htaccess Core page > Custom Code tab page > click the Export button to save all of your Custom Code > click the Delete button to delete all Custom Code > Click the Save Root Custom Code button > Go to the Security Modes page and click the Create secure.htaccess File AutoMagic button > Select the Activate Root Folder BulletProof Mode Radio button and click the Activate|Deactivate button.

Let me know if you see a 500 error or if the problem is no longer occurring.

I see a very old thread post where you may have a problem with your server not allowing the “Options” htaccess directive. So if your server does not allow that then be sure to add and resave that Custom Code to BPS Custom code before doing the rest of the steps above after “click the Delete button to delete all Custom Code” and before “Click the Save Root Custom Code button”.

Thanks for your support – I have followed these steps and still shows Error 500.

However, if I go back to .53 it works okay. Would there be something between this and 53.1 that could affect the site? Thanks

The only root htaccess code changes are these below, which most likely would not cause a 500 error, but I guess it is possible. You can download your root htaccess file, manually edit it, try commenting these new lines of code out with # signs and upload the root htaccess file back to your website.

The ErrorDocument 405 /wp-content/plugins/bulletproof-security/405.php line of code is new in .53.1. (commented out with a # sign below)

ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
ErrorDocument 401 default
ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
ErrorDocument 404 /404.php
#ErrorDocument 405 /wp-content/plugins/bulletproof-security/405.php
ErrorDocument 410 /wp-content/plugins/bulletproof-security/410.php

The RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] and RewriteRule ^(.*)$ – [R=405,L] lines of code are new. (commented out with a # sign below)

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ - [R=405,L]

Also make sure you have these lines of code commented out with # signs since in an old thread post from 4 years ago you had problems with this code on your particular server.

#Options -Indexes

#DirectoryIndex index.php index.html /index.php

I have started removing each item one by one and it appears this code may have caused the Error 500:

#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ - [R=405,L]

Everything else is left as is.

Strange…

Hmm ok then either there is a whitespace or hidden formatting problem with that code or that code matches a pattern that is not allowed on your server or R=405 itself is not allowed. R=405 is not something that is used very often, but it is valid and allowed normally. More likely would be that your server does not allow anything else to do something with 405 Method Not Allowed error handling.

Try these things:
First copy the htaccess code below to a plain text Notepad file, which will strip out any hidden formatting characters if there are any. Then copy the code back into your root htaccess file and upload it to your site. If you see a 500 error then it is not a hidden character formatting problem.

RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ - [R=405,L]

Next change the code to this and upload the root htaccess file to your site:

RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ - [R,L]

Okay, I can confirm that this causes the Error 500:

RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ - [R=405,L]

And, adding this does not cause an error:

RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ - [R,L]

I have now added this to the custom code section to ensure it updates like the above going forward.

Thank you!

Well actually you would just use this/add this code below (the 2 lines of problem code are commented out with # signs) to BPS Custom Code and do the rest of the Custom Code steps. Could you do me a favor and ask your Host if they do not allow R=405 or allow anything else to handle 405 error logging. I would like to find out exactly what the issue is. Maybe send them a link to this forum thread so they can see all of this information to make it easier for them to see the entire issue.

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ - [R=405,L]

I’ll keep you posted – I have contacted the hosting company and will get back to you as soon as I get their response.

Cool! Very much appreciated. Hopefully this is just an isolated specific thing. So far you are on the only person that has reported this so I am hoping it is not going to turn out to be massive/major problem that affects lots of people. ??

Good news is it appears to affect 1 out of the 4 hosting companies I’m currently using. Aside from this one having issues, the others don’t seem to have any issues with .53.1.

Hope I’ll get a response. Will keep you posted.

Hey guys… I’m having a similar issue. Since updating this morning, the subscribe button on our membership website leads to a 500 error. I tried implementing the custom code posted above, but unless I did something wrong, it’s still giving me the error. Honestly, I’m not much of a webmaster, so forgive me if I’m not the sharpest knife in the drawer. But I know how frustrating a neophyte can be, I’ll do my best to keep up.

We’re linking to a WPestore subscription product that filters through a CCbill payment gateway. And we use hostgator if that’s at all helpful.

I tried inspecting the elements from the subscribe button and there are a number of red lines in the console window with the error message “Failed to load resource: the server responded with a status of 500 (Internal Server Error).” Any help you can provide would be fantastic. And as a side question, how did chumtarou roll back to .53? Was it with a saved backup, or does BPS have a rollback feature?

I believe this is probably a completely different problem. To confirm or eliminate that BPS is causing the problem do the BPS troubleshooting steps: https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

Note: After doing each troubleshooting step, test whatever is not working to see if it is now working. It could also be possible that 2 things are causing a problem. Example scenario: Doing step 2 and step 3 allow whatever was not working to start working. That would mean both the root .htaccess file and the wp-admin .htaccess file are blocking something legitimate.

1. Optional (not necessary): Make a backup of your .htaccess on the htaccess Core >>> Backup & Restore tab page.
2. On the Security Modes page, select the Deactivate Root Folder BulletProof Mode (Default Mode) Radio button and click the Activate|Deactivate button.
See Custom Code Note
3. On the Security Modes page, select the Deactivate wp-admin Folder BulletProof Mode Radio button and click the Activate|Deactivate button.
See Custom Code Note
4. If an issue/problem is related to Login Security turn Off Login Security on the Login Security & Monitoring page.
5. If an issue/problem is related to ISL or ACE see this forum topic: https://forum.ait-pro.com/forums/topic/idle-session-logout-isl-and-authentication-cookie-expiration-ace/

Same problem here. Was fixed by the server administrator when .htaccess was modified:

“/www/mittdomene.no/www/.htaccess: RewriteRule: invalid HTTP response code for flag ‘R’, referer:https://mittdomene.no/”