BrattDev

Thank you! I deleted their plugin and the file, and everything is fine. Sorry for the misinterpretation — WF is usually you guys.

I forgot to mention that no other site that we manage has this file, and all are running Wordfence.

thanks again!

We’ve been having the same problem — same error, about the same time period. We’re using Square 2.1.0 as well. Haven’t bailed back to 2.0.8 yet but that’s next if there’s no fix to the plugin.

I too find the many Metaslider ads in the main WP area to be seriously annoying and we’ve started the process of migrating away. The new plugin we found does what we want and doesn’t nag us to death with gratuitous plugs for things we’ll never buy. I mean, sometimes it seems like there’s a new ad there every few days. And we manage a lot of sites, so add it up. (no pun intended)

Used to love Metaslider but with the ads and clunkier new interface, etc, it’s lost its appeal.

Oops, got that backwards — 1.4.0.2 is what I meant….

We’re using version 4.0.1.2 today (yesterday it was the previous version) but as of a couple minutes ago, we were still seeing errors in the error log. Is it possible the colors.php and responsive.php files didnt get updated when we updated the plugin via WordPress? Should we try to manually update those two files?

thanks for getting back to us!

Attributes aren’t working for me either, on a brand new WordPress installation with 2015 theme running. I’m just testing for a client and wanted to make sure Jigo would do what we needed. When I enter data for a new attribute and hit Add Attribute, there’s a pause as if it’s saving but then nothing shows up in the list. It still says “No attributes currently exist.” Have tried numerous times, several browsers.

Looking forward to a resolution.

Hi again,

Sorry, I got pulled into other work. But I’m back. Here’s the scoop: the tech guy was not wild about helping me with this and since the file becomes invisible to me when I change its permissions to 404, I’ll need him to be there to delete the file again as soon as I do it (because the site will become forbidden again). What I’d feel more comfortable doing is asking him your question, specifically: if this particular host requires 644 file permissions for .htaccess files and if 404 file permissions are NOT allowed for this particular web host. Would that work?

I’ll go ahead and ask him and let you know what he says. The filter would be great since I’m sure it’s the non-standard file permission what’s causing this server to choke (who knew?).

Thanks again for following up.

I was able to contact web host technical support and they were able to help me by deleting the .htaccess file at web root that I couldn’t see. The .htaccess file in wp-admin had already been deleted by me, because I could see that file.

At that point, I was able to access the site home page but nothing else. But once I restored the default .htaccess for permalinks, I had the site back again.

The web host tech guy said that the permissions for the root .htaccess file were ‘bad’ in his opinion, and you had suggested in your documentation that for folks having the 403 problem, that would probably be the case.

I would say that despite this problem today, I feel much safer using BPS on all my sites. Not sure what I’m going to do about this one, but for now, I disabled BPS until I can figure out a solution. Thank you for your help. This site is using the free version of the plugin and I know you’re not making anything on it.

Thanks — this is what I needed to understand and it’s kind of what I thought. So there’s something fishy at the web host. I’ll see if I can get someone to contact their tech support and kill off those invisible .htaccess files. I appreciate your help in sorting this out and I’ll let you know how it goes.

Hi again,

Thanks for the detailed response. I’ve been through all the documentation you pasted above on your web site and I don’t think it applies to us in this case.

1. I checked that my ftp software is displaying hidden files and the option for ‘omitting files that begin with a period’ was NOT checked, so it thinks it’s showing me those files.

2. The server would not let me upload the .htaccess file via ftp when I tried to restore a backup. I got the following ftp error:

.htaccess – error occurred – An FTP error occurred – cannot put .htaccess. Access denied. The file may not exist, or there could be a permission problem. Make sure you have proper authorization on the server and the server is properly configured.

3. I have no doubt there’s a misconfiguration on this server, but I don’t think the CPanel Hotlink issue is the issue in this particular case because if it were, I would have had this problem before for this client and I haven’t. To be honest, I don’t even think they’re using cPanel at sover.net but I’ll see if I can get them to tell me.

4. Most of the instructions above refer to doing things with .htaccess files (which aren’t present) and using the WP dashbaord which I’m forbidden from accessing. This presents a bit of a conundrum.

Are you absolutely sure there’s no way to temporarily deactivate your plugin to restore the web site? Because if not, this is starting to resemble a real problem.

Maybe it is what you say but if so, how do I fix it if I can’t see the files and don’t have cpanel and can’t access the dashboard? Thanks again for helping us out here.

Thanks for getting back to me — I ftp’d to the site and I’m telling you, there was no root .htaccess file nor was there one in wp-admin directory. I tried uploading the backup .htaccess files (after renaming them) from the BPS backup directory in wp-content. I was allowed to upload the .htaccess to wp-admin but I got a permissions error at the web root for that site and it would not let me upload that file.

Not sure why the cPanel HotLink problem would suddenly surface now since we’ve been using BPS on this site for over a year.

This client opted to stay with their old web host sover.net which is different than the other WordPress clients we handle. The other BPS updates on our own web host went fine — it’s just this one, but boy is it broken.

I’m thinking I may have to uninstall the plugin at least temporarily while we figure out the problem with their server. But I don’t know how to do that with this plugin. Thanks again for any advice you can offer.

Hi there,

I did the routine update for the Bulletproof Security plugin this morning and was immediately locked out of the site, both front and back end. It’s a 403 Forbidden – You don’t have permission to access / on this server.

Obviously, I need to fix this asap. I looked for the .htaccess files and they were not there or at least I can’t see them. We’ve had BPS on this site since it was launched and never had this problem before.

Can you help? Is there a way to disable to plugin to regain access to the site? If there’s no .htaccess file, how can we be locked out?

thanks in advance!

Ok, I did this incrementally — changed the SQL Injection filter back (is that’s what that’s called ?? and then deleted the %3C and %3E codes from the rewrite condition you referred to above. Didn’t work. So I went back and deleted those codes from the rewrite conditions for HTTP_USER_AGENT and HTTP_REFERRER and then it worked. So that’s a relief. Thanks for helping me with that.

I’ve written to support at DS, the IDX plugin developers, and hopefully they’ll make changes in a future release so we can use the plugin without sacrificing security.

thanks again, we’re all set here.

Thanks for the quick reply. I tried what you suggested, removing the two ascii codes as you indicated. For the record, now the rewrite condition looks like this:

RewriteCond %{QUERY_STRING} (;|<|>|’|”|\)|%0A|%0D|%22|%27|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

Here’s what’s happening with the .htaccess change. I get page-2 of results now, but without the style sheet or page graphics — it isn’t recognizing the CSS file or any of the images on the page. I checked the source and the links are absolute and correct so there should be no trouble loading the items but it’s not. Then when I go to page-3 by hitting the Next button again, I get the same result as before — a 500 error and a page not found message.

Here’s the url the plugin is trying to load to get to page-3:
https://domain.com/idx/city/dover/page-3?idx-d-SortOrders%3C0%3E-Column=DateAdded&idx-d-SortOrders%3C0%3E-Direction=DESC

To me, it seems like the .htaccess change I just did should take care of this string as well as the page-2 string but maybe I’m missing something.

That said, the site is broken in terms of listing navigation, so if I can’t get Diverse Solutions to make the change (unlikely that they’ll be able to do it quickly, if they can at all), then I might have to disable Bulletproof which I am reluctant to do. So hopefully we can get BPS to make this exception for the short term and load the site’s listings pages.

Thanks again for your help with this.