MikeHarrison

Had to cancel my appointment.

To clarify, you’d like me to add both of the skip/bypass rules you mentioned in separate posts (above). Is that correct?

Thanks!

Unfortunately, I have an appointment to get to now, so I will have to handle this later.

However, those log entries actually reflect my own computer and ip address.

Thanks again for your help. I appreciate it very much! I will check back here when I return before doing anything to the site or BPS configuration.

I followed the update instructions; meaning, immediately after updating, a message appeared that my site was not protected, and that I needed to create new htaccess files and activate the security mode for the root folder and wp-admin folder.

I did that and saw that all my file permissions were set correctly.

I don’t know how to lock an htaccess file and neither would I know how to turn on AutoLock.

I did nothing else. but I just now realized that I may have forgotten to also create a secure htaccess file.

Here are new log entries containing references to the images thaat are not displaying:

>>>>>>>>>>> 403 GET or Other Request Error Logged – January 28, 2014 – 7:49 am <<<<<<<<<<<
REMOTE_ADDR: 24.38.214.40
Host Name: ool-1826d628.dyn.optonline.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://mike-harrison.com/
REQUEST_URI: /wp-content/themes/perfectpixel/timthumb.php?src=https://mike-harrison.com/wp-content/uploads/2013/03/CredibleFluentBanner.jpg&w=650&h=300
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.29.13 (KHTML, like Gecko) Version/6.0.4 Safari/536.29.13

>>>>>>>>>>> 403 GET or Other Request Error Logged – January 28, 2014 – 7:49 am <<<<<<<<<<<
REMOTE_ADDR: 24.38.214.40
Host Name: ool-1826d628.dyn.optonline.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://mike-harrison.com/mikes-blog/
REQUEST_URI: /wp-content/themes/perfectpixel/timthumb.php?src=https://mike-harrison.com/wp-content/uploads/2012/07/WABC-Transmitter.jpg&w=680
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.29.13 (KHTML, like Gecko) Version/6.0.4 Safari/536.29.13

>>>>>>>>>>> 403 GET or Other Request Error Logged – January 28, 2014 – 7:49 am <<<<<<<<<<<
REMOTE_ADDR: 24.38.214.40
Host Name: ool-1826d628.dyn.optonline.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://mike-harrison.com/mikes-blog/
REQUEST_URI: /wp-content/themes/perfectpixel/timthumb.php?src=https://mike-harrison.com/wp-content/uploads/2012/04/Thank-You.jpg&w=680
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.29.13 (KHTML, like Gecko) Version/6.0.4 Safari/536.29.13

Thank you for your assistance.

OK, thanks. I’ll leave things as they are now because everything seems to be working correctly, and your great BPS plugin (and your assistance here) gives me peace of mind knowing that the site is secure.

Many thanks!

OK. Great. Thanks!

After starting this thread, I noticed that the permissions on my root .htaccess file had changed to 0644, so I changed it back to 404, and then backed up my database. When I logged into my ftp account, I noticed the modification date of the .htaccess file was earlier today, at a time when I would’ve been asleep. The permissions change was not reflected in the modification date, so I’m wondering what would have made a modification to the root .htaccess file two hours before I accessed it?

Is there something I’m not taking into account?

Genius! The images now load.

Thank you immensely.

The two original warnings I posted still appear on the bottom of every page, but they must not have had anything to do with the images. I took your advice and forwarded those warnings to my hosting company, asking that they look into the php.ini file, as you suggested….

Actually, after typing the previous paragraph, I returned to my site and noticed that the two warnings now no longer appear. So maybe the hosting company found and fixed the problem, or… I don’t know, but they’re gone.

Thanks so much for your help, terrific knowledge and speedy replies!

Ah… good thought about the plugin paths. I’ll do that now. In the meantime, here are three entries from the error log, one each for the three images that aren’t loading.

>>>>>>>>>>> 403 GET or Other Request Error Logged - August 5, 2013 - 10:03 am <<<<<<<<<<<
REMOTE_ADDR: 24.38.214.40
Host Name: ool-1826d628.dyn.optonline.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://mike-harrison.com/
REQUEST_URI: /wp-content/themes/perfectpixel/timthumb.php?src=https://mike-harrison.com/wp-content/uploads/2013/03/CredibleFluentBanner.jpg&w=650&h=300
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.29.13 (KHTML, like Gecko) Version/6.0.4 Safari/536.29.13

>>>>>>>>>>> 403 GET or Other Request Error Logged - August 5, 2013 - 10:04 am <<<<<<<<<<<
REMOTE_ADDR: 24.38.214.40
Host Name: ool-1826d628.dyn.optonline.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://mike-harrison.com/mikes-blog/
REQUEST_URI: /wp-content/themes/perfectpixel/timthumb.php?src=https://mike-harrison.com/wp-content/uploads/2012/07/WABC-Transmitter.jpg&w=680
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.29.13 (KHTML, like Gecko) Version/6.0.4 Safari/536.29.13

>>>>>>>>>>> 403 GET or Other Request Error Logged - August 5, 2013 - 10:04 am <<<<<<<<<<<
REMOTE_ADDR: 24.38.214.40
Host Name: ool-1826d628.dyn.optonline.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://mike-harrison.com/mikes-blog/
REQUEST_URI: /wp-content/themes/perfectpixel/timthumb.php?src=https://mike-harrison.com/wp-content/uploads/2012/04/Thank-You.jpg&w=680
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.29.13 (KHTML, like Gecko) Version/6.0.4 Safari/536.29.13

Since creating this thread, I’ve since installed BOTH Better WP Security AND Bulletproof Security. Bulletproof Security solved my problem forever by giving me code to customize my root .htaccess file, preventing login by anyone except me.

Thanks, Pali. No, unfortunately the slider is not a plugin; it’s part of the site theme. Also, the two other images that aren’t loading are not slider images.

Prior to the hosting company moving the site to a new server, everything was fine; there were no issues.

Very puzzling.

Ah… I just realized: one additional thing is different: after the migration to the new server, I installed the latest WordPress update. I cannot say whether these two warnings appeared prior to the update or after doing so.

Thank you for the confirmation!

Outstanding! Thank you so much for the code and the explanation.

You rock!

Thank you, Zubaka, for your speedy response.

You have cleared this up already by mentioning Flash player. As I just learned, the iPad does not support Flash.

So I will mark this topic as ‘Resolved.’

Thanks!

I never was able to figure out what caused some of the images to stop showing, but I was able to correct the situation only by restoring the database and the root.htaccess file from backups.

I now have another problem, regarding the login screen, but I believe it’s due to something with Better WP Security.

So, if you want to close out this thread, that’s fine.

Again, I appreciate your taking the time to help!

I really appreciate your taking the time to walk me through this.

When I first enabled it, I chose to have Better WP Security hide only the login slug. The login page still appears, but its URL is different. And I just now also had it hide the Admin slug, too. However I removed the option of having Better WP Security write to .htaccess, wp-config.php and other files.

Because I’m new to this, I’m trying to be very careful so that I don’t create a conflict between these plugins. But I’ll see if I can find the code that Better WP Security uses to hide the login page.

Thanks!

Yes, something changed the permissions on root.htaccess and wp-config.php back to their original states, and there were two login attempts made within the last hour or two. When I checked the site, it was again offline, generating a 500 internal server error.

So I again copied the root.htaccess from BPS_backup and that brought the site back, after which I took your advice and removed all .htaccess options from Better WP Security, and changed the permissions for root.htaccess and wp-config.php back to your recommended states.

About your suggestion to “add Better WP Security .htaccess code to BPS Custom Code:” why would I have a need to create new Master .htaccess files with the BPS AutoMagic buttons? What would require me to do that?

Thanks.