susansiow

Thanks for the confirmation!

Thank you, stay safe and happy Sunday!

Hi Nicolas,

Thank you for your kind support, can’t wait for the next update! ??

For now, do you mean I should replace the following code in /classes/plugin.php (line 145)

return $this->user_trailingslashit( home_url( '/', $scheme ) . $this->new_login_slug() );

with

public function new_login_url( $scheme = null ) {

$url = apply_filters( ‘wps_hide_login_home_url’, home_url( ‘/’, $scheme ) );

if ( get_option( ‘permalink_structure’ ) ) {

return $this->user_trailingslashit( $url . $this->new_login_slug() );

} else {

return $url . ‘?’ . $this->new_login_slug();

}

}

Kindly advise, thank you!

Regards,
Susan

Hi Nicolas,

Do you have a piece of PHP code that I can insert it into the child theme’s functions.php, so that I don’t have to amend your plugin’s file every time when an update takes place?

Thanks.

Regards,
Susan

Hi Nicolas,

The latest update – 1.5.4.2 doesn’t include the change.
Please help, thank you!

Regards,
Susan

Hi BPS,

After my web host temporarily disabled the ModSecurity feature, I could add in and save the custom code.

Thanks for your kind info!

Regards,
Susan

• This reply was modified 5 years, 8 months ago by susansiow.

Understood ??

Thank you for the great invention and kind response!

Hi BPS,

Very sorry, I can understand this:

That section of BPS htaccess code protects against the old Tim Thumb hack and more importantly RFI hacking attempts > https://www.owasp.org/index.php/Testing_for_Remote_File_Inclusion

But not this:

The code works like this > If the referring domain is your own domain then skip [S-1] the BPS Query String section of code, which contains RFI security rules that will block RFI hacking attempts against your website. Since Requests using your own website domain are Local and not Remote Requests then the Skip Rule allows simulated RFI hacking attempts: https://your-website-domain.com/?file=https://your-website-domain.com/some-safe-file-on-your-website-domain.php. RFI stands for Remote File Inclusion.

Do you mean that With the following block of codes, mydomain.com is 1) protected from external RFI hacking attempts and 2) whitelisted from internal RFI hacking attempts (RFI hacking attempts sent out from mydomain.com)?

# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*mydomain.com.*
RewriteRule . - [S=1]

Please advise, thank you!

May I know what’s the purpose of whitelisting our own domain, as since it is our own domain, why it needs to be manually whitelisted?

Secondly, is the following the correct input to whitelist my own domain?

# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*mydomain.com.*
RewriteRule . - [S=1]

Thanks for the info, good day!

Hi BPS,

By removing the bps-mu-tools.php plugin, it works, thank you!

One more question: If the clients reactivate and update the plugin, the new bps-mu-tools.php will be automatically added to the empty wp-content/mu-plugins folder?

Kindly advise, thanks.

Hi Arun,

I have the same issue, how’s the fixing progress?

Kindly advise, thanks!

Regards,
Susan

I see, thanks for the kind response!

Thank you @Soft79 for the kind explanation!

Client’s matter. Thanks.