Title: BPS/WP Super Cache issues
Last modified: August 24, 2016

---

# BPS/WP Super Cache issues

 *  Resolved [FireMyst](https://wordpress.org/support/users/firemyst/)
 * (@firemyst)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/)
 * I recently uninstalled WP Super Cache and upgraded to the latest version of BPS
   Security.
 * **I’m now receiving the following error even though I do not have WP Super Cache
   installed:
    
   
    —- _WP Super Cache is deactivated and WPSC .htaccess code – # 
   BEGIN WPSuperCache # END WPSuperCache – was found in your root .htaccess file.
   If this is just temporary then this warning message will go away when you reactivate
   WPSC. You will need to set up and reconfigure WPSC again when you reactivate 
   WPSC. If you are planning on uninstalling WPSC the WPSC .htaccess code will be
   automatically removed from your root .htaccess file when you uninstall WPSC. 
   If you added commented out line of code in anywhere in your root htaccess file–#
   WPSuperCache – then delete it and refresh your browser. It appears that the BPS
   filters are working correctly with the WPSC htaccess code being written to the
   bottom of the root htaccess file, but I recommend that you manually cut and paste
   the WPSC htaccess code and the section of WordPress htaccess code that starts
   with # BEGIN WordPress and ends with # END WordPress to the top area of your 
   root htaccess file right after Options -Indexes in your root htaccess file. —-
 * When I remove the line #WPSuperCache from my .htaccess file, the error goes away.
 * However, when I use BPS to regenerate the secure .htaccess file the error message
   reappears!
 * Where is BPS getting this from?
 * [https://wordpress.org/plugins/bulletproof-security/](https://wordpress.org/plugins/bulletproof-security/)

Viewing 8 replies - 16 through 23 (of 23 total)

[←](https://wordpress.org/support/topic/bpswp-super-cache-issues/?output_format=md)
[1](https://wordpress.org/support/topic/bpswp-super-cache-issues/?output_format=md)
2

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962127)
 * It is possible to exclude directories from being checked by mod_security, but
   that would be an all or nothing thing. ie frontend and backend. A possible scenario
   would be an additional check based on Referer that would indicate the origin 
   of the Request was internal, but Referer can be easily spoofed and cannot be 
   trusted so that is not really a good solution. A conditional check based on an
   internal IP address would be pretty secure.
 * [http://serverfault.com/questions/57210/disable-modsecurity-for-a-specific-directory](http://serverfault.com/questions/57210/disable-modsecurity-for-a-specific-directory)
 * In any case, since we cannot change anything that mod_security is doing, that
   leaves us with creating some sort of an alternative method of saving Forms. I
   am pretty sure both GET and POST are filtered the same. So it may just be that
   the only solution would be to do everything manually. mod_security right out 
   of the box does not cause this problem. Adding particular SecRules/SecFilters
   does cause this problem. There is no way to create a check for SecRules/SecFilters
   so we are not sure how to proceed from here since logically we cannot think of
   a way around this except for the obvious thing to do – do everything manually
   and do not use any of the BPS Forms to try and save any code.
 *  Thread Starter [FireMyst](https://wordpress.org/support/users/firemyst/)
 * (@firemyst)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962134)
 * Here’s a response from my hosting provider after a few support email exchanges.
   Are you able to answer their questions?
 * ————–
    I’m still not finding any mod_security triggers in the Apache error logs,
   and the .htaccess files for both blog sites are coming up without the #WPSuperCache
   line (which implies that the files are actually being written). As a shot in 
   the dark, I have run a repair on the databases (no errors for these databases
   show up in the mysql logs, but the lack of other evidence leads me to believe
   that the problem may lie there). I’m not familiar with how BulletProof Security
   handles its .htaccess editor. Does the plugin read the .htaccess file every time
   the editor is opened, or does it store the .htaccess file’s contents in the database?
   If so, which table is it stored in? ————–
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962135)
 * Ask your host to disable mod_security temporarily so that you can confirm or 
   eliminate mod_security as the cause of the issue/problem or ask them if you can
   use this code below in an htaccess file to disable mod_security.
 * Source: [http://forum.ait-pro.com/forums/topic/how-to-turn-off-mod-security-mod_security-secfilterengine-off/](http://forum.ait-pro.com/forums/topic/how-to-turn-off-mod-security-mod_security-secfilterengine-off/)
 *     ```
       <IfModule mod_security.c>
       SecFilterEngine Off
       SecFilterScanPOST Off
       </IfModule>
       ```
   
 * The questions are not relevant to the known mod_security issue/problem. The known
   issue (if that is what is occurring) is that when the BPS Forms are submitted,
   they use a POST method. And the POST content when the Forms are submitted is 
   seen as some sort of attack and blocked by mod_security.
 * We have a testing site setup with mod_security and mod_security right out of 
   the box (default) settings works fine without any conflicts/issues. mod_security
   SecRules/SecFilters are very similar to htaccess RewriteCond lines of code where
   you can add additional rules/filters/conditions that restrict/filter things. 
   So if mod_security is the cause of this issue then one or more of the additional
   SecRules or SecFilters would be causing the issue.
 *  Thread Starter [FireMyst](https://wordpress.org/support/users/firemyst/)
 * (@firemyst)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962137)
 * Hi there:
 * My hosting provider has turned off mod_security and the problem still exists.
 * Here’s what I did to test after mo_security was disabled (and still is) :
    1)
   In the htaccess file editor, I removed all “# WPSuperCache” lines and clicked
   the update button. 2) Files are updated as expected. 3) Went to security modes
   tab and clicked on “create secure htaccess” button. 4) went back to htaccess 
   file editor window and the “# WPSuperCache” lines reappeared! 5) So I edited 
   the “secure.htaccess” text field and replaced “# WPSuperCache” with “#Test 123”.
   6) I went to security modes tab and clicked on “activate root folder bullet proof
   mode” 7) went to “htaccess editor” and clicked on “your current root access file”.
   The “#Test 123” line appears where expected. 8) Go back to security modes tab
   and clicked on “create secure htaccess” button. 9) Go back to htaccess file editor,
   clicked on “secure.htaccess” file editor window and BAM! the “# WPSuperCache”
   line returns!
 * FAIL.
 * There appears to be nothing in any of the logs either indicating a problem.
 * So this issue has nothing to do with mod_security.
 * BPS just isn’t saving back to the database. When should BPS be saving changes
   back to the database? It appears when I click on “update” it only updates files.
   That’s it, without making any calls to the database. Is there any sort of internal
   flag or something that needs to be set?
 * Unless you can advise me of another test to perform while mod_security is currently
   disable on the host?
 * Thank you.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962138)
 * The BPS htaccess File Editor does not save anything to the database and instead
   allows you to edit your htaccess files directly. Only BPS Custom Code saves custom
   htaccess code that you have saved in BPS Custom Code to your database. When you
   click the Create secure.htaccess File AutoMagic button, BPS will check your database
   for any custom code you have saved in BPS Custom Code and create/add it in your
   root .htaccess file. BPS Custom Code and the BPS htaccess File Editor are 2 completely
   different things/features and work differently.
 * Ok now do these steps:
 * 1. Go to the BPS Custom Code tab page – NOT the htaccess File Editor tab page.
   
   2. Look for the # WPSuperCache .htaccess code in any Custom Code text boxes and
   delete it. 2. Click the Save Root Custom Code button to save your Root custom
   code. 3. Double check all of the Custom Code text boxes and let me know if the#
   WPSuperCache placeholder text actually really was deleted or not. 4. Go to the
   Security Modes page, click the Create secure.htaccess File AutoMagic button and
   activate Root folder BulletProof Mode. 5. Go to the BPS htaccess File Editor 
   tab page and check your root htaccess file.
 *  Thread Starter [FireMyst](https://wordpress.org/support/users/firemyst/)
 * (@firemyst)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962140)
 * That did it! It seems to have worked, so I’m going to write my hosting provider
   to ask them to enable the mod_security again.
 * Here’s what I think the issue was — I never went to the “Custom Code” tab; as
   detailed in my steps above, I was going to the “htaccess file editor” tab.
 * So once my provider switches mod_Security back, I’ll try it again.
 * If it works, I’ll post back here.
 * Thank you so much for your time and effort!
 *  Thread Starter [FireMyst](https://wordpress.org/support/users/firemyst/)
 * (@firemyst)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962143)
 * This is working now with mod_security enabled. All good. 🙂
 *  Thread Starter [FireMyst](https://wordpress.org/support/users/firemyst/)
 * (@firemyst)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962144)
 * Topic closed.

Viewing 8 replies - 16 through 23 (of 23 total)

[←](https://wordpress.org/support/topic/bpswp-super-cache-issues/?output_format=md)
[1](https://wordpress.org/support/topic/bpswp-super-cache-issues/?output_format=md)
2

The topic ‘BPS/WP Super Cache issues’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

## Tags

 * [BPS](https://wordpress.org/support/topic-tag/bps/)
 * [htaccess](https://wordpress.org/support/topic-tag/htaccess/)
 * [htaccess error](https://wordpress.org/support/topic-tag/htaccess-error/)
 * [wpsupercache](https://wordpress.org/support/topic-tag/wpsupercache/)

 * 23 replies
 * 2 participants
 * Last reply from: [FireMyst](https://wordpress.org/support/users/firemyst/)
 * Last activity: [11 years, 2 months ago](https://wordpress.org/support/topic/bpswp-super-cache-issues/page/2/#post-5962144)
 * Status: resolved