Bugs in BPS
-
I´ve been testing BPS for a few weeks and I found this bugs.
1. Recently my wife was blocked from her own site because I forgot to whitelist her IP (I only whitelisted my IP in the htaccess).
As a result, she started to see her website broken on the front end.
I tried to see if her IP was shown as blacklisted in the “login security & monitoring (LSM)”, but nothing appeared there.
A week after she was blocked, she still saw the front end of her website broken. I told her to clean the cache but this didn´t solve the problem.
The only way I could solve the problem was by deactivate BPS completely. This was the only way she could see the front end of her website fine again (The front end showed broken only on her IP)
Do you know why this happened?
Was she somehow blacklisted in some place I couldn´t see?
The fact is:
I could only solved her problem by deactivating BPS. But this shouldn´t work this way. Should it?
Any thoughts?
2. Other bug that I noticed was when using the DB backup feature.
Everytime I run a “backup job”, it gets stuck in “proccessing”.
The weird part is that the backup is actually performed, but the screen gets frozen in “processing”. You can´t move up or down in the screen because it is frozen. You can´t click anywhere because it is frozen.
The only way to get out is to use the browser back button in order to unfreeze the screen.
Odd behavior, definitely a bug.
What do you think?
Thanks for the support
-
1. Yes, that is unusual and not normal. Are you using any additional IP blocking Bonus Custom Code? If so, please post that additional Bonus Custom Code or whatever other custom ip blocking code you are using and any other relevant information. By default BPS does not include any IP blocking code.
2. Yes, that is unusual and not normal. Maybe that would have something to do with the size of your database? What is the total size of your Database?
2. Another possibility could have something to do with your Browser or maybe a Browser add-on or extension. There was one known CSS/Div issue with Firefox that was fixed so maybe this is a similar type of issue. Which Browser are you using and do you have any add-ons or extensions installed?
Is the issue/problem still occurring or is it resolved? Please post any/all additional relevant information: plugin name used to do X, Security Log entries showing what is blocked, troubleshooting steps performed, any other relevant informaton, etc.
Thread Start Date: 10-23-2015 to 10-24-2015
Current Date: 10-26-2015Hi,
I´ve only added some custom code and the bonus code that you provide by default.
Here are the contents of my htaccess:
# BULLETPROOF .52.8 >>>>>>> SECURE .HTACCESS # CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE # Protect the .htaccess <Files .htaccess> order allow,deny deny from all </Files> # Protect the .htaccess <files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </files> # Protect the wp-config <files wp-config.php> order allow,deny deny from all </files> # Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # Protect the wp-load <files wp-load.php> order allow,deny deny from all </files> <IfModule mod_headers.c> # Protects against Drive-by Download attacks # Protects against MIME/Content/Data sniffing Header set X-Content-Type-Options nosniff </IfModule> <IfModule mod_headers.c> # Using DENY will block all iFrames including iFrames on your own website # Header set X-Frame-Options DENY # Recommended: SAMEORIGIN - iFrames from the same site are allowed - other sites are blocked # Block other sites from displaying your website in iFrames # Protects against Clickjacking Header always append X-Frame-Options SAMEORIGIN # Protects against Drive-by Download attacks # Protects against MIME/Content/Data sniffing Header set X-Content-Type-Options nosniff </IfModule> # Block other sites from displaying your website in iFrames # Protects against Clickjacking <IfModule mod_headers.c> # Using DENY will block all iFrames including iFrames on your own website # Header set X-Frame-Options DENY # Recommended: iFrames from the same site are allowed - other sites are blocked Header always append X-Frame-Options SAMEORIGIN </IfModule> # BEGIN WEBSITE SPEED BOOST # Time cheat sheet in seconds # A86400 = 1 day # A172800 = 2 days # A2419200 = 1 month # A4838400 = 2 months # A29030400 = 1 year # Test which ETag setting works best on your Host/Server/Website # with Firefox Firebug, Firephp and Yslow benchmark tests. # Create the ETag (entity tag) response header field #FileETag MTime Size # Remove the ETag (entity tag) response header field Header unset ETag FileETag none <IfModule mod_expires.c> ExpiresActive on ExpiresByType image/jpg A4838400 ExpiresByType image/gif A4838400 ExpiresByType image/jpeg A4838400 ExpiresByType image/png A4838400 ExpiresByType video/webm A4838400 ExpiresByType application/x-shockwave-flash A4838400 ExpiresByType application/x-javascript A4838400 ExpiresByType application/javascript A4838400 ExpiresByType text/javascript A4838400 ExpiresByType text/css A4838400 #ExpiresByType text/html A86400 # Default is 2 days below so the line above is not needed / commented out ExpiresDefault A172800 </IfModule> <IfModule mod_headers.c> <FilesMatch "\.(js|css|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|gif|jpg|jpeg|png|swf|webm)$"> Header append Cache-Control "public" </FilesMatch> <FilesMatch "\.(txt|html)$"> Header append Cache-Control "proxy-revalidate" </FilesMatch> <FilesMatch "\.(php|cgi|pl|htm|xml)$"> Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform" Header set Pragma "no-cache" </FilesMatch> </IfModule> <IfModule mod_deflate.c> # Insert filters AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/x-httpd-php AddOutputFilterByType DEFLATE application/x-httpd-fastphp AddOutputFilterByType DEFLATE image/svg+xml # Drop problematic browsers BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary </IfModule> # END WEBSITE SPEED BOOST # CUSTOM CODE TURN OFF YOUR SERVER SIGNATURE #Hide server information ServerSignature Off # CUSTOM CODE DIRECTORY LISTING/DIRECTORY INDEX # directory browsing Options All -Indexes # CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION # Protect wp-login.php from Brute Force Login Attacks based on IP Address <FilesMatch "^(wp-login\.php)"> Order Allow,Deny # Add your website domain name Allow from mydomain.com # Add your website/Server IP Address Allow from xxx.xxx.xx.xxx (My server IP) # Add your Public IP Address using 2 or 3 octets so that if/when # your IP address changes it will still be in your subnet range. If you # have a static IP address then use all 4 octets. # Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1 Allow from xxx.xxx.xxx.xx (My IP) </FilesMatch> # BPS ERROR LOGGING AND TRACKING # Use BPS Custom Code to modify/edit/change this code and to save it permanently. # BPS has premade 403 Forbidden, 400 Bad Request, 410 Gone and 404 Not Found files that are used # to track and log 403, 400, 410 and 404 errors that occur on your website. When a hacker attempts to # hack your website the hackers IP address, Host name, Request Method, Referering link, the file name or # requested resource, the user agent of the hacker and the query string used in the hack attempt are logged. # All BPS log files are htaccess protected so that only you can view them. # The 400.php, 403.php, 404.php and 410.php files are located in /wp-content/plugins/bulletproof-security/ # The 400, 410 and 403 Error logging files are already set up and will automatically start logging errors # after you install BPS and have activated BulletProof Mode for your Root folder. # If you would like to log 404 errors you will need to copy the logging code in the BPS 404.php file # to your Theme's 404.php template file. Simple instructions are included in the BPS 404.php file. # You can open the BPS 404.php file using the WP Plugins Editor. # NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php Theme template file. ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php ErrorDocument 401 default ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php ErrorDocument 404 /404.php ErrorDocument 410 /wp-content/plugins/bulletproof-security/410.php # DENY ACCESS TO PROTECTED SERVER FILES AND FOLDERS # Use BPS Custom Code to modify/edit/change this code and to save it permanently. # Files and folders starting with a dot: .htaccess, .htpasswd, .errordocs, .logs RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$ # WP-ADMIN/INCLUDES # Use BPS Custom Code to remove this code permanently. RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F] RewriteRule ^wp-includes/theme-compat/ - [F] # WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and # remove/delete HEAD| from the Request Method filter. # Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] # The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed. RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] # PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES # To add plugin/theme skip/bypass rules use BPS Custom Code. # The [S] flag is used to skip following rules. Skip rule [S=12] will skip 12 following RewriteRules. # The skip rules MUST be in descending consecutive number order: 12, 11, 10, 9... # If you delete a skip rule, change the other skip rule numbers accordingly. # Examples: If RewriteRule [S=5] is deleted than change [S=6] to [S=5], [S=7] to [S=6], etc. # If you add a new skip rule above skip rule 12 it will be skip rule 13: [S=13] # Adminer MySQL management tool data populate RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC] RewriteRule . - [S=12] # Comment Spam Pack MU Plugin - CAPTCHA images not displaying RewriteCond %{REQUEST_URI} ^/wp-content/mu-plugins/custom-anti-spam/ [NC] RewriteRule . - [S=11] # Peters Custom Anti-Spam display CAPTCHA Image RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC] RewriteRule . - [S=10] # Status Updater plugin fb connect RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC] RewriteRule . - [S=9] # Stream Video Player - Adding FLV Videos Blocked RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC] RewriteRule . - [S=8] # XCloner 404 or 403 error when updating settings RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC] RewriteRule . - [S=7] # BuddyPress Logout Redirect RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC] RewriteRule . - [S=6] # redirect_to= RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC] RewriteRule . - [S=5] # Login Plugins Password Reset And Redirect 1 RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC] RewriteRule . - [S=4] # Login Plugins Password Reset And Redirect 2 RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC] RewriteRule . - [S=3] # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE # Use BPS Custom Code to modify/edit/change this code and to save it permanently. # Remote File Inclusion (RFI) security rules # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F] # # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php) RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).* RewriteCond %{HTTP_REFERER} ^.*mydomain.com.* RewriteRule . - [S=1] # BEGIN BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. # Use BPS Custom Code to add or remove user agents temporarily or permanently from the # User Agent filters directly below or to modify/edit/change any of the other security code rules below. RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)HTTP(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} http\: [NC,OR] RewriteCond %{QUERY_STRING} https\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE BPS QUERY STRING EXPLOITS RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # WP REWRITE LOOP END # DENY BROWSER ACCESS TO THESE FILES # Use BPS Custom Code to modify/edit/change this code and to save it permanently. # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html # To be able to view these files from a Browser, replace 127.0.0.1 with your actual # current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1 # Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1 # Note: The BPS System Info page displays which modules are loaded on your server. <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)"> <IfModule mod_authz_core.c> Require all denied #Require ip 127.0.0.1 </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Deny from all #Allow from 127.0.0.1 </IfModule> </IfModule> </FilesMatch> # CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE # WP AUTHOR ENUMERATION BOT PROBE PROTECTION # Rewrites to author=999999 that does not actually exist # which results in a standard 404 error. To the hacker bot # it appears that this author does not exist without giving # any clues that the author does actually exist. RewriteCond %{QUERY_STRING} ^author=([0-9]){1,}$ [NC] RewriteRule ^(.*)$ $1?author=999999 [L] # XML-RPC DDoS PROTECTION # You can whitelist your IP address if you use A Weblog Client # or want to whitelist your IP address for any other reasons. # Example: uncomment #Allow from x.x.x. by deleting the # sign and # replace the x's with your actual IP address. Allow from 99.88.77. # Note: It is recommended that you use 3 octets x.x.x. of your IP address # instead of 4 octets x.x.x.x of your IP address. <FilesMatch "^(xmlrpc\.php)"> Order Deny,Allow # Whitelist Jetpack/ Automattic CIDR IP Address Blocks Allow from 192.0.64.0/18 Allow from 209.15.0.0/16 Allow from 66.155.0.0/17 Allow from xxx.xxx.xxx.xx (My IP) Deny from all </FilesMatch> # Block/Forbid Referer Spammers/Referer Phishing RewriteCond %{HTTP_REFERER} ^.*(ranksonic\.|semalt\.|kambasoft\.|buttons-for-website\.|buttons-for-your-website\.com|4webmasters\.org|social-buttons\.com|best-seo-offer\.com|best-seo-solution\.com).*$ [NC] RewriteRule ^(.*)$ - [F] # prevent hotlinking RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ http://www.mydomain.com/hotlink.gif [NC,R,L] #stop spammers RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*mydomain.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]The database size is 81 MB (5 MB – compressed with the zip)
The browser that I use is google chrome Version 46.0.2490.80 m
In Firefox the screen does not freeze, but the “processing” box continues to go round and round and it never finish. The “processing” box never closes.
Apparently the backup is being performed, although I don´t know if it is complete or without errors.
I see a lot of htaccess code that we do not provide either as default BPS code or as Bonus Custom Code. This code below is BPS Bonus Custom Code that is additional Custom Code that you have added that does IP address protection and that is the code that is causing the issue. If you have additional ip addresses you need to whitelist then you would add those additional ip addresses as shown in the example below. Also it is recommended that you use 2 or 3 octets in whitelisted ip addresses. See this forum topic for full help information: http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
# CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION # Protect wp-login.php from Brute Force Login Attacks based on IP Address <FilesMatch "^(wp-login\.php)"> Order Allow,Deny # Add your website domain name Allow from mydomain.com # Add your website/Server IP Address Allow from xxx.xxx.xx.xxx (My server IP) # Add your Public IP Address using 2 or 3 octets so that if/when # your IP address changes it will still be in your subnet range. If you # have a static IP address then use all 4 octets. # Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1 Allow from xxx.xxx.xxx.xx (My IP) Allow from xxx.xxx.xxx. another 3 octet ip address Allow from xxx.xxx. another 2 octet ip address etc etc etc </FilesMatch>Ok good info. The total DB size is small so that cannot be the issue. We use Google Chrome to backup a 300MB DB and nothing freezes so maybe it is not a Browser problem and something very simple like a cosmetic thing. Since you are the only person reporting this problem then most likely it is an isolated problem that is occurring for you only like a server, MySQL, add-on, extension or other possible problem on your end. We will do some additional testing to see if we can find any possible things that resemble what you are stating in Chrome and Firefox.
Hi,
1. I can whitelist the IPs. But, is it normal for an unauthorized IP that tries to login into the admin area to see the website all broken later on?
As you said, the code that can be the culprit is the one stated above, which is the one protecting the login. This code is one of the bonus code provided with BPS.
I don´t know if there´s anything there that can create this issue.
2. I´ve tried to create backups on two other sites and I didn´t have a problem. Which means that is not a problem with browsers or browsers´ extensions.
It could be the size of the DB, but you said you havent had any problem backing up a 300 MB DB. So the size probably isn´t the problem either.
Maybe is a matter of plugins conflicting, or maybe because the site is in another language? It is a wordpress in spanish translation.
Test Results:
No freezing or other problems occurred using these test parameters. Maybe the problem that is occurring on your website/server is that your PHP Memory setting is too low. 32M is too low. 64M is too low. 128M is very good and 256M is optimum. You can check your memory limit on the BPS System Info page. If you need assistance with changing your memory limit setting for your website/server contact your web host support folks.Browsers Tested: Chrome, Firefox, Safari, IE, Opera.
DB Size: 150MB
PHP Memory Setting: 128MYou can also do the standard WordPress troubleshooting steps of deactivating all other plugins and testing to see if another plugin is causing this problem, but if the root problem is that your PHP memory limit setting is too low then by deactivating all other plugins you will be freeing up more memory for DB Backup to run and it may appear that the problem is with another plugin.
My memory limits are:
WordPress Admin Memory Limit: 256M
WordPress Base Memory Limit: 40M
PHP Actual Configuration Memory Limit: 128MI was checking the DB and I noticed that my DB size is actually 44 MB (I have checked this by downloading a copy of my DB directly from phpMyadmin and also from a backup plugin that I use).
However, the DB backup that BPS performs is almost 81 MB. This is almost the double size that my real DB size.
Is there any reason why BPS DB backup is almost twice the size?
Could this be related to the problem?
Yeah that is odd. You should be seeing an 8.8MB (20%) increase in size of the sql dump file, which would make the total size 52.8MB and the zipped/archived file size would be 7.04MB (84%) decrease in size.
It would appear that something in your database is being dumped twice or maybe your database is damaged or corrupted? Not really sure. What type of database is this? MySQL or some other DB type?
Try installing another DB Backup plugin and see if the same thing happens. If the same thing happens then that would indicate a problem with your DB itself.
It´s a Mysql DB
How do I know if it´s damage or corrupted?
And if so, why would it be damaged/corrupted on the first place?
Hacked?
But phpmyadmin and my backup plugin both agree that the DB size is 44 MB.
If I install another backup plugin that says that the DB size is 44 MB, then the problem must be with BPS and not the DB itself, as three different elements agree that the DB size is 44 MB (and not 81 MB, as BPS is creating)
You can try running a database repair, analyze or optimize commands in phpMyAdmin to see if that does anything. I have no idea if your database is damaged or corrupted and there is no way I could tell you how that could happen. It is just too random/general a question with too many possible answers to try and guess about something like that.
Yes, correct the raw data in your database is always going to be smaller in size than an sql dump file because the sql dump file contains additional information that is used to import the raw database data: https://dev.mysql.com/doc/refman/5.0/en/mysqldump-sql-format.html
You actually have to do a backup with another plugin to see if the sql dump file size is larger than it should be. The average size increase of an sql dump file should be around 15% to 20% increase normally.
The topic ‘Bugs in BPS’ is closed to new replies.
