happyday25

Ok thank you for clarifying, are there plans to support the block-based checkout with WP Armour in the futre? The block checkout is a much better layout to use than the classic one.

Thank you!

Ok great! I updated the plugin and that fixed it. Thank you!

Got it, thank you! Updating this seems to have fixed the 403 for links with parentheses. I am also seeing this entry with Google in the Host Name and was wondering if there is a way to determine if this is a good bot or a spammer? I was reading the documentation for the security log event codes about the server protocol being HTTP/1.0 and the user agent being blank. Do both needed to be true for it to be a spammer or only one?

[405 HEAD Request: July 16, 2025 - 2:08 pm]
BPS: 6.9
WP: 6.8.1
Event Code: BFHS-HEAD - HEAD Request Blocked
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: 155.17.44.34.bc.googleusercontent.com
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: HEAD
HTTP_REFERER:
REQUEST_URI: /products/pottery-jar-set
QUERY_STRING:
HTTP_USER_AGENT: curl/8.10.0

Thank you for the information Hitendra! I followed the steps to create the keys in the link above and entered them in the corresponding plugin fields including the integrating with a third party option using the legacy secret key. On the Google console side though it is saying that it still needs to be added to the site and the tokens verified with the following information:

“Incomplete: Finish setting up your key: Request tokens
To protect your site or app, finish setting up your key. Start by requesting tokens (executes).”

“Before proceeding, you must authenticate with reCAPTCHA. API requests to reCAPTCHA will fail until authentication steps are complete.” https://cloud.google.com/recaptcha/docs/authentication?authuser=1

How do I incorporate these steps with the plugin to finish the setup?

Thank you again!

Thanks for the heads up about SecurityMetrics, they have been a bit pushy on the sales side at times but the scans are part of a general compliance regulation that I have to meet so I would have to address this regardless of who did the scan.

I have the file permissions for the error log set so that they cannot be viewed publicly. When going to the URL path while logged out it shows a 403 forbidden page but the BPS errors are visible at the top. Below is all of the content on the 403 page.

Warning: session_start(): open(/var/cpanel/php/sessions/ea-php82 /sess_f02bf61f75639db56553090e9192ccb752, O_RDWR) failed: No such file or directory (2) in /home/username/public_html/example.com/wp-content/plugins/bulletproof-security/403.php on line 3

Warning: session_start(): Failed to read session data: files (path: /var/cpanel/php/sessions/ea-php82) in /home/username/public_html/example.com/wp-content/plugins/bulletproof-security/403.php on line 3

403 Forbidden Error

If you arrived here due to a search or clicking on a link click your
Browser’s back button to return to the previous page. Thank you.

Website: example.com

Your IP Address: xx.xx.xxx.x

BPS Plugin 403 Error Page

Hi @ibrahimsharif, sorry I posted this and then found the support page and thought it would be best to message there instead and forgot to remove this. Yes the issue is resolved now, thank you for the help!

Wonderful! Thank you for adding this feature to the plugin!!