BPS HUD – BulletProof Security Heads Up Display

A Heads Up Display (HUD) has been added to BPS as of version .46.1. The first time and every time you access the BulletProof Security Settings page a Heads Up Display (HUD) will check for any issues or problems and display warning or error messages ONLY if an issue or problem has been detected. If there are no issues or problems then you will will not see the Heads Up Display. No news is good news.

Removing HUD Warning and Error Messages Permanently

If you would like to remove the HUD Warning and Error Messages permanently the echoed functions are located in the options.php file at code line 27. They are shown below. You would add 2 forward slashes in front of the warning or error message echo function that you do not want to be displayed in the HUD. Example: //echo bps_check_safemode(); This would prevent the Safe Mode Check error message from being displayed every time you access the BPS Settings page.

// Heads Up Display - Warnings and Error messages
 echo bps_check_php_version_error();
 echo bps_check_permalinks_error();
 echo bps_check_iis_supports_permalinks();
 echo bps_hud_check_bpsbackup();
 echo bps_check_safemode();
 echo bps_w3tc_htaccess_check($plugin_var);
 echo bps_wpsc_htaccess_check($plugin_var);

BPS HUD – Error Messages and Warning Messages

PHP Version Check
WARNING! BPS requires at least PHP5 to function correctly. Your PHP version is: 4.3.2

BPS requires a minimum of PHP5 to be running on your WordPress website in order to function correctly. If you have an older version of PHP then you will need to add an Apache Directive to your root .htaccess file to force PHP5 to run on your WordPress website. To find out what particular PHP5 .htaccess Apache Directive that your web host uses perform this Google search – your web host’s name and PHP5.

WordPress Permalinks Check
WARNING! Permalinks are NOT Enabled. Permalinks MUST be enabled for BPS to function correctly

BPS requires that your are using a WordPress Permalink structure. For more information on WordPress Permalinks view the WordPress Permalinks page.

Windows IIS6 and IIS7 Check
WARNING! BPS has detected that your Server is a Windows IIS Server that does not support .htaccess rewriting. Do NOT activate BulletProof Security Modes unless you are absolutely sure you know what you are doing. Your Server Type is: IIS6
WordPress Codex – Using Permalinks – see IIS section
This link will open in a new browser window. You will not be directed away from your WordPress Dashboard.

BPS Backup Folder Check – mkdir Check – PHP Make Directory Check
WARNING! BPS was unable to automatically create the /wp-content/bps-backup folder.
You will need to create the /wp-content/bps-backup folder manually via FTP. The folder permissions for the bps-backup folder need to be set to 755 in order to successfully perform permanent online backups.

Safe Mode Check
WARNING! BPS has detected that Safe Mode is set to On in your php.ini file.
If you see errors that BPS was unable to automatically create the backup folders this is probably the reason why.
Safe Mode is a thing of the past that never really worked any way. If you have safe mode set to On in your php.ini file you should set it to Off. If your web host has safe mode set to On and does not allow you to change this then just remove the error message by commenting out the Safe Mode function check in the options.php file. Safe Mode will effect the PHP mkdir function that creates directories so you may need to manually create folders is you have Safe Mode set to On.

W3 Total Cache htaccess checks
W3 Total Cache is activated, but W3TC .htaccess code was NOT found in your root .htaccess file.
W3TC needs to be redeployed by clicking either the auto-install or deploy buttons. Click to Redeploy W3TC.

W3 Total Cache is deactivated and W3TC .htaccess code was found in your root .htaccess file.
If this is just temporary then this warning message will go away when you reactivate W3TC. If you are planning on uninstalling W3TC the W3TC .htaccess code will be automatically removed from your root .htaccess file when you uninstall W3TC. If you manually edit your root htaccess file then refresh your browser to perform a new HUD htaccess file check.

WP Super Cache htaccess checks
WP Super Cache is activated, but either you are not using WPSC mod_rewrite to serve cache files or the WPSC .htaccess code was NOT found in your root .htaccess file.
If you are not using WPSC mod_rewrite then just add this commented out line of code in anywhere in your root htaccess file – # WPSuperCache. If you are using WPSC mod_rewrite and the WPSC htaccess code is not in your root htaccess file then click this Update WPSC linkto go to the WPSC Settings page and click the Update Mod_Rewrite Rules button. It appears that the BPS filters are working correctly with the WPSC htaccess code being written to the bottom of the root htaccess file, but I recommend that you manually cut and paste the WPSC htaccess code and the section of WordPress htaccess code that starts with # BEGIN WordPress and ends with # END WordPress to the top area of your root htaccess file right after Options -Indexes in your root htaccess file. Refresh your browser to perform a new HUD htaccess file check.

WP Super Cache is deactivated and WPSC .htaccess code – # BEGIN WPSuperCache # END WPSuperCache – was found in your root .htaccess file.
If this is just temporary then this warning message will go away when you reactivate WPSC. You will need to set up and reconfigure WPSC again when you reactivate WPSC. If you are planning on uninstalling WPSC the WPSC .htaccess code will be automatically removed from your root .htaccess file when you uninstall WPSC. If you added commented out line of code in anywhere in your root htaccess file – # WPSuperCache – then delete it and refresh your browser. It appears that the BPS filters are working correctly with the WPSC htaccess code being written to the bottom of the root htaccess file, but I recommend that you manually cut and paste the WPSC htaccess code and the section of WordPress htaccess code that starts with # BEGIN WordPress and ends with # END WordPress to the top area of your root htaccess file right after Options -Indexes in your root htaccess file.

Plugin Errors, Warnings, Problems, Conflicts and Fixes Information
For problems and issues with plugin conflicts view the BPS Plugin Compatibility, Testing and Fixes page

General Troubleshooting and Common Problem Areas

As of BPS .46.1 additional System Information checks are performed to display important information about your website. One of the areas that tends to confuse people is when they have several websites under one web hosting domain account. These website domains are either addon domains, aliased domains or subdomains. BPS will correctly determine where your WordPress installation is located on your Web Server and display the correct WordPress installation folder for you. When manually editing the RewriteBase and RewriteRule in the BPS .htaccess files you would enter whatever is displayed for your WordPress Installation Folder. The table below is showing a WordPress Subfolder Installation. If you had a root WordPress installation then you would see this:

WordPress Installation Folder: /
WordPress Installation Type: Root Folder Installation

Website Root Folder: http://www.ait-pro.com/wordpress-testing-website   MySQL Database Version: x.x.x-log
Document Root Path: /var/chroot/home/content/xx/xxxxxxx/html   MySQL Client Version: x.x.xx
WP ABSPATH: /home/content/xx/xxxxx/html/wordpress-testing-website/   Database Host: aitxxxxx.db.xxxx.somehost.com
Server / Website IP Address: 173.201.92.1   Database Name: aitxxxxxx
Public IP / Your Computer IP Address: xx.xx.xxx.xxx   Database User: aitxxxxx
Server Type: Apache   SQL Mode: Not Set
Operating System: Linux    
Multisite: Multisite is not enabled   WordPress Installation Folder: /wordpress-testing-website/
Browser Compression Supported: gzip, deflate   WordPress Installation Type: Subfolder Installation
PHP Version Check: √ Running PHP5   WP Permalink Structure: /%post_id%/%postname%/
    Permalinks Enabled: √ Permalinks are Enabled

BPS Status Page Warnings and Errors When Installing BPS for The First Time and Upgrading

When you install and upgrade BPS, BPS will check for the version number in the .htaccess files that you are currently using. If you are using .46 BPS .htaccess files then BPS will generate these warnings because it is looking for version .46.1 .htaccess files. The latest BPS master .htaccess files contain the latest plugin fixes and any other changes to the master .htaccess files including security improvements, additions, etc. You should always be using the latest BPS master files. Before you activate the latest BPS master files be sure to use the built-in BPS File Editor to copy and paste any .htaccess code to the new master .htaccess files before activating them or you can copy any new BPS 46.1 .htaccess code to your current BPS .46 .htaccess files. If you just want the warning messages to go away without activating new BPS master files then use the BPS File Editor and change the version from .46 to .46.1. in your currently active root and wp-admin .htaccess files. Whichever method you choose just make sure that your RewriteBase and RewriteRule are correct for your website and then Activate BulletProof Modes. After you have performed any one of the methods above you should see all green status messages displayed in the Status window.

The .htaccess file that is activated in your root folder is:
string(45) ” BULLETPROOF .46 >>>>>>> SECURE .HTACCESS “

A BPS .htaccess file was NOT found in your root folder or you have not activated BulletProof Mode for your Root folder yet, Default Mode is activated or the version of the BPS htaccess file that you are using is not .46.1. Please read the Read Me hover Tooltip above.

wp-config.php is NOT .htaccess protected by BPS

√ Deny All protection activated for BPS Master /htaccess folder
√ Deny All protection activated for /wp-content/bps-backup folder

The .htaccess file that is activated in your wp-admin folder is:
string(45) ” BULLETPROOF .46 WP-ADMIN SECURE .HTACCESS “

A valid BPS .htaccess file was NOT found in your wp-admin folder. Either you have not activated BulletProof Mode for your wp-admin folder yet or the version of the wp-admin htaccess file that you are using is not .46.1. BulletProof Mode for the wp-admin folder MUST also be activated when you have BulletProof Mode activated for the Root folder. Please read the Read Me hover Tooltip above.

The WP readme.html file is not .htaccess protected
The WP /wp-admin/install.php file is not .htaccess protected


This page will eventually include all the possible BPS error messages and warnings that would ever see.

Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

Tags: , , ,

Categories: BulletProof Security Plugin Support

15 Responses to “BulletProof Security Error Messages – Error Messages, Warning Messages, General Messages, Heads Up Display”


  1. I’m frustrated to the extent I just want to delete this plug-in. My folder permissions are all 755, file permissions 644, and yet I keep getting “The file /smhhome/b-web/ba/11/grantscomputersolutions.com.au/public/www/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess is not writable or does not exist.” when I try create secure.htaccess, and “Failed to Activate BulletProof Security Root Folder Protection! Your Website is NOT protected with BulletProof Security!” if I try activate, even if I manually copy the file to the folder. secure.htaccess is present in the folder and has 644 as file permissions. Nothing works anywhere … please help

    • AITpro Admin says:

      This post is outdated. Please do these 2 things.

      1. Go to the BPS System Info page and post this system information below in your reply.
      Server Type:
      Operating System:
      Server API:
      Multisite:

      2. Go to the new General Troubleshooting page and read through the troubleshooting steps.
      http://www.ait-pro.com/aitpro-blog/297/bulletproof-security-plugin-support/bulletproof-security-wordpress-plugin-support/

      • damian says:

        Got this same error. Can’t create / not-writeable / does not exist error for secure.htaccess file. The directory permissions are 755. Inside default.htaccess, the version is reading Pro 5.D.(??) Previous versions worked great, but the newest update .47.5 not working for root. Seems to be working fine for admin, so what I did was copy the .htaccess from admin and paste it in the root…Now all warnings gone from BPS (except that the secure.htaccess doesn’t exist in the plugins /htacess folder) …

        Is what I did okay?

        • damian says:

          Haha… Okay, it wasn’t okay. All links broken within the site.

          • damian says:

            Server Type: Apache
            Operating System: Linux
            Server API: cgi-fcgi – Your Host Server is using CGI
            Multisite: Multisite is Not enabled

        • AITpro Admin says:

          Yep this is most likely the old Broken cPanel HotLink Protection Tool problem >>> http://wordpress.org/support/topic/bulletproof-security0475-not-working?replies=7
          If you look at the latest comments in that thread the clues are pointing more and more to exactly what the wonderful Broken cPanel HotLink Protection Tool is now doing. ha ha ha. The broken cPanel HotLink Protection Tool has been broken for over 10 years and will probably continue to cause problems until the end of time. I’m not sure if i can block it entirely since it is at the Host Server level, but maybe there is something that i can do to short circuit it before it destroys folks websites – working on it. ;)

  2. went i got update it got the same msg

  3. Lucas says:

    Hi,

    to begin with thanks for creating the plug in! and I hope that this is the right place to ask this.

    I have installed your plug in and every thing is working except form two red messages under BulletProof Security Status;

    Deny All protection NOT activated for BPS Master /htaccess folder
    Deny All protection NOT activated for /wp-content/bps-backup folder

    When i try to active the buttons i get the following message;

    Warning: copy(/home/xxxxxx/public_html/wp-content/plugins/bulletproof-security/admin/htaccess/.htaccess) [function.copy]: failed to open stream: Permission denied in /home/xxxxxx/public_html/wp-content/plugins/bulletproof-security/admin/options.php on line 189
    Failed to Activate BulletProof Security Deny All Folder Protection! Your BPS Master htaccess folder is NOT Protected with Deny All htaccess folder protection!

    I have tried going through all the directors and opening the acess but i was not able to solve it.

    So please help
    Lucas

    • AITpro Admin says:

      Check your folder permissions and correct them, but most likely the cause of this problem is your SAPI type is DSO. Check under the BPS System Info page for your SAPI type. If your SAPI is DSO your options are this: You will have to do everything manually and not be able to use the automatic forms in BPS or you can contact your web host and have them move your website to a Server with CGI instead of DSO.

      • Lucas says:

        Thank you for your reply,

        Yes your right about the SAPI it is DSO, is there step to perform the steps manually?

        Thanks

        Lucas

        • AITpro Admin says:

          DSO file and folder permissions are handled entirely differently than CGI file and folder permissions. 99% of all people have CGI Hosting. With DSO you lose all the automation in BPS and will have to do everything manually. You will have to perform everything that is automated in BPS manually by downloading files and editing files manually. We may decide to add additional coding to BPS in the future that will allow automation to work for DSO. This is a very difficult and time consuming thing to recode BPS for DSO and it has very low priority because only 1% of the people are using DSO. We have a team currently working on that DSO coding and they are expected to be finished with their recoding project by July or August 2012.

  4. DavidH says:

    You have a great plugin!

    I am concerned abou this warning

    wp-config.php is NOT .htaccess protected by BPS

    Since there is nothing else in the Tabs that address protection of the wp-config.php file, is this simply acknowledging that BPS does NOT include this file in its htaccess rules for some reason?

    • AITpro Admin says:

      That warning message is caused by one of these reasons:
      A BPS .htaccess file was NOT found in your root folder or you have not activated BulletProof Mode for your Root folder yet, Default Mode is activated, Maintenance Mode is activated or the version of the BPS htaccess file that you are using is not .46.4. If you edit the top portion of the BPS root .htaccess file and change this first line in the file >>> # BULLETPROOF .46.4 >>>>>>> SECURE .HTACCESS then you will see this error message. The function to check for a valid BPS .htaccess file looks at the version number in that top line in the root .htaccess file. If you want to add something else to the top of the root .htaccess file then just modify the /bulletproof-security/includes/functions.php file to not look at the version number. Also another possibility is that you have moved the wp-config.php file to another directory to protect it. Thanks.

  5. [...] BulletProof Security Error Messages – Error Messages, Warning Messages, General Messages, Head… [...]