This is an older Post that is outdated. A new Forum Topic has been created here: http://forum.ait-pro.com/forums/topic/plugin-conflicts-actively-blocked-plugins-plugin-compatibility/
There are 21,618 plugins in the WordPress Plugin Repository as of 10/4/2012 and that number grows everyday. There are probably 1,000’s of Premium WordPress Plugins available around the Internet.
The reason this is worth pointing out is that there are only around 30-40 Plugin issues that require a simple skip/bypass rule, which is a relatively low number considering the total number of Plugins available.
BPS is a Security Plugin – The standard WP term “Plugin Conflict” is Equal to “Actively Blocking” When “Fixing” Plugin Issues
Plugins that have been tested with BPS, waiting to be tested with BPS, .htaccess plugin skip/bypass rules “fixes”, Custom PHP Application “fixes” or other miscellaneous issues, fixes and solutions are listed here. Most plugin “conflicts” or issues require a simple .htaccess skip/bypass rule if there is a “conflict” or issue or the plugin is doing something that BPS is blocking because it appears to be unsafe to BPS or in some cases is actually an unsafe coding practice. If you need to apply an .htaccess skip rule this does not mean that your website is less secure by adding that .htaccess skip rule and it does not necessarily mean there is anything wrong with the coding in another plugin.
The general idea is that the default BPS security filters are starting from the highest and most secure possible website security protection settings and if you need to allow a particular plugin to do what it needs to do then a simple skip/bypass rule can be easily added. There are now over 21,000 plugins in the WordPress Plugin Repository so I am actually very amazed that the number or skip/bypass “fixes” rules on this page is so low. BPS Pro has several layers of overlapping security protection and BPS Free also has overlapping security protection to compensate for allowing any .htaccess plugin skip rules. Adding a skip/bypass rule is completely safe to do.
All plugin issues or “conflicts” go through thorough security testing before an official “fix” is released. New recent plugin “fixes” can be added manually to your current version of BPS if you are having a problem with a plugin listed on this page or other miscellaneous issue and it has not yet been added to the latest version of BPS. If you are using a plugin that is not playing nice or is being blocked by BPS, then please add a comment here with the plugin name, the author’s name and the version of the plugin and that plugin will be added to the list to be tested ASAP. Please perform general troubleshooting steps first such as refreshing your browser, clearing your browser cache and making sure your ISP connection does not have a problem before submitting an issue. Thank you.
IMPORTANT! Ongoing problem since at least 2002 – Broken cPanel HotLink Protection Tool
Problem: If you are unable to create .htaccess files with AutoMagic or edit .htaccess files with the built-in editor or you are seeing 404 errors when trying to edit .htaccess files or use AutoMagic and Quarantine does not work period then your site is using the broken cPanel HotLink Protection Tool. It has been broken since 2008 and it also breaks many other WordPress features such as the Plugin Editor and too many other things in WordPress to list here.
Solution: There is only one way to block the broken cPanel HotLink Protection tool, since enabling and disabling it is also broken – you cannot turn it off. You need to lock your Root .htaccess file with F-Lock and log into cPanel and delete all code that you see in the HotLink Protection window. If you unlock your Root .htaccess file at a later time and WordPress and BPS and ARQ are not working correctly again then you will need to repeat these steps to fix the problem again as this broken tool will probably do the same thing again as soon as you Root .htaccess file is unlocked.
NOTE: As of BPS Pro 5.1.5 and BPS .46.9 you can add custom .htaccess code and plugin fixes to the Custom Code feature. This feature allows you to permanently save any custom .htaccess code and plugin fixes permanently to your WP Database so that your custom .htaccess code and plugin fixes will be automatically written to your .htaccess files when you use AutoMagic and activate BulletProof Mode for your Root folder. The wp-admin Custom Code feature adds your custom code to the wp-admin .htaccess file when you activate BulletProof Mode for your wp-admin folder.
BulletProof Security CAN be installed if you are using an IIS6 or IIS7 server for web hosting. BUT DO NOT activate BulletProof Modes on an IIS6 or IIS7 servers ever. You can use the additional features in BPS, but mod_rewriting does not work on IIS6 or IIS7 servers. There are several prerequisites that are needed for an IIS7 server and you can install the URL Rewrite Module for IIS7 and create a web.config file in place of the root .htaccess file. This would of course require that you modify the coding in BPS to look for the root web.config file instead of the root .htaccess file. You could then use the built-in File Editor to edit your web.config file. If you are not familiar with what is required for an IIS7 server and “mod_rewriting” then click here >>> WordPress Codex using Permalinks without mod_rewrite.
INTesting = a possible conflict was reported – plugin is in testing
Testing PR = a conflict was found and a workaround may exist. A permanent fix may or may not be pending.
Tested NC = the plugin was tested and No existing conflicts were found.
PUDV = the plugin was tested, but is either not working correctly, coding problem or other coding conflict issue. A fix may or may not have been created – Pending User Verification or Developer verification of coding mistake or bug fix.
DCON = Direct conflict with BPS (may also be dangerous / not safe to use) – recommended action is to contact the plugin Developer to fix the coding mistakes and/or bugs or delete the plugin.
DCONTesting = direct conflict with BPS
Resolved = a conflict was found and a solution has been created. Premium plugin fixes will not automatically be included in BPS Pro and BPS Free .htaccess coding and do require that you manually add the .htaccess code solution to your root .htaccess file.
NI = Non Issue or Not an Issue
SF = similar functionality – ie another security plugin that performs security functions. Possible conflicting security functions or overlapping functions.
NF = New Fix
NLIC = no longer an issue or conflict or the new BPS .htaccess code permanently resolves this issue. NLIC issues are automatically and permanently included in each new version of BPS Pro and BPS Free that is released.
Pro = the conflict and solution applies to only BPS Pro and does not apply to BPS Free.
Plugin Name | Plugin Author | Plugin Version | Status |
W3 Total Cache | fredericktownes | All | NLIC |
WP-Cache | gallir | All | Tested NC |
WP Super Cache | donncha, automattic | All | NLIC |
BuddyPress – member log out | multiple authors | All | NLIC |
BuddyPress – delete Topics | multiple authors | All | Resolved |
Status Updater | Francesco Castaldo | All | NLIC |
Adminer | bueltge | All | NLIC |
Peter’s Custom Anti-Spam Image | pkthree | All | NLIC |
Stream Video Player | Rodrigo Polo | All | NLIC |
XCloner | xcloner | All | NLIC |
XCloner – Cron Job Only | xcloner | All | Resolved–Pro |
BackUpWordPress | multiple authors | All | Resolved |
Juicebox | unknown | All | Resolved |
Link Cloaking Plugin | whiteshadow | All | Resolved |
MyArcadePlugin Lite | MyArcadePlugin | All | Resolved |
Google Analytics Dashboard | Carson McDonald | All | Resolved |
WordPress SEO by Yoast | joostdevalk | All | Resolved |
User Avatar | multiple authors | All | Resolved |
wp-greet | tuxlog, woodstock | All | Resolved |
WP-Invoice | multiple authors | All | Resolved |
WP-DBManager | GamerZ | All | Resolved–Pro |
EZPZ One Click Backup | EZPZSolutions | All | Resolved–Pro |
SecureDL | Premium paid plugin | All | Resolved–Pro |
S2Member | Premium paid plugin | All | Resolved |
Shopp e-commerce | Premium paid plugin | All | Resolved |
DisplayBuddy – Video Showcase | Premium paid plugin | All | Resolved |
Cart66 | Premium paid plugin | All | Resolved |
Digi Auto Links | Premium paid plugin | All | Resolved |
RSS Link Bomber | Premium paid plugin | All | Resolved |
WP Twin AUTO BACKUP | Premium paid plugin | All | Resolved |
WP Twin – Clone | Premium paid plugin | All | Resolved |
WP PDF Stamper | Premium paid plugin | All | Resolved–Pro |
WP Whats My Rank | Premium paid plugin | All | Resolved–Pro |
Ad Trackz Gold | Premium paid plugin | All | Resolved–Pro |
BackupBuddy | Premium paid plugin | All | Resolved–Pro |
Full Screen Background Images Pro | Premium paid plugin | All | Resolved |
phpBay Pro | Premium paid plugin | All | Resolved |
tribulant – Shopping Cart | Premium paid plugin | All | Resolved |
Other Issues – WP Theme, Custom Apps or miscellaneous issues | Status |
.htaccess code is disappearing automatically – multiple instances of the default WordPress .htaccess code is appearing | Resolved |
All Login Password Reset or Redirect problems | NLIC |
GeoTheme – Geolocation Map 403 Error | Resolved |
Atahualpa Theme – Export / Download blocked by BPS | Resolved |
BPS menus or other CSS – visual look or menus not displaying correctly | General Fix |
PayPal IPN or PDT scripts – NO conflicts exist | Tested NC |
WPMU – multisite plugins – network plugins – General Fix | General Fix |
Plugin 403 Forbidden Errors | General Fix |
Infinite .htaccess Loops – not necessarily related to BPS | General Fix |
SquirrelCart PHP Shopping Cart | Resolved |
Custom Applications outside of WordPress – 3rd Party Apps – General Fix | Resolved |
“You don’t have permission to access /wp-admin/media-upload.php on this server.” – media-upload.php 403 Error | Resolved |
Nocturnal Theme mp3 audio files not playing | Resolved |
NEW PLUGIN FIXES METHODS – As of BPS .46.5 – The way Rules & Rulesets are processed has changed significantly
SQL Injection Filtering
Any SQL Injection fixes are no longer necessary as a pre-filter has been added to any filtered SQL Commands. This means that words / commands that were blocked before are no longer blocked by themselves alone. Example: The word / command “union” is no longer blocked / forbidden and now “; union” with a semi-colon in front of it or with any of the other pre-filter characters in front of it would be blocked. The pre-filter contains characters that are used in SQL Injection attacks.
Plugin Fixes
To fix a plugin conflict or not block a particular plugin from doing something the new method of adding an .htaccess Skip rule resolves any plugin conflict or issue. The general concept to get is that the .htaccess Skip rules go in descending order and the Skip number order is very important. As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently.
The example below shows the new section of code in the BPS Root .htaccess file that deals with plugin conflicts. In this example I have added a fictitious plugin fix for a plugin called “example-plugin-fix”. Since I added the plugin fix after the “Comment Spam Pack MU Plugin” fix this means that I have added another RewriteRule in this section of .htaccess code so the 2 plugin fixes that came before (are above) this new RewriteRule need to have their Skip rule numbers changed to increase by 1 to skip the additional new example RewriteRule that was added. The Example Plugin Fix is S=11. The RewriteRule that was S=11 will now be changed to S=12 and the RewriteRule above S=12 will now be changed to S=13. An .htaccess Skip rule skips the number of RewriteRules that you tell it to skip. If you count down the RewriteRules (in your actual root .htaccess file for your website) you will see that what happens is that the Skip rules cause these plugin fixes to skip all the RewriteRules that deal with other plugin fixes and the thumbnailer Forbid RewriteRule and the Query String Exploits filter RewriteRule and go directly to the WordPress RewriteRule and skip all the other RewriteRules that come before the WordPress RewriteRule.
This .htaccess code below is .htaccess code that is included as of BPS Pro 5.1.3 and BPS .46.8. As of BPS Pro 5.1.5 and BPS .46.9 you can now use the Custom Code feature in BPS and BPS Pro to add additional plugin fixes automagically.
# PLUGINS AND VARIOUS EXPLOIT FILTER SKIP RULES # IMPORTANT!!! If you add or remove a skip rule you must change the S= number to the new skip number # Examples: If RewriteRule S=5 is deleted than change S=6 to S=5, S=7 to S=6, etc. # If you add a new skip rule above S=12 it will be skip rule S=13 # Adminer MySQL management tool data populate RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC] RewriteRule . - [S=13] # Comment Spam Pack MU Plugin - CAPTCHA images not displaying RewriteCond %{REQUEST_URI} ^/wp-content/mu-plugins/custom-anti-spam/ [NC] RewriteRule . - [S=12] # Example Plugin Fix - Just an example of how to add a new plugin fix RewriteCond %{REQUEST_URI} ^/wp-content/plugins/example-plugin-fix/ [NC] RewriteRule . - [S=11] # Peters Custom Anti-Spam display CAPTCHA Image RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC] RewriteRule . - [S=10] # Status Updater plugin fb connect RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC] RewriteRule . - [S=9] # Stream Video Player - Adding FLV Videos Blocked RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC] RewriteRule . - [S=8] # XCloner 404 or 403 error when updating settings RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC] RewriteRule . - [S=7] # BuddyPress Logout Redirect RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC] RewriteRule . - [S=6] # redirect_to= RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC] RewriteRule . - [S=5] # Login Plugins Password Reset And Redirect 1 RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC] RewriteRule . - [S=4] # Login Plugins Password Reset And Redirect 2 RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC] RewriteRule . - [S=3] # TIMTHUMB FORBID RFI BY HOST NAME BUT ALLOW INTERNAL REQUESTS RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F,L] RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] RewriteRule . - [S=1]
Permanent Fixes For Plugin Conflicts with BPS
As of BPS .46.5 and BPS Pro 5.1 the Master (AutoMagic) .htaccess code automatically permanently resolves several plugin conflicts that previously existed. The “Other Issues – WP Theme or other miscellaneous issue” section of this help page may still apply in some cases and have been highlighted if they still apply to the new version of BPS.
W3TC – specific .htaccess code checking and messaging – included as of BPS .45.8
BPS will display W3TC specific error warning messages when W3TC .htaccess code needs to be updated. Not confirmed / possible issues with CDN / CloudFlare or eaccelerator. Symptoms: Random pop up messages similar to this “Are you sure you want to do this?” messages with no confirm button. This may or may not be related to BPS.
WPSC – specific .htaccess code checking and messaging – included as of BPS .45.8
BPS will display WPSC specific error warning messages when WPSC .htaccess code needs to be updated.
BuddyPress – BuddyPress Member log out does not log Members out – included as of BPS .45.8
Permanent .htaccess bypass / skip rule as of BPS .45.8. This fix requires that WordPress 3.0.4 is installed. This fix will NOT work with versions of WordPress older than 3.0.4.
# BuddyPress Logout Redirect RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC] RewriteRule . - [S=6]
BuddyPress – 403 Error when trying to Trash/delete Topics
BuddyPress calls the /wp-admin/post.php file to perform several tasks such as Trash/delete Topics. Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES:and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
post.php skip/bypass rule
# BuddyPress skip/bypass rule RewriteCond %{REQUEST_URI} (post\.php) [NC] RewriteRule . - [S=2]
Status Updater – FB and Twitter posts not updating – Cron jobs not running – included as of BPS .46.1
Permanent .htaccess bypass / skip rule as of BPS .46.1.
# Status Updater plugin fb connect RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC] RewriteRule . - [S=9]
Adminer BPS conflict fix – included as of BPS .46.1
Permanent .htaccess bypass / skip rule as of BPS .46.1.
# Adminer MySQL management tool BPS conflict fix RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC] RewriteRule . - [S=12]
Peter’s Custom Anti-Spam Image plugin -included as of BPS .46.1
Permanent .htaccess bypass / skip rule as of BPS .46.1.
# Peters Custom Anti-Spam Image fix RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC] RewriteRule . - [S=10]
Stream Video Player – Unable to Add FLV Videos – 404 or 403 Errors – included as of BPS .46.1
Permanent .htaccess bypass / skip rule as of BPS .46.1.
# Stream Video Player - Adding FLV Video Blocked By BPS RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC] RewriteRule . - [S=8]
XCloner – Settings page update causes a 404 or 403 error – included as of BPS .46.2
Permanent .htaccess bypass / skip rule as of BPS .46.2.
# XCloner 404 or 403 error when updating settings RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC] RewriteRule . - [S=7]
XCloner – Cron Jobs not working – BPS Pro ONLY
The custom php.ini file that comes with BPS Pro has register_argc_argv turned Off by default >>> register_argc_argv = Off. For Cron jobs to work correctly change the register_argc_argv setting to On >>> register_argc_argv = On.
BackUpWordPress – WP-Cron 302 or 403 response/error
The BackUpWordPress plugin makes a HEAD Request to verify that the site is up. The BPS Request Method nuisance filter will block that HEAD Request. Remove HEAD from the nuisance filter.
# REQUEST METHODS FILTERED # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow # all bots to make a HEAD request then remove HEAD from the Request Method filter. # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website. RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F,L]
Juicebox – 403 error when trying to insert Juicebox Gallery
A simple .htaccess skip rule fixes this issue. Copy and paste this .htaccess code below to Your Current Root htaccess File file using the built-in BPS File Editor. As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, click the secure.htaccess AutoMagic button and then activate BulletProof Mode for your Root folder.
# Juicebox skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/wp-juicebox/ [NC] RewriteRule . - [S=13]
Link Cloaking plugin – Removes/overwrites BPS .htaccess code on plugin activation
Activate the Link Cloaking plugin to get the .htaccess code that it creates in your Root .htaccess file. Go to the Edit/Upload/Download page and copy the Link Cloaking plugin’s .htaccess code (# Link Cloaker Plugin BEGIN to # Link Cloaker Plugin ENDS) and then go to BPS Custom Code and paste the .htaccess code in the Root .htaccess File # CUSTOM CODE BOTTOM text box and click the Save Root Custom Code button. Next go to the Security Modes page and click the AutoMagic buttons and activate BulletProof Mode for your Root folder. The Link Cloaker plugin’s .htaccess code will be included in your root .htaccess file coding.
MyArcadePlugin Lite – Unable to import a Flash SWF file – 403 Forbidden Error
A simple .htaccess skip rule fixes this issue. Copy and paste this .htaccess code below to Your Current Root htaccess File file using the built-in BPS File Editor. As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, click the secure.htaccess AutoMagic button and then activate BulletProof Mode for your Root folder.
# MyArcadePlugin Lite SWF Import fix RewriteCond %{REQUEST_URI} ^/wp-content/plugins/myarcadeblog/ [NC] RewriteRule . - [S=13]
Google Analytics Dashboard – Google Analytics data will not load.
There are 2 things that are blocked:
1. parenthesis characters in Query strings are blocked: Edit your Root .htaccess file and remove the parenthesis characters from the security filter as shown below.
2. admin-ajax.php file call is blocked: Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES: and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
Remove parenthesis characters in this root .htaccess security filter
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(<|>|%3c|%3e).* [NC,OR]
admin-ajax.php skip/bypass rule
# Google Analytics Dashboard skip/bypass rule RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC] RewriteRule . - [S=2]
WordPress SEO by Yoast – unable to connect to facebook OpenGraph – generates a 403 error
Add this skip/bypass rule to BPS Custom Code in the CUSTOM CODE WPADMIN PLUGIN FIXES: text box and activate BulletProof Mode for your wp-admin folder.
# Yoast Facebook OpenGraph skip/bypass RewriteCond %{QUERY_STRING} page=wpseo_social&key=(.*) [NC] RewriteRule . - [S=2]
User Avatar – avatar images are no longer displaying for custom images – 403 error
Edit your root .htaccess file with the BPS built-in editor, find the timthumb htaccess code and add the user-avatar-pic.php file to the image thumbnailer (timthumb) skip/bypass rule.
# TimThumb Forbid RFI By Host Name But Allow Internal Requests RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F,L] RewriteCond %{REQUEST_URI} (user-avatar-pic\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] RewriteRule . - [S=1]
wp-greet – postcard gallery / postcard sending form not working
Copy this .htaccess code below to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, click the secure.htaccess AutoMagic button and then activate BulletProof Mode for your Root folder.
# WP-Greet skip/bypass rule RewriteCond %{QUERY_STRING} gallery=([0-9]+)&image=(.*) [NC] RewriteRule . - [S=13]
WP-Invoice – Updating / editing an Invoice generates a 403 error
Requires 2 .htaccess skip rules – 1 in your Root .htaccess file and 1 in your wp-admin .htaccess file. Copy and paste this .htaccess code below to Your Current Root htaccess File using the built-in BPS File Editor. This .htaccess code should be added to your root .htaccess file before skip rule 12 [S=12]. As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, click the secure.htaccess AutoMagic button and then activate BulletProof Mode for your Root folder.
# WP-Invoice query string Root skip rule RewriteCond %{QUERY_STRING} page=wpi_(.*) [NC] RewriteRule . - [S=13]
Copy and paste this .htaccess code below to Your Current wp-admin htaccess File using the built-in BPS File Editor. This .htaccess code solution goes after # REQUEST METHODS FILTERED .htaccess code and before the start of the block of BPS security filters RewriteCond %{HTTP_USER_AGENT} …. in your wp-admin .htaccess file (not your Root .htaccess file). As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Add this fix to the CUSTOM CODE WPADMIN PLUGIN FIXES: text box and activate BulletProof Mode for your wp-admin folder.
# WP-Invoice query string wp-admin skip rule RewriteCond %{QUERY_STRING} page=wpi_(.*) [NC] RewriteRule . - [S=2]
WP Remote – 403 HTTP Status Error – remote backups fail – As of BPS .47.7 this fix is no longer necessary – solution: upgrade to BPS .47.7
The security filter below in the root .htaccess file will block wp remote backups. If you see a 403 error in your wpremote account then comment out this security filter with a pound sign # as shown below in your root .htaccess file for each site that you are trying to remotely connect too.
# RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
WP-DBManager – Automatic backups not working – BPS Pro ONLY
The custom php.ini file that comes with BPS Pro has these php functions disabled by default in the disable_functions directive >>> disable_functions = system, exec, passthru, shell_exec, show_source, popen, pclose, pcntl_exec. WP-DBManager uses the system, exec and passthru functions. To allow these php functions to be enabled / allowed on your website remove them from the disable_functions directive in your custom php.ini file >>> disable_functions = shell_exec, show_source, popen, pclose, pcntl_exec.
EZPZ One Click Backup – Backups not working – BPS Pro ONLY
The custom php.ini file that comes with BPS Pro has these php functions disabled by default in the disable_functions directive >>> disable_functions = system, exec, passthru, shell_exec, show_source, popen, pclose, pcntl_exec. EZPZ uses the exec function. To allow the php function to be enabled / allowed on your website remove it from the disable_functions directive in your custom php.ini file >>> disable_functions = system, passthru, shell_exec, show_source, popen, pclose, pcntl_exec.
Click Heat Dynamo – Premium plugin – Heat Map is not displaying correctly – Heat Map overlay is not shown – As of BPS .47.7 this fix is no longer necessary – solution: upgrade to BPS .47.7The Click Heat Dynamo plugin needs these 2 root .htaccess file security filters to be modified as shown below.
Before modification RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]After modification RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
SecureDL – secure downloading plugin – Downloads are not working – file name is public_html – BPS Pro ONLY
Symptoms / problem: You are seeing files named public_html instead of the file name that you should be seeing in the download. The custom php.ini file that comes with BPS Pro has allow_url_fopen turned Off by default >>> allow_url_fopen = Off. SecureDL uses an URL fopen technique in order to securely download files. To allow the URL fopen download technique to work correctly change the allow_url_fopen setting to On >>> allow_url_fopen = On.
S2Member – protected page generating 403 Forbidden errors – Premium plugin
A simple .htaccess skip rule fixes this issue. Copy and paste this .htaccess code below to Your Current Root htaccess File using the built-in BPS File Editor. Add the actual path to where your S2Member protected page is using the fix below as a general example. The S= # is very important. It is an .htaccess Skip rule. The skip rules are in descending order S=12, S=11, S=10, etc and this number order is very important. If you add a plugin fix above Skip rule #11 (S=11) then your new skip rule will be S=12. If you add another skip rule above S=12 it will be S=13. As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, click the secure.htaccess AutoMagic button and then activate BulletProof Mode for your Root folder.
# S2Member protected URL rewrite / redirect bypass RewriteCond %{REQUEST_URI} ^/example-URI-path/example-registration-page/ [NC] RewriteRule . - [S=13]
Shopp e-commerce shopping cart plugin – Premium plugin
A simple .htaccess skip rule fixes this issue. Copy and paste this .htaccess code below to Your Current Root htaccess File using the built-in BPS File Editor. If you are using another e-commerce shopping cart plugin then try this type of fix, replacing the name of the plugin folder with your shopping cart plugin’s folder name. The S= # is very important. It is an .htaccess Skip rule. The skip rules are in descending order S=12, S=11, S=10, etc and this number order is very important. If you add a plugin fix above Skip rule #11 (S=11) then your new skip rule will be S=12. If you add another skip rule above S=12 it will be S=13. As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, click the secure.htaccess AutoMagic button and then activate BulletProof Mode for your Root folder.
# Shopp e-Commerce shopping cart skip rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/shopp/ [NC] RewriteRule . - [S=13]
DisplayBuddy Video Showcase – 403 errors when trying to view videos
To allow this plugin to use the WP admin-ajax.php file without being blocked by BPS add this .htaccess bypass / skip code below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES: and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
# DisplayBuddy Video Showcase bypass / skip rule RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC] RewriteRule . - [S=2]
Cart66 e-commerce shopping cart plugin – Premium plugin
A simple .htaccess skip rule fixes this issue. Copy and paste this .htaccess code below to Your Current Root htaccess File using the built-in BPS File Editor. If you are using another e-commerce shopping cart plugin then try this type of fix, replacing the name of the plugin folder with your shopping cart plugin’s folder name. The S= # is very important. It is an .htaccess Skip rule. The skip rules are in descending order S=12, S=11, S=10, etc and this number order is very important. If you add a plugin fix above Skip rule #11 (S=11) then your new skip rule will be S=12. If you add another skip rule above S=12 it will be S=13. As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, click the secure.htaccess AutoMagic button and then activate BulletProof Mode for your Root folder.
# Cart66 AJAX Request skip rule RewriteCond %{QUERY_STRING} cart66AjaxCartRequests=(.*) [NC] RewriteRule . - [S=13]
Digi Auto Links plugin – Premium plugin
A simple .htaccess skip rule fixes this issue. Copy and paste this .htaccess code below to Your Current Root htaccess File using the built-in BPS File Editor. If you are using another plugin then try this type of Query String fix, replacing the name of the Query String with the Query String that is being blocked by BPS. The S= # is very important. It is an .htaccess Skip rule. The skip rules are in descending order S=12, S=11, S=10, etc and this number order is very important. If you add a plugin fix above Skip rule #11 (S=11) then your new skip rule will be S=12. If you add another skip rule above S=12 it will be S=13. As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, click the secure.htaccess AutoMagic button and then activate BulletProof Mode for your Root folder.
# Digi Auto Links Approval Check Query String Skip Rule RewriteCond %{QUERY_STRING} checkpostid=(.*) [NC,OR] RewriteCond %{QUERY_STRING} checkapproved=(.*) [NC] RewriteRule . - [S=13]
RSS Link Bomber – Premium Plugin – Cron job is being blocked
This plugin uses wget to perform Cron jobs and wget is blocked in the root .htaccess file. You can either allow wget by removing it from the BPS security filters (not recommended) or an alternative Cron command line command that is safer to use is lynx -source instead of wget -O. You would simply replace the wget command line with lynx -source.
WP Twin AUTO BACKUP – Premium Plugin – Cron job is being blocked
This plugin uses wget to perform Cron jobs and wget is blocked in the root .htaccess file. You can either allow wget by removing it from the BPS security filters (not recommended) or an alternative Cron command line command that is safer to use is lynx -source instead of wget -O. You would simply replace the wget command line with lynx -source.
WP Twin – Premium Plugin – Cloning website is not working
This plugin uses the system() and exec() php functions to clone websites. To allow cloning to work correctly you will need to edit your custom php.ini file and remove system and exec from the disable_functions directive in your custom php.ini file – After removing the exec and system functions your disable_functions directive should look like this – disable_functions = passthru, shell_exec, show_source, popen, pclose, pcntl_exec .
WP PDF Stamper – ionCube PHP Loader ioncube_loader_lin_5.2.so Site error – BPS Pro ONLY
This is actually not a conflict or issue and is just a procedural step required by this plugin. When you are creating your Custom php.ini file in BPS Pro you will need to add the ioncube extension – Example: zend_extension=/usr/xxx/php/modules/ioncube_loader_lin.so (this is just an example of the ioncube extension – you will need to get the specific extension from your host’s help pages) Example Error message: Site error: the file /xxxxx/public_html/wp-content/plugins/wp-pdf-stamper/wp_pdf_stamp1.php requires the ionCube PHP Loader ioncube_loader_lin_5.2.so to be installed by the site administrator.
WP Whats My Rank – Premium Plugin – Cron job is being blocked
This plugin uses wget to perform Cron jobs and wget is blocked in the root .htaccess file. You can either allow wget by removing it from the BPS security filters (not recommended) or an alternative Cron command line command that is safer to use is lynx -source instead of wget -O. You would simply replace the wget command line with lynx -source.
Ad Trackz Gold – unable to create or view files – BPS Pro ONLY
The custom php.ini file that comes with BPS Pro has allow_url_fopen turned Off by default >>> allow_url_fopen = Off. To be able to view or create files change the allow_url_fopen setting to On >>> allow_url_fopen = On.
BackupBuddy – Your server does not support command line Zip. Backups will be performed in Compatibility Mode – BPS Pro ONLY
The custom php.ini file that comes with BPS Pro has the exec() php function added to the disable_functions directive. BPS Pro has several overlapping layers of security protection so if you want to allow the exec() function to be used on your website then remove exec function from the disable_functions = system, exec, passthru, shell_exec, show_source, popen, pclose, pcntl_exec directive in your custom php.ini file. Your website will still be protected against Shell scripts because several other common php functions used in hackers Shell scripts are still blocked in your custom php.ini file.
Full Screen Background Images Pro – Premium plugin – Unable to upload images – Choose images is blocked with 403 error
To allow this plugin to use the WP media-upload.php file without being blocked by BPS add this .htaccess bypass / skip code below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES: and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
# Full Screen Background Images Pro bypass / skip rule RewriteCond %{REQUEST_URI} (media-upload\.php) [NC] RewriteRule . - [S=2]
phpBay Pro – Premium plugin – Unable to view images – links to eBay not working
The phpBay Pro plugin comes with its own special / custom .htaccess code. That code is displayed to you on the the phpBay Pro Settings page under the .htaccess tab. Copy the custom .htaccess code from the phpBay Pro Settings page under the .htaccess tab and paste it into the BPS Pro Custom Code Top box (if your site has php.ini handler code then be sure to add your php.ini handler code in the Top box as well), click the Save Custom Code button, create new Master .htaccess files with AutoMagic and activate all BulletProof Modes again. This will permanently save the phpBay custom .htaccess code so that it will written into your Root .htaccess any time you create new Master .htaccess files.
WHMCS – Premium plugin – 403 Forbidden Errors – As of BPS .47.7 this fix is no longer necessary – solution: upgrade to BPS .47.7The WHMCS client billing and management plugin needs this root .htaccess file security filter modified as shown below.
change this security filter... RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR] ...to... RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e).* [NC,OR]
tribulant Shopping Cart – Premium plugin – Unable to save admin options changes – 403 errors
To allow this plugin to use the WP admin.php file without being blocked by BPS add this .htaccess bypass / skip code below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES: and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
# tribulant Shopping Cart bypass / skip rule RewriteCond %{REQUEST_URI} (admin\.php) [NC] RewriteRule . - [S=2]
Other Issues – WP Theme, Custom Applications or other miscellaneous issues
.htaccess code is automatically disappearing / being overwritten in the Root .htaccess file – WordPress Default .htaccess code is being added multiple times in the Root .htaccess file.
If you are using the cPanel HotLink Protection tool it will cause this problem. It has had this problem since at least 2002. You cannot disable this tool. Disabling the cPanel HotLink Protection tool has no effect. This tool has several coding problems and the only way to prevent your Root .htaccess file from being damaged or overwritten is to lock your Root .htaccess file with 404 file permissions to prevent this broken tool from damaging / overwriting your Root .htaccess file. The BPS Root .htaccess file has example HotLink protection .htaccess code already in that file. You just need to add your personal URL for your website to that example HotLink .htaccess code and uncomment the code to use it.
Password Reset Problems – Login Plugins Password Reset or Redirection Conflicts – inluded as of BPS .46.1
These .htaccess skip rules resolve any issues with login plugins that use a password reset.
# Login Plugins Password Reset And Redirect Conflicts Fix 1 RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC] RewriteRule . - [S=4] # Login Plugins Password Reset And Redirect Conflicts Fix 2 RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC] RewriteRule . - [S=3]
GeoTheme – Geolocation Map is blocked by BPS – 403 Error
The GeoTheme Geolocation Map requires that you allow inbound connections to your website in order to populate the Geolocation Map data. Comment out these 2 BPS security filters below in your root .htaccess file.
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] #RewriteCond %{QUERY_STRING} http\: [NC,OR]
Atahualpa Theme Export / Download blocked by BPS
In order to export / download your Theme settings you will need to put your site in Default Mode temporarily and then put your site back in BulletProof Mode after exporting / downloading your Theme settings.
BPS Menus or Other CSS Visual Style or Menus Not Displaying Correctly – Very minor issue
If another plugin is causing the BPS menus or other visual styles to not display correctly then please leave a comment and we will notify the plugin authors of the coding fix that is needed to fix this. This post on Loading Plugin CSS and js scripts and styles in the WP Admin area provides the necessary fundamental plugin coding to fix this issue. To add a temporary fix until the plugin author can fix this you can add the plugin’s stylesheet name to the FilesMatch section of your root htaccess file. Example: if the stylesheet name is jquery-ui-1.8.5.custom.css for that particular plugin then add it to the FilesMatch section like this |jquery-ui-1.8.5.custom\.css
PayPal IPN – PayPal IPN or PDT Scripts – No Known Conflicts Exist
If for some reason you are experiencing a problem with your PayPal IPN or PDT script then copy the BPS default.htaccess file to the folder where the PayPal IPN script is contained and rename the default.htacces file to just .htaccess (removing default from the file name). This will completely eliminate the BPS is blocking your PayPal IPN or PDT script for testing. There is not one standard type of PayPal IPN or PDT scripts and many custom PayPal IPN and PDT scripts exist. The PayPal IPN or PDT script that you are using should ONLY open a secure SSL port 443 connection to a paypal.com server. Therefore there is no need to secure the PayPal IPN or PDT script if for some reason BPS appears to be blocking the script. It cannot be exploited as long as the ONLY connection allowed in your particular PayPal IPN or PDT script is a connection to / from a PayPal secured SSL server.
WPMU – multisite plugins – network plugins – General Fix
Contributed by the WPMU Dev website and Tom – The same general htaccess skip rule that you would use for standard WordPress plugins also applies to WPMU plugins. In this specific example BPS was blocking the CAPTCHA images from displaying for the Comment Spam Pack MU plugin. All that is required to fix this is to include the /mu-plugins folder name in the REQUEST_URI path as shown below. The same general fix principle should work for all other MU plugins as well.
Comment Spam Pack MU Plugin - CAPTCHA images not displaying RewriteCond %{REQUEST_URI} ^/wp-content/mu-plugins/custom-anti-spam/ [NC] RewriteRule . - [S=13]
Plugin 403 Forbidden Errors General Troubleshooting
If a plugin is being blocked by BPS either because it is performing an action that BPS considers unsafe or violates the .htaccess security filters rules then creating an htaccess skip / bypass rule by either allowing a unique portion of the query string that is being blocked by BPS or by adding the plugin’s folder name in a URI skip / bypass rule will typically fix the issue. Use the plugin fixes above as a reference to create plugin skip rules. If you add a fix for a plugin that is not listed here please add a comment with your fix.
Fix for Infinite Loops in either your .htaccess files or coding – this is a general fix for Infinite Loops and does not pertain specifically to BPS
The error message related to Infinite Loops is this – Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’
to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace or you may see Request exceeded the limit, probable configuration error, Use ‘LogLevel debug’ to get a backtrace or Use ‘LimitInternalRecursion’ to increase the limit if necessary. The symptoms are that some php coding is looping infinitely, which causes extreme lag times or your website comes to a complete halt when trying to process a php script.
# .htaccess Fix for Infinite Loops RewriteEngine On RewriteCond %{ENV:REDIRECT_STATUS} 200 RewriteRule .* - [L]
SquirrelCart PHP Shopping Cart – 403 Forbidden errors when trying to checkout – iframes not working in admin panel
Create a text file in Notepad (NOT WORD – MUST BE NOTEPAD) called securityoff.htaccess. In that text file add this one line of .htaccess code.
RewriteEngine Off
Upload the file to your Squirrelcart /store folder or if you named the folder something else then upload the securityoff.htaccess file to that folder. Once you have uploaded the file, rename it to just .htaccess – removing “securityoff” from the file name. You may also have to do this for the other squirrelcart folder that is called sc_data.
Custom PHP Applications Outside of WordPress – General fixes to try
For Custom Applications that are outside of WordPress, not WP plugins and instead stand alone PHP applications you can try these fixes. One of them should work. This example bypass / skip .htaccess code shows skip rules and rewrite fixes for vTigerCRM and Piwik.
# Custom Applications bypass / skip RewriteCond %{REQUEST_URI} ^piwik/ [NC,OR] RewriteCond %{REQUEST_URI} ^crm/ [NC] RewriteRule . - [S=13]
Alternative Fix – add RewriteRules after the this .htaccess code in your Root .htaccess file
RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # RewriteRule for Custom Apps outside of WP RewriteRule ^piwik/ - [L] RewriteRule ^crm/ - [L]
Alternative Fix – add a RewriteEngine Off .htaccess file to the 3rd Party app folder
Create a text file in Notepad (NOT WORD – MUST BE NOTEPAD) called securityoff.htaccess. In that text file add this one line of .htaccess code.
RewriteEngine Off
Upload the securityoff.htaccess file to your 3rd Party app folder. Once you have uploaded the file, rename it to just .htaccess – removing “securityoff” from the file name.
Unable to upload images in a plugin or theme that is using the WordPress media-upload.php file to upload images – 403 error
To allow plugins or themes that are using the WP media-upload.php file to upload images without being blocked by BPS add this .htaccess bypass / skip code below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES: and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
# Allow Plugins and Themes to use media-upload.php bypass / skip rule RewriteCond %{REQUEST_URI} (media-upload\.php) [NC] RewriteRule . - [S=2]
Nocturnal Theme mp3 files are not playing – audiojs.swf not loading
The Query string used contains a single quote and/or its ASCII equivalent in a way that BPS is blocking it due to this query string being seen as dangerous. To safely allow only this particular Query string for this Theme to work correctly use this skip/bypass rule. This skip/bypass rule can be added to CUSTOM CODE PLUGIN FIXES: to save it permanently to your WP DB. After saving the new rule to your WP DB, use AutoMagic and then activate BulletProof Mode for your Root folder again to write this new rule to your Root .htaccess file.
# Nocturnal Theme audio file query string bypass / skip rule RewriteCond %{QUERY_STRING} playerInstance=(.*) [NC] RewriteRule . - [S=13]