BulletProof Security Blog

Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) Automation:
List of plugins and themes that have AutoFixes: Setup Wizard AutoFix

AutoWhitelist: The Setup Wizard AutoFix feature automatically creates Custom Code whitelist rules for 100+ known issues with plugins and themes. Previous versions of BPS and BPS Pro required doing a manual copy and paste solution to manually add Custom Code whitelist rules to BPS Custom Code.

AutoSetup: The Setup Wizard AutoFix feature automatically gets htaccess caching code from caching plugins (WP Super Cache, W3 Total Cache, Comet Cache Plugin (free & Pro), WP Fastest Cache Plugin (free & Premium), Endurance Page Cache and WP Rocket) and saves caching plugin’s htaccess code in BPS Custom Code. Previous versions of BPS and BPS Pro required doing a manual copy and paste solution to manually add caching plugin’s htaccess code to BPS Custom Code.

AutoCleanup: The Setup Wizard AutoFix feature automatically removes any existing caching plugin’s htaccess code in BPS Custom Code and the Root htaccess file if the caching plugin is no longer activated or installed. Example scenario: You have Plugin X Caching plugin installed and decide to try Plugin Y Caching plugin. Setup Wizard AutoFix (AutoCleanup) will automatically remove any existing htaccess code from BPS Custom Code and the Root htaccess file for Plugin X Caching plugin. At the same time Setup Wizard AutoFix (AutoSetup) will automatically create Plugin Y’s Caching code in BPS Custom Code and the Root htaccess file. So instead of having to manually add or remove any caching plugin’s htaccess code in BPS Custom Code, the Setup Wizard AutoFix feature will automatically do that when you run the BPS Setup Wizard.

AutoFix Debugging: BPS UI|UX Settings page > BPS UI|UX|AutoFix Debug: Turning On the BPS UI|UX|AutoFix Debug option will display: plugin or theme names and the BPS Custom Code text box where plugins or themes should be creating Custom Code whitelist rules. Usage: If the BPS Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) Notice is still being displayed after running the Pre-Installation Wizard and Setup Wizard then the BPS UI|UX|AutoFix Debug option should be turned On to find the exact plugin or theme and the Custom Code text box where the problem is occurring. Example Debug Displayed message: CC Root Text Box 10: WooCommerce Plugin. This option could also be used generally to see which plugins and themes BPS AutoFix is creating Custom Code whitelist rules for and which Custom Code text boxes the AutoFix whitelist rules will be created in.

Dev Note: Existing HUD error checks & message changes: WP Super Cache, W3 Total Cache, WooCommerce, Jetpack changed. New help text/links for the new Setup Wizard AutoFix feature. New HUD BPS AutoFix checking function created for 100+ plugins and themes (combined into one function).

Dev Note: New conditions added to the EPC plugin dismiss notice: check if EPC version .9 is enabled and Cache level is 1,2,3,4.

Removal: HUD Dismiss Notices: Jetpack, WooCommerce & Broken Link Checker plugins. Now handled by Setup Wizard AutoFix.

• Change|Addition|Improvement: New AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) section has been added to the Pre-Installation Wizard Checks|Scans|Settings results. Additional section dividers added for Compatibility & Basic Checks, AutoRestore|Quarantine Exclude Rules, Plugin Firewall cURL Scanner and Plugin Firewall Whitelist Rules to make the Pre-Installation Wizard results visually easier to read. Hover ToolTip icons added for results that contain “extra” result data.

• Option Name & Functionality Change: BPS UI|UX Debug option name change to BPS UI|UX|AutoFix Debug. Turning On the BPS UI|UX|AutoFix Debug option will display: plugin or theme names and the BPS Custom Code text box where plugins or themes should be creating Custom Code whitelist rules. Usage: If the BPS Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) Notice is still being displayed after running the Pre-Installation Wizard and Setup Wizard then the BPS UI|UX|AutoFix Debug option should be turned On to find the exact plugin or theme and the Custom Code text box where the problem is occurring. Example Debug Displayed message: CC Root Text Box 10: WooCommerce Plugin. This option could also be used generally to see which plugins and themes BPS AutoFix is creating Custom Code whitelist rules for and which Custom Code text boxes the AutoFix whitelist rules will be created in.

• Improvement: BPS Speed Boost Cache Dismiss Notice: Additional conditional checks added to check if BPS Speed Boost Browser Cache code exists in BPS Custom Code as well as other caching plugins Browser caching code. The check can be overridden by using a Marker: BPS NOCHECK. Using duplicate or redundant Browser caching code will not improve website performance and may actually cause your website to perform/load slower.

• Change: wp-admin master htaccess file: Request Methods Filtered block of htaccess code has been removed from the wp-admin htaccess file.

• BugFix: BPS Pro MU Tools must-use plugin: Prevent BPS Pro Plugin Deactivated Security Log entries logged for Network|Multisite subsites when BPS Pro is activated individually per site vs Network activating the BPS Pro plugin.

• New Security Log Options: Security Log: POST Request Body Data option: 2 new checkbox options: Do Not Log POST Request Body Data (0KB) and Log Maximum POST Request Body Data (250KB). POST Request Body Data option name change from: Limit POST Request Body Data to: Log Minimum POST Request Body Data (5KB). The new default POST Request Body Data option setting is: Do Not Log POST Request Body Data (0KB), which will be automatically set on this BPS plugin upgrade only and new first run Setup Wizard installations. Some web hosts falsely interpret the BPS Security Log text file as malicious since hacker code used to attack your website can be captured/logged in the Security Log text file depending on your POST Request Body Data option settings. This change only affects logging or not logging data in the REQUEST BODY Security Log field and does not affect anything else about Security Log entries. Security Logging template files affected: 403.php, 404.php and 405.php.

• Procedural: Root and wp-admin htaccess file security rule modifications. On BPS upgrade automatically add additional https scheme conditions to 3 htaccess security rules and combine 2 rules into 1 rule for the currently active Root and wp-admin htaccess files. On BPS upgrade automatically update any existing BPS htaccess code to the new BPS htaccess code that is saved in Root and wp-admin Custom Code.

• Procedural: New error check for the Oxygen plugin. The Oxygen plugin interferes with BPS MMode. An inpage check and error message is displayed on the BPS MMode page.

• Dev Note: ARQ OBDF current to WP 4.8.

• Procedural: MMode: Add additional condition to check if wp_mail() function exists. Prevents PHP Fatal error: Call to undefined function wp_mail() error.

• BugFix: Root htaccess file|Custom Code: Add R to 405 RewriteRule to REQUEST METHODS FILTERED code block. Automatically fixed on BPS upgrade in Root htaccess file and Root Custom Code.

• Procedural: Fix nuisance php error in BPS Pro MU Tools must-use plugin. PHP Warning: in_array() expects parameter 2 to be array, boolean given in bps-pro-mu-tools.php on line 123.

• Procedural: All-in-One Event Calendar triggering BPS Pro Dashboard alerts on the All-in-One Event Calendar Add New Event page. Added Query String condition in BPS Pro Dashboard alerts to prevent BPS Pro Dashboard alerts from being displayed on the All-in-One Event Calendar Add New Event page.

• Procedural: BPS Pro MU Tools: Email alert help info updated with the new steps to disable BPS Pro MU Tools.

• Improvement: AutoRestore Automation: Prevent BPS Pro plugin deactivation email alerts from being sent when the BPS Pro plugin is being upgraded. On BPS Pro plugin upgrade update the MU Tools timestamp +5 minutes in the BPS Pro plugin upgrade function.

• Procedural: Pre-Installation Wizard: Delete old BPS free MU plugin files if they exist.

• Procedural: file exists check for all BPS log files. Fixes: PHP Warning: filesize(): stat failed for /xxxxx/public_html/wp-content/bps-backup/logs/http_error_log.txt, etc.

• Improvement: Do not display ARQ Off critical warning message on WP Updates page if ARQ Status is currently set to On (ARQ: Pending status).

• Improvement: Setup Wizard success message includes link to the AutoRestore Guide on Setup Wizard completion.

• BugFix: BPS built-in Upload Zip install: ARQ Status condition incorrectly turning ARQ Off on BPS Pro upload zip installation.

• ARQ FailSafe Improvement: class.php master file copy and touch function created for BPS Pro Shiny Updates in the upgrader_post_install Filter during AJAX execution. Note: BPS Pro upload zip installations using the BPS Pro built-in Upload Zip installer and manual BPS Pro FTP upload installations still use the existing class.php master file copy and touch code.