Follow @BPSPro

BulletProof Security File Editing – Editing Files Within The WordPress Dashboard

5 Comments RSS Site Feed Author: AITpro Admin
Published: December 28, 2010
Updated: April 25, 2011

BulletProof Security File Editing

BulletProof Security will perform file open and write tests first to check to make sure your .htaccess files can be opened and written to. This ensures that you will be able to successfully save any changes you make to any of the .htaccess files. If you see all green success messages then you will be able to successfully edit and save any changes you make to the .htaccess files from within your WordPress Dashboard. The minimum required file permission for the .htaccess files to be edited is 600, which means that Owner permissions must have a minimum of Read and Write permissions. If you see red error messages then take a look at the BPS File Editor Error Messages section below.

File Open and Write test successful! The secure.htaccess file is writable.
File Open and Write test successful! The default.htaccess file is writable.
File Open and Write test successful! The maintenance.htaccess file is writable.
File Open and Write test successful! The wpadmin-secure.htaccess file is writable.
File Open and Write test successful! Your currently active root .htaccess file is writable.
File Open and Write test successful! Your currently active wp-admin .htaccess file is writable.

600 File Permissions = Owner Read and Write

Capabiliites and Uses for the BPS file editing window within the WordPress Dashboard

When upgrading BPS you can copy and paste any old or customized sections of .htaccess code from you currently active .htaccess files to your new BPS Master .htaccess files and then activate the new Master .htaccess files.   As of BPS .45.8 permanent backup and restore has been added so backed up .htaccess files can be restored at any time if necessary.  As of BPS .46.2 BPS is fully AutoMagic.  When you use AutoMagic to create your .htaccess files you are creating new Master .htaccess files.  Your currently active .htaccess files are not changed until you activate the new Master .htaccess files.  This allows you to copy and paste any old or customized .htaccess code that you want to keep from your currently active .htaccess files to your new Master .htaccess files before activating the new Master .htaccess files.

Each file editing tab shown below (blue tabbed menu) will open and display the contents of each of the .htaccess files available for file editing in a separate file editing window in real time. You can copy and paste the contents of any of the .htaccess files from one file editing window (AKA tab window) to another file editing window. You can also copy contents from anywhere else (file on your computer) and paste the contents into the file editing windows. If you copy the file contents from one tab window to another tab window you can click on another tab window and your editing changes will remain on the tabbed window that was edited. You can only save your editing changes for one one tabbed window at a time, which is the same thing as saying you can only edit and save one .htaccess file at a time. You could of course edit multiple files at the same time, but the only editing changes that will be saved will be for whichever tabbed window you happen to be in when you click on that particular tab window’s Update File button. The Update File button appears to be only one button, but each indivual tabbed window has its own unique Update File button that will update only the file that you are currently viewing when you click on it. All other edits on other tabbed windows will not be saved. Testing proved that having multiple file editing and saving capability lead to too many possible errors. Simpler is better in the case of the BPS file editor. Actual file editing is very simple. Make the editing changes you want for a particular .htaccess file and click the Update File button to save your changes.

BulletProof Security File Editing Tabs

Using the secure.htaccess file as the example. If your file edits were successfully saved you will see this message displayed.

Success! The secure.htaccess file has been updated.

File editing occurs in real time so when you click Update File, your edits / changes will be displayed immediately.  If you encounter problems make sure that you are looking at the correct file that you just edited and also I have noticed that in certain scenarios that if you are doing several different things at once or have mulitple windows opened then you may need to refresh your browser to see accurate current data.  This does not apply to the File Editor itself.  The File Editor performs a refresh when you click the Update File button to save your editing changes so that data is accurate immediately.  As a general troubleshooting rule of thumb you should always refresh your browser first before starting to look deeper at a particular problem.

How Does The BPS File Editor Work? Is The File Editor Secure?

Without going into the technical specifics, what is happening is the files are opened within your WordPress Dashboard when BPS is loaded to check to see if they can be opened and written to. An fopen append (a+b) is performed. If the append is successful then you can then perform fwrite writing (w+b) to the files. The files are only accessible from within the WordPress Dashboard and cannot be directly accessed from an external source besides of course the usual FTP method you would use to edit your files. Besides using the standard WordPress security coding methods, the BPS file editing functions which allow file writing are contained within a file that does not allow external access to execute the writing functions – period!. If an attempt is made to access this page or these functions directly from an external source then that user or bot is immediately sent to your 403 Forbidden page.

BPS File Editor Errors and Error Messages

All examples are using the secure.htaccess file as the example file.

Errors and Error Messages Causes
Cannot write to the secure.htaccess file. Minimum file permission required is 600. 1). Owner permissions Write file attribute is not set for the secure.htaccess file or the htaccess folder. The file editing window will display the contents of the secure.htaccess file, but only in read only mode. You will not be able to edit and successfully save any changes you make to the secure.htaccess file.
  2). The secure.htaccess file does not exist or the file name has been changed to something other than secure.htaccess.
File Open and Write test does not display an error, but the actual contents of the file are not displayed in the file editing window. Blank window. Owner permissions Read file attribute is not set for the secure.htaccess file or the htaccess folder.
   
Check the /wp-content/plugins/bulletproof-security/admin/htaccess/ folder to make sure the secure.htaccess file exists and is named secure.htaccess. This error message will be displayed in the file editing window itself and is self explanatory. Check to make sure the secure.htaccess file actually exists and is named secure.htaccess.
   
   
Skip to toolbar