[Plugin: Better WP Security] WP Remote is now being blocked

Hi Dan. I’m using WPremote with Better WP Security (fully turned on) and it works for me ?

The only security plugins I’m using are Better WP Security, Wordfence, and WordPress Firewall 2. Wordfence lets you whitelist IPs that it blocks, and it is not blocking WP Remote. WordPress Firewall 2 has a global whitelist.

It’s only when I deactivate Better WP Security that I can make updates with WP Remote.

WP Remote is still able to initiate backups and connect with my sites, but it always thinks they are all updated unless I turn off Better WP Security.

Dan, I know this might sound like a dumb suggestion.. But have you disabled the other two firewall plugins and just left Better WP Security running? Also, you might want to enable php logging and see if you can find anything obvious in there.. I think there’s some tuts on this if you google it…

No, that’s not it. As soon as Better WP Security is disabled, WP Remote works with or without the others activated too. I don’t think anything is going to be in the php log, just the access log. Does Better WP Security have its own log hidden away somewhere?

Yeah nothing in the php error log.

Hi Dan. This would need to be tested with the WPremote script, not Better Security. Email the WPremote people and see if they can check it for you, there should be an option to log_errors or a display_errors function you can turn on somewhere in their script, for debugging.

Good luck, I hope the developer gets back to you.

Hi Dan,

While I’m not familiar with WPRemote it sounds to me as if it’s looking for version numbers or update notifications which are features under “System Tweaks” in better wp security. Can you please check it with these options turned off.

As for debugging, as a reference you can use the following 3 directives in wp-config.php

`define( ‘WP_DEBUG’, true );
define( ‘WP_DEBUG_LOG’, true );
define( ‘WP_DEBUG_display’, false );
‘

Turn off and on at will of course.

@chris — Duh! I overlooked those checkboxes for hiding the version #s. That’s all it took to fix.

@lee — WPremote.com is a hosted service that connects to WP sites using their plugin. I’ve communicated with them recently about this, and they had no answer other than whitelisting their IP and talking to Chris (@bit51) about it.

Dan. Yes, I know . But I’m saying that the problem might be something with happening with their plugin, they still need to execute code via their plugin on your server. Simply saying Whitelist the IP is not helpful, when I can guess it isn’t their IP being blocked or all of us would be experiencing the same problem. Just a thought!

Lee – the problem is solved. There was no reason to suspect the wp-remote plugin. It was obviously communicating with their site but no longer seeing any needed updates. Not seeing any filtering by mod_security or anything else like that, it seemed like a change must have occurred in the Better WP Security plugin. I didn’t assume anything based on your setup, since I don’t know the details and I had about 10 sites on different hosts all showing the same behavior.

I don’t recall seeing the “tweaks” to block visibility of version numbers before, so my guess is they were added recently as new features and activated by default, or else their behavior changed in a way that started to affect how WP Remote works. If anyone else gets snagged by this, hopefully they find this thread. I’ll pass it on to WP Security too.

Thanks for the followup Dan! That’s actually one of the original features of the plugin (well, since 2.x anyway). I just need to make it easier to find.

Thanks for the help!

Was there a change in the way this feature works? I didn’t activate it on my sites recently, so I’d assume it was either switched on after an update or else the way version numbers are hidden changed. Previously WP-Remote has had no problem identifying needed updates and implementing them on these sites.

@dan, no change on that one. It is however turned on with the “One-click” feature which may be where the conflict began.

What about blocking Google? Anyone know what setting is causing this?

No analytics after BWPS install.