AutoFix not acting as expected. I don’t understand this stuff.

Here are the manual fixes below for CC Root Text Box 10: WooCommerce Plugin and CC Root Text Box 12: WooCommerce WorldPay Extension AutoFix fixes. After doing these steps below run the BPS Setup Wizard again. The BPS AutoFix Debug tool checks your plugins and then displays which AutoFix fixes should have been created.

1. Copy the code below to this BPS Root Custom Code text box: 10. CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.

# WooCommerce shop, cart, checkout & wishlist URI skip/bypass rule
RewriteCond %{REQUEST_URI} ^.*/(shop|cart|checkout|wishlist).* [NC]
RewriteRule . - [S=14]

# WooCommerce order & wc-ajax=get_refreshed_fragments Query String skip/bypass rule
RewriteCond %{QUERY_STRING} .*(order|wc-ajax=).* [NC]
RewriteRule . - [S=13]

1. Copy the BPS Query String Exploits code below (the “java” user agent has already been removed in the code below) to this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: Modify Query String Exploit code here
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker. 
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the 
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] 
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE BPS QUERY STRING EXPLOITS

Thank you for the quick reply. I wish I could have gotten back to this sooner.

I’ve gone through the steps outlined and I now have this showing on the htaccess file options page.

BPS AutoFix Debug: Custom Code Text Box Number and Plugin or Theme Name
No Plugin or Theme AutoFix Custom Code Whitelist Rules were found
htaccess File Options
BPS UI|UX Debug: Scripts|Styles Dequeued
Script Dequeued: jquery-ui-autocomplete
Script Dequeued: wf_licensing_301
Script Dequeued: cl-smart-advice-admin
Style Dequeued: woobewoo-for-all-admin-wpf
Style Dequeued: fs_common
Style Dequeued: wp-jquery-ui-dialog
Style Dequeued: cl-smart-advice-admin
Style Dequeued: acf-global

BPS UI|UX Debug: SLF: CSS Script Loaded
/plugins/bulletproof-security/admin/css/bps-blue-ui-theme.css

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/bulletproof-security/admin/js/bps-mscan-ajax.js

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/bulletproof-security/admin/js/bps-ui-tabs.js

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/bulletproof-security/admin/js/bps-ui-dialog.js

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/bulletproof-security/admin/js/bps-ui-accordion.js

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/bulletproof-security/admin/js/bps-encryption.js

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/bulletproof-security/admin/js/crypto-js/crypto-js.js

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/elementor/assets/js/common.min.js

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/elementor/assets/js/admin.min.js

BPS UI|UX Debug: SLF: js Script Loaded
/plugins/elementor/assets/js/app-loader.min.js

And at the top of the dashboard I have just this:

BPS AutoFix Debug: Custom Code Text Box Number and Plugin or Theme Name
No Plugin or Theme AutoFix Custom Code Whitelist Rules were found

I did activate and resave my WPRocket and go through the process of adding those settings to the htaccess.

Thank you for the support. I appreciate it.

• This reply was modified 10 months, 4 weeks ago by DougM.

If you are no longer seeing the AutoFix notice then the problem is fixed and you can turn off debugging.

Important Note: BPS dequeues scripts and styles that load in BPS plugin pages ONLY. This prevents other plugins and themes scripts and styles from breaking BPS plugin pages.

Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. I still receive email notifications when threads have been resolved.

• This reply was modified 10 months, 3 weeks ago by AITpro.