BPS Security with Buddypress new blogs issue

  • @aitpro

    After setting up the Network for Buddypress, i.e. copying the .htaccess output provided by WordPress backend to my actual .htaccess file, I activated the BPS plugin. Here is my problem. I create a new blog(site), adding it to the network, called News. The new blog works fine. Next step, I clicked “create a secure.htaccess file” in BPS. My new blog still works fine. Then I click “Activate Website Root Folder .htaccess Security Mode” in BulletProof Mode. Now my new blog “News” loses all of it’s CSS styling. The only way for me to recover the CSS styling is to go back to step 1 and setup the original network settings for my .htaccess file, basically copying over any rules BPS has added. Reloading my “News” page in my browser returns my blog with all of it’s CSS working fine. I have done this several times so I know it’s securing the root folder in security mode that causes the problem, I just don’t know the fix. Any help would be appreciated because I want the protection BPS offers, but I want new blog creation to work also. Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Richard

    (@tywest)

    Site info:

    https://www.potentii.com

    https://www.potentii.com/news

    Latest version of WordPress in Multisite mode
    Latest version of Buddypress

    For Network / MU you should only be creating master htaccess files and activating BPS BulletProof Modes for the Primary site – do not Network Activate BPS. The subsites whether they are subdirectory sites or subdomain sites are virtual so there is no need to create additional .htaccess files for the virtual sites. And actually what is really happening is since these sites are virtual is you are actually modifying the same Master .htaccess files created for the Primary site and not new ones for the virtual subsites.

    BPS .46.5 has a lot of new Network / MU coding added to it that deals with Network / MU sites and has AutoMagic buttons for Network / MU sites in that version – expected release date is 11-20. Only Super Admins will see the BPS menus so this will prevent site admins or anyone else from overwriting the Primary site’s access files, which is exactly the problem you are describing. You are breaking WordPress by adding an invalid RewriteRule and / or RewriteBase causing the stylesheet path not to be seen correctly. Once the Primary site is protected by activating BulletProof Modes then all the virtual subsites are already automatically protected. A Super Admin could still screw this up by creating a new Master .htaccess file from a subsite so I will probably add some additional coding to even block that. Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘BPS Security with Buddypress new blogs issue’ is closed to new replies.