Conflict with Better WP Security

  • The Better WP Security plugin has great security methods for blocking hackers and malware, and does it with minimal knowledge or work needed by you.

    As delivered, it conflicts with a URL that the Types plugin uses, specifically ending with a parameter with no value. This conflict gives a 403 Forbidden error, blocking the Types plugin administration pages (and probably others).

    Better WP Security has a line like this

    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]

    I removed |=$, which blocks parameters ending with equals, like
    /wp-admin/plugins.php?deactivate=true&plugin_status=all&paged=1&s=

    That comes from a link like
    /wp-admin/plugins.php?action=activate&plugin=types%2Fwpcf.php&plugin_status=all&paged=1&s&_wpnonce=e7f30a0090
    or like
    /wp-admin/plugins.php?action=deactivate&plugin=types%2Fwpcf.php&plugin_status=all&paged=1&s&_wpnonce=ae1c567616

    Suggestion to plugin writers, specify &s=1 instead of &s (parameters should always have a value).

    https://www.ads-software.com/plugins/types/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Conflict with Better WP Security’ is closed to new replies.