Timthumb

Check your BPS Security Log page/file and post the error from the Security Log that shows “timthumb” in the logged error.

Hey there AITpro! my error log is filled with errors with timthumb.
this is the top error, sorry if i should of posted it all but literly its HUGE =O.

>>>>>>>>>>> 403 GET or Other Request Error Logged – August 8, 2013 – 12:25 pm <<<<<<<<<<<
REMOTE_ADDR: 108.162.221.217
Host Name: 108.162.221.217
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 98.202.159.185
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://cheaplolteams.com/?preview=true&preview_id=462&preview_nonce=6965abd480
REQUEST_URI: /wp-content/plugins/ubermenu/standard/timthumb/tt.php?src=https://cheaplolteams.com/wp-content/uploads/2013/07/1375570195_cart_add.png&w=16&h=16&zc=1
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36

The skip/bypass rule you need to add to BPS Custom Code is this below.

1. Copy this .htaccess code below to the Custom Code: CUSTOM CODE PLUGIN SKIP/BYPASS RULES: Add ONLY personal plugin skip/bypass rules here : text box
2. Save your new custom code by clicking the Save Root Custom Code button.
3. Click the Create secure.htaccess File AutoMagic button on the Security Modes page.
4. Activate BulletProof Mode for your Root folder on the Security Modes page.

NOTE: If your WordPress installation is in a subfolder then add your WordPress subfolder name in the path.
Example: /my-wordpress-installation-folder-name/wp-content/themes/…

# Plugin Thumbnailer script skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/ubermenu/standard/timthumb/tt\.php [NC]
RewriteRule . - [S=13]

Wow this did the trick AIRPRO, very nice and detailed guide.
this indeed did fixed my issue i didnt realize i had to recreate the hta file.
Great Job on this plug and thanks you sir!
But i was also wondering if this plugin reduced the load page speed on my website. If it did, do you have any recommended techniques i should apply to regain some of my speed?

Yep, I believe BPS will slow your site down by .001 seconds. ??

Actually we created some caching code in the link below that will speed up your site up to 2 seconds faster and maybe more depending on what your site is loading.

https://forum.ait-pro.com/forums/topic/where-is-the-log/page/2/#post-7436

This is very useful im really interested in this.
Sorry im a bit confused though, where do i paste this code?
im not sure if i even paste this code =( sorry, can you help me out with this is possible please?

Click the Custom Code Video Tutorial link on the Custom Code page to get the general idea about how to use/add/edit custom .htaccess code.

Hi AITprom, does BPS protect me enough or should i apply these Better WP Secruity’s methods, here are the methods:
Changing the database prefix
Changing the wp-content directory
Hiding backend (login, register and admin page)

Does BPS already do these methods?
If BPS doesnt, would i have to recreate/redo everything on BPS to register these changes?
Thanks for the constant support AIRpro!

The login hide backend feature does not work in Better WP Security. This has been a known issue for a very long time now (months if not years). If you want additional login page protection we have created some options in the link below.

https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/

Personally and professionally speaking neither of these Better WP Security features offer any additional security protection:
Changing the database prefix
Changing the wp-content directory.
Both of these “methods” are very easily beaten/bypassed.

So without saying either yes or no about Better WP Security I think you have my opinion already. ??

This plugin looks promising: All In One WP Security & Firewall. I have not personally tested it, but I have heard good things about it. So maybe take a look at that plugin and see what it has to offer.

Resolving this thread. If you have additional questions regarding this topic then post them. We still recieve email notifications even if the thread is marked as resolved. Thanks.

Hi AITpro, i was wondering what this error means and how i can maybe fix it. i started receiving it after i setup BPS.

BackUpWordPress has detected a problem. wp-cron.php is returning a 403 Forbidden response which could mean cron jobs aren’t getting fired properly.

The solution is here: https://forum.ait-pro.com/forums/topic/backupwordpress-404-not-found/#post-708

Oh forgot to ask sorry, but do i have to recreate the .hta file every time i write to it?

If you add new code to Custom Code then yes the procedure is:

1. Add your code to BPS Custom Code.
2. Save your custom code.
3. Create new master .htaccess files with AutoMagic.
4. Activate the new master .htaccess files and make them Live/active.