Hello,
Thank you for contacting the support, and sorry for any inconvenience that might have been caused due to that.
Does this exact error message appear even when you disable BPS Plugin? Can you also please check if you have security software on your hosting server that is blocking your Rank Math plugin?
We are looking forward to helping you.
Hi Jeremy,
Thank you for the prompt reply. Yes, it happens even when I turn off the BPS plugin and all other plugins.
I have contact my hosting server company for assistance as well. It may be a file permissions error or a firewall issue. If so, they should be able to rectify.
I will let you know as soon as I hear from them.
Best regards,
Tim
Hello,
Please let us know how this goes.
If your hosting provider confirms that this issue isn’t from any firewall or security software, let us investigate this on your WordPress admin.
We are looking forward to hearing an update from you.
Hi Jeremy,
The hosting provider sent the following response, but the problem is still there. They are investigating further.
– – – – –
Message from hosting provider:
I have gone ahead and whitelisted modsec rule “340155”. Please try the website again and let me know if there are any further issues, The ModSec rule that was triggered is below.
Mar 19 18:29:34 httpd [modsecurity] [Fri Mar 19 18:29:25 2021] [error] [client
114.77.224.18] ModSecurity: Access denied with code 403, [Rule:
‘ARGS|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/searchClause/|!ARGS:import|!ARGS:DR|!ARGS:SAMLResponse|!ARGS:/wizArray/|!ARGS:/^Cms_Page/|!ARGS:search|!ARGS:pagetext|!ARGS:/database/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/sql/|!ARGS:prefix|!ARGS:/message/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:resolution|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/’
‘@pmFromFile sql.txt’] [id “340155”] [rev “25”] [msg “Atomicorp.com WAF
Rules: Generic SQL Injection protection”] [logdata “# BULLETPROOF 4.7
SECURE .HTACCESS # CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE #
BEGIN LSCACHE ## LITESPEED WP CACHE PLUGIN – Do not edit the contents of
this block! ## <IfModule LiteSpeed> RewriteEngine on CacheLookup
on RewriteRule .* – [E=Cache-Control:no-autoflush] RewriteRule
\.object-cache\.ini – [F,L] ### marker CACHE RESOURCE start ###
RewriteRule
wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php –
[E=cache-control:max-age=3600] ### marker CACHE RESOURCE end ### ###
marker FAVICO…”] [severity “CRITICAL”] [tag “SQLi”]
Hello,
Thanks for sharing the details with us.
We might need to take a closer look at the settings. Please edit the first post on this ticket and include your WordPress & FTP logins in the designated Sensitive Data section.
It is completely secure and only our support staff has access to that section. If you want, you can use the below plugin to generate a temporary login URL to your website and share that with us instead:
https://wordpress.org/plugins/temporary-login-without-password/
You can use the above plugin in conjunction with the WP Security Audit Log to monitor what changes our staff might make on your website (if any):
https://wordpress.org/plugins/wp-security-audit-log/
We really look forward to helping you.
Hello,
I have updated the sensitive data as requested. Can you please check further?
Thank you.
Thanks, Jeremy.
I have added a temporary site login and my FTP login details to the sensitive data area in my initial post.
I heard back further from the hosting company. They replied with:
“It is common to see multiple rules hitting the same thing, I have just white listed 380023, Please try again.”
This has not resolved the issue, but I am now getting a “501 Not Implemented” error, which might indicate that they are getting closer to resolving the problem at their end.
I’ll let you know if they manage to resolve it.
Best regards,
Tim
Hi Jeremy,
The Hosting service got back to me with a further update:
“I have reviewed the 501 error and I cannot see any apache error logs relating to the 501. I recommend discussing this issue with the applications vendor.”
Let me know if you need any further information from me.
Hopefully that login information is correct.
I’m in Australia (GMT+11), so will be incommunicado for the next 8 hours or so.
Regards,
Tim
Hello,
Thank you for that additional information.
I’ve already passed this issue to our dev team for further investigation and will get back to you shortly. We really appreciate your kind patience regarding this matter.
Meanwhile, please don’t hesitate to contact us anytime to assist you further with anything else.
Thank you.
Thanks, Reinelle,
Good to know. The rest of the plugin seems to be working fine, but it will be nice to known when this issue is fixed.
Best regards,
Tim
Hello,
Your web host is still showing a 501 on /wp-admin/admin-post.php
We tried accessing FTP but the password doesn’t seem to be correct.
Can you please check?
Hello,
I have updated the sensitive data as requested. Can you please check further?
Thank you.
Hi Uzair,
I had given an old password. I have added the correct password to the sensitive data field.
Regards,
Tim
Hello,
Thank you for providing the login details, I have noted so our developers can take a closer look. We will get back to you with updates shortly.
Thank you
Hello,
I checked your site by enabling WP_DEBUG and there were no errors logged when updating the General settings.
Also, the error code which starts with 5, indicates that it is an error on the server. Please contact your hosting team and show them this error. Maybe there are some settings that are not properly configured on your server. The server team can provide more details on this.
I hope that helps.
