Let’s fix your install issue.
Install Quick Start - For non-WordPress websites or repairing non accessible WordPress site
BitFire is compatible with other security plugins and can run in always on mode with other WordPress security plugins.
This is NOT a recommended operating mode but is supported.
To run both plugins in always-on mode (Optimized mode for WordFence) you must add the additional plugin startup
script to BitFire config.ini "auto_prepend_file". For WordFence this would be adding the line
auto_prepend_file = '/wordfence-waf.php' to your wp-content/plugins/bitfire/config.ini file.
Some hosting providers implement restrictions on that prevent enabling Always-On
Some hosting providers (WPEngine as an example) will not allow normal admin pages to edit the bootstrap process. To bypass this restriction, BitFire will enable "always-on" protection if the plugin is disabled and then re-enabled within 60 seconds. The plugin deactivate and reactive process will tell BitFire to enable Always-On functionality during the activation step which these hosting providers do allow.
BitFire standalone is an excellent choice if you are unable to access your WordPress admin panel or if you are Installing outside of a WordPress environment. For normal WordPress users, installing from the WordPress Plugin Repo is best.
If you are running as a wordpress plugin this can happen if the config file becomes corrupted. Edit the /wp-content/plugins/bitfire_
If you are unable to login the standalone BitFire dashboard, you can reset the admin password by editing the config.ini file in your BitFire directory and setting the password="" entry to the clear text password you would like to use. BitFire will encrypt this password for you on first use and save it back to the config.ini file.
This can happen for many reasons, but if BitFire is involved, the issue is typically a .user.ini config file with auto_prepend_file pointing to a non-existing file. This can happen on system restores or when manually moving wordpress installs between servers. Make sure the ini setting auto_prepend_file is set to the valid path to /plugins/bitfire/startup.php in the .user.ini file in your website's web root directory (WordPress root directory).
For non-WordPress users, If you are still unable to edit the config.ini file and unable to login, you can force a password reset of the BitFire settings / dashboard for standalone mode.
Create a new file with a single line of your new password in your root web server directory
(WordPress root directory) named "BitFire.recovery.
There are 2 cases where a bot you want to allow may be blocked. The first is when the bot is claiming to be a real web browser (chrome, Firefox, etc). Any request claiming to be a browser that doesn't match the correct fingerprint, will be sent a JavaScript challenge to validate itself. Since the bot doesn't know how to handle that response, the bot fails. This behavior is what blocks 99% of hacks.
#1, You can allow these bots by finding them in the BitFire dashboard. You can usually identify them as making direct calls to an /wp-admin/admin-ajax.php request, /wp-json/ or a direct call to a php file in /wp-content/plugins/<plugin_name>. This request will be marked as "Browser Check". Verify that it is not a malicious IP by doing a reputation check in the dashboard. (click the 3 ... icon on the right side of the request)
Once you are sure you have found the correct blocked request, use the action menu to select "allow IP" or "allow user-agent". This will tell BitFire that the particular IP or User-Agent should be allowed access to the website without doing fingerprint or JavaScript validation.
#2, The second type are bots that advertise themselves as a robot. These bots can be configured directly from the Bot Control page. Find the bot that is being blocked and selected "Authentication" from the action menu. This will add DNS authentication from this bot and allow it to connect to your site. Some bots may not have reverse DNS configured and you will have to select "allow from ANY IP" to allow this particular bot.
Effective bot blocking is the single most important thing you can do to keep your site secure. Effective bot blocking identifies real human operated browsers and approved bots. All other connections to the website are blocked. This includes: login attacks, web scraping, plugin / theme enumeration, vulnerability scanning and even exploit execution. All of these attacks are executed by automated tools and bots which are stoped with effective bot control.
If you didn’t find what you needed, these could help!
Connecting with 3rd party apps to exchange data.
0 entriesSolutions for specific security problems.
1 entryImproving your website speed and reliability.
0 entries