WP Super Cache – WP Super Cache htaccess code, Custom Code

Home Forums BulletProof Security Free WP Super Cache – WP Super Cache htaccess code, Custom Code

This topic contains 74 replies, has 6 voices, and was last updated by Profile photo of AITpro Admin AITpro Admin 1 month, 1 week ago.

Viewing 15 posts - 1 through 15 (of 75 total)
  • Author
    Posts
  • #2454
    Profile photo of Donald Krebs
    Donald Krebs
    Member

    I just spent several hours troubleshooting an issue that blanked out our site this morning.
    think I caused the problem by selecting an option in BulletProof that caused it to conflict with another plug-in, WP Super Cache. In troubleshooting this WP site, I deactivated all the plug-ins possible including BulletProof. 
    We are back up now, I have re-activated all the plug-ins except BulletProof. I would like to examine the log before I reactivate BP, I am afraid if I just reactivate then the settings (wrong, probably) will cause the problem all over again.
    I assume if I look over the log and don’t see what might have caused the problem, then un-installing and re-installing BP is in order, right?
    Or, what would you guide me to do next?
    dk

    #2455
    Profile photo of AITpro Admin
    AITpro Admin
    Keymaster

    No, actually BPS has built-in troubleshooting so deactivating and deleting BPS is not the correct way to troubleshoot issues/problems.

    Please see the BulletProof Security Read Me First Forum Topic for the correct way to troubleshoot issues/problems:  http://forum.ait-pro.com/forums/topic/read-me-first-free/

    The Security Log file is located here:  /wp-content/bps-backup/logs/http_error_log.txt

    When you install BPS nothing happens at that point.  When you use the AutoMagic buttons you are only creating Master .htaccess files.  When you activate BulletProof Modes that is when something happens.

    To quickly reverse a site crash you can delete the root .htaccess file via FTP to get back into your site.  I assume you are using mod_rewrite in WP Super Cache so you will need to “roll your own” and create a combined Master .htaccess file using the BPS Custom Code feature.  Basically you would copy the entire WP Super Cache .htaccess code to the top Custom Code text box, save your changes, click the AutoMagic buttons and activate root folder BulletProof Mode again.  Your root .htaccess file will contain both the BPS htacces code and the WP Super Cache htaccess code.

    #2459
    Profile photo of Donald Krebs
    Donald Krebs
    Member

    based on your reply I can reactivate BPS and build a working htaccess file. I will let you know…

    #2463
    Profile photo of Donald Krebs
    Donald Krebs
    Member

    per your instruction I re-activated BPS and went to page for custom .htaccess. Pasted from WPSuperCache. Then I went to Security Modes page and activated BulletProof Mode in topmost panel. When I went to the site I got a server error. I then re-named the .htaccess file (that clue you gave earlier is handy as a pocket on a shirt) and now the site is back.
    Below it the .htaccess file after custom modification:

    #2465
    Profile photo of AITpro Admin
    AITpro Admin
    Keymaster

    Right after your WP Super Cache code I saw this block of htaccess code.  I think this is the problem.  BPS already incorporates the standard WordPress Rewrite .htaccess code so there is no need to add this again.  this code is probably being autogenerated by WP Super Cache.

    # BULLETPROOF PRO 5.6.1 SECURE .HTACCESS
    
    # If you edit the BULLETPROOF PRO 5.6.1 SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # This removes all of the BPS security code and replaces it with just the default WP htaccess code
    # To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.
    
    # BEGIN WordPress
    # IMPORTANT!!! DO NOT DELETE!!! - B E G I N WordPress above or E N D WordPress - text in this file
    # They are reference points for WP, BPS and other plugins to write to this htaccess file.
    # IMPORTANT!!! DO NOT DELETE!!! - BPSQSE BPS QUERY STRING EXPLOITS - text
    # BPS needs to find the - BPSQSE - text string in this file to validate that your security filters exist
    
    # TURN OFF YOUR SERVER SIGNATURE
    ServerSignature Off
    
    # ADD A PHP HANDLER
    # If you are using a PHP Handler add your web hosts PHP Handler below
    
    # CUSTOM CODE TOP - Your Custom htaccess code will be created here with AutoMagic
    # GODADDY PHPINI CODE
    AddHandler x-httpd-php5-cgi .php
    AddHandler x-httpd-php5-cgi .php5
    
    # BEGIN WPSuperCache
    RewriteEngine On
    RewriteBase /aitpro-blog/
    #If you serve pages from behind a proxy you may want to change 'RewriteCond %{HTTPS} on' to something more sensible
    AddDefaultCharset UTF-8
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index-https.html.gz -f
    RewriteRule ^(.*) "/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index-https.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index.html.gz -f
    RewriteRule ^(.*) "/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index-https.html -f
    RewriteRule ^(.*) "/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index-https.html" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index.html -f
    RewriteRule ^(.*) "/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index.html" [L]
    # END WPSuperCache
    
    # DO NOT SHOW DIRECTORY LISTING
    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    Options -Indexes
    
    # DIRECTORY INDEX FORCE INDEX.PHP
    # Use index.php as default directory index file
    # index.html will be ignored will not load.
    DirectoryIndex index.php index.html /index.php
    
    # BPS PRO ERROR LOGGING AND TRACKING
    # BPS Pro has premade 403 Forbidden, 400 Bad Request and 404 Not Found files that are used
    # to track and log 403, 400 and 404 errors that occur on your website. When a hacker attempts to
    # hack your website the hackers IP address, Host name, Request Method, Referering link, the file name or
    # requested resource, the user agent of the hacker and the query string used in the hack attempt are logged.
    # All BPS Pro log files are htaccess protected so that only you can view them.
    # The 400.php, 403.php and 404.php files are located in /wp-content/plugins/bulletproof-security/
    # The 400 and 403 Error logging files are already set up and will automatically start logging errors
    # after you install BPS Pro and have activated BulletProof Mode for your Root folder.
    # If you would like to log 404 errors you will need to copy the logging code in the BPS Pro 404.php file
    # to your Theme's 404.php template file. Simple instructions are included in the BPS Pro 404.php file.
    # You can open the BPS Pro 404.php file using the WP Plugins Editor or by using the BPS Pro File Manager.
    # NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php template file.
    
    ErrorDocument 400 /aitpro-blog/wp-content/plugins/bulletproof-security/400.php
    ErrorDocument 403 /aitpro-blog/wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 /aitpro-blog/404.php
    
    # DENY ACCESS TO PROTECTED SERVER FILES - .htaccess, .htpasswd and all file names starting with dot
    RedirectMatch 403 /\..*$
    
    RewriteEngine On
    RewriteBase /aitpro-blog/
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    
    RewriteEngine On
    RewriteBase /aitpro-blog/
    RewriteRule ^index\.php$ - [L]
    
    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]
    
    # PLUGINS AND VARIOUS EXPLOIT FILTER SKIP RULES
    # IMPORTANT!!! If you add or remove a skip rule you must change S= to the new skip number
    # Example: If RewriteRule S=5 is deleted than change S=6 to S=5, S=7 to S=6, etc.
    
    # Adminer MySQL management tool data populate
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/adminer/ [NC]
    RewriteRule . - [S=12]
    # Comment Spam Pack MU Plugin - CAPTCHA images not displaying
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/mu-plugins/custom-anti-spam/ [NC]
    RewriteRule . - [S=11]
    # Peters Custom Anti-Spam display CAPTCHA Image
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
    RewriteRule . - [S=10]
    # Status Updater plugin fb connect
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/fb-status-updater/ [NC]
    RewriteRule . - [S=9]
    # Stream Video Player - Adding FLV Videos Blocked
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/stream-video-player/ [NC]
    RewriteRule . - [S=8]
    # XCloner 404 or 403 error when updating settings
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/xcloner-backup-and-restore/ [NC]
    RewriteRule . - [S=7]
    # BuddyPress Logout Redirect
    RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC]
    RewriteRule . - [S=6]
    # redirect_to=
    RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC]
    RewriteRule . - [S=5]
    # Login Plugins Password Reset And Redirect 1
    RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC]
    RewriteRule . - [S=4]
    # Login Plugins Password Reset And Redirect 2
    RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
    RewriteRule . - [S=3]
    
    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Only Allow Internal File Requests From Your Website
    # To Allow Additional Websites Access to a File Use [OR] as shown below.
    # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
    # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F,L]
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    RewriteCond %{HTTP_REFERER} ^.*ait-pro.com.*
    RewriteRule . - [S=1]
    
    # BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker.
    # Add or remove user agents temporarily or permanently from the first User Agent filter below.
    # If you want a list of bad bots / User Agents to block then scroll to the end of this file.
    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)HTTP(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR] 
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F,L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /aitpro-blog/index.php [L]
    
    # DENY BROWSER ACCESS TO THESE FILES
    # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
    # Replace Allow from 88.77.66.55 with your current IP address and remove the
    # pound sign # from in front of the Allow from line of code below to access these
    # files directly from your browser.
    
    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    #Allow from 88.77.66.55
    
    # IMPORTANT!!! DO NOT DELETE!!! the END WordPress text below
    # END WordPress
    
    # CUSTOM CODE BOTTOM - Your Custom htaccess code will be created here with AutoMagic
    ExpiresActive On
    ExpiresByType image/gif A2592000
    ExpiresByType image/jpeg A2592000
    ExpiresByType image/jpg A2592000
    ExpiresByType image/png A2592000
    ExpiresByType image/x-icon A2592000
    ExpiresByType text/css A86400
    ExpiresByType text/javascript A86400
    ExpiresByType application/x-shockwave-flash A2592000
    #
    <FilesMatch "\.(gif|jpe?g|png|ico|css|js|swf)$">
    Header set Cache-Control "public"
    
    # Redirect 404 errors
    RedirectMatch 301 ^/aitpro-blog/videos/quick-install/bps-pro-quick-setup.html http://www.ait-pro.com/aitpro-blog/2841/bulletproof-security-pro/bulletproof-security-pro-overview-video-tutorial/
    RedirectMatch 301 ^/aitpro-blog/videos/upgrade/bps-pro-plugin-upgrade.html http://www.ait-pro.com/aitpro-blog/2841/bulletproof-security-pro/bulletproof-security-pro-overview-video-tutorial/
    RedirectMatch 301 ^/aitpro-blog/misc-projects/funny-stuff/$ http://www.ait-pro.com/aitpro-blog/category/misc-projects/$1
    RedirectMatch 301 ^/aitpro-blog/category/misc-projects/wordpress$ http://www.ait-pro.com/aitpro-blog/4349/misc-projects/wordpress-tips-tricks-fixes/$1
    RedirectMatch 301 ^/aitpro-blog/website-metrics-posting-form/$ http://www.ait-pro.com/aitpro-blog/
    RedirectMatch 301 ^/aitpro-blog/aitpro-posting-form/activation-key-verification/$ http://www.ait-pro.com/aitpro-blog/
    ...
    ...
    ...
    
    # BLOCK HOTLINKING TO IMAGES
    # To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
    #RewriteEngine On
    #RewriteCond %{HTTP_REFERER} !^https?://(www\.)?add-your-domain-here\.com [NC]
    #RewriteCond %{HTTP_REFERER} !^$
    #RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]
    
    # FORBID COMMENT SPAMMERS ACCESS TO YOUR wp-comments-post.php FILE
    # This is a better approach to blocking Comment Spammers so that you do not
    # accidentally block good traffic to your website. You can add additional
    # Comment Spammer IP addresses on a case by case basis below.
    # Searchable Database of known Comment Spammers http://www.stopforumspam.com/
    
    <FilesMatch "^(wp-comments-post\.php)">
    Order Allow,Deny
    Deny from 46.119.35.
    Deny from 46.119.45.
    Deny from 91.236.74.
    Deny from 93.182.147.
    Deny from 93.182.187.
    Deny from 94.27.72.
    Deny from 94.27.75.
    Deny from 94.27.76.
    Deny from 193.105.210.
    Deny from 195.43.128.
    Deny from 198.144.105.
    Deny from 199.15.234.
    Allow from all
    
    # BLOCK MORE BAD BOTS RIPPERS AND OFFLINE BROWSERS
    # If you would like to block more bad bots you can get a blacklist from
    # http://perishablepress.com/press/2007/06/28/ultimate-htaccess-blacklist/
    # You should monitor your site very closely for at least a week if you add a bad bots list
    # to see if any website traffic problems or other problems occur.
    # Copy and paste your bad bots user agent code list directly below.
    • This reply was modified 1 year, 10 months ago by Profile photo of AITpro Admin AITpro Admin.
    • This reply was modified 1 year, 9 months ago by Profile photo of AITpro Admin AITpro Admin.
    #2469
    Profile photo of Donald Krebs
    Donald Krebs
    Member

    I removed the code you found, I still get a 500 Internal Server Error. Also, I don’t find any code in the .htaccess that offers options, to # out.

    #2470
    Profile photo of Donald Krebs
    Donald Krebs
    Member

    BTW, I’ve requested the lady with the checkbook to buy pro. It should happen in the next few days.

    #2471
    Profile photo of AITpro Admin
    AITpro Admin
    Keymaster

    Ok then that means you have a typo or invalid code somewhere.  I noticed something strange and maybe you added this to the code you posted?

    Did you add this to the code?  “.htaccess ASCII text”

    Compare the working WP Super Cache code I posted above against the code you have and see if there are differences in the code.  If you see ASCII anywhere then that is not valid.  I have no idea where that would be coming from.

    #2474
    Profile photo of Donald Krebs
    Donald Krebs
    Member

    I don’t know where it came from. I just did a search on the current code and it’s not there now.

    #2475
    Profile photo of AITpro Admin
    AITpro Admin
    Keymaster

    Nope that is not coming from BPS so if that non-valid text is in your WP Super Cache code then your site will definitely crash with a 500 error.  😉

    #2476
    Profile photo of AITpro Admin
    AITpro Admin
    Keymaster

    You should ONLY be using the htaccess code that is generated and shown to you by WP Super Cache from within the WP Super Cache plugin page.  You would then copy that htaccess code to BPS Custom Code.  Do not do this outside of WP Super Cache or BPS.  The entire process needs to be done from within your WordPress Dashboard and from within both plugin settings pages.

    #2486
    Profile photo of Donald Krebs
    Donald Krebs
    Member

    The site is working now with both WPSuperCache and BulletProofSecurity plug-ins activated.
    Based on you last post I:

    returned to Dashboard
    first inactivated WPSuperCache,
    then went to cPanel of HostGator and deleted htaccess and other htaccess files like …OLD and …-BAK, in order to start fresh.
    I then went to BPS and created a generic .htaccess file.
    Then I activated WPSuperCache and copied the mod rewrite rules from # BEGIN WPSuperCache to# END WPSuperCache.
    I then went to BPS custom code and pasted the WPSC into the top section and saved the custom code.
    Returning to the BPS top page, I created a secure.htaccess file. 
    I activated the BulletProofMode.

    The site displays properly.
    I suppose after all this, the topic line should be changed.

    #2491
    Profile photo of AITpro Admin
    AITpro Admin
    Keymaster

    Great!  and yep I changed the Topic on the last round of “back and forth”.  😉  Thanks for adding your exact steps and also confirming that all is well.

    #2715
    Profile photo of AITpro Admin
    AITpro Admin
    Keymaster

    BPS Pro: WP Super Cache installation and/or setup steps.

    1.  Turn Off AutoRestore.
    2.  Go to F-Lock and unlock your wp-config.php file.  Do not unlock your root .htaccess file.  The reason for this is that WP Super Cache will write its htaccess code to the bottom of the root .htaccess file and it should be at the top of the root htaccess.
    3.  Install the WP Super Cache plugin if it is not already installed.  Go to the WP Super Cache Settings page and choose your settings.

    I found that these settings worked the best in benchmarking tests on Go Daddy.
    Checked/selected – Use mod_rewrite to serve cache files. (Recommended)
    Checked/selected – Compress pages so they’re served more quickly to visitors. (Recommended)
    Unchecked/unselected – Mobile device support. (External plugin or theme required. See the FAQ for further details.)

    4.  Click the Update Status button to save your settings.
    5.  Copy the WP Super Cache .htaccess mod_rewrite code.
    6.  Go to BPS Custom Code and paste the WP Super Cache .htaccess code into the top text box:  CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE: Add php.ini handler and/or plugin cache code here and click the Save Root Custom Code button.  If you have a php/php.ini handler in your Root .htaccess file then copy that php/php.ini handler right above the WP Super Cache .htaccess code.  See example .htaccess file above as a reference.
    7.  Go to the BPS Security Modes page and click the Create secure.htaccess File AutoMagic button and then activate Root Folder BulletProof Mode.
    8.  Go to F-Lock and lock your wp-config.php file.
    9.  Go to AutoRestore and click Root Files Backup Files button, click the wp-content Files Backup Files button and turn AutoRestore back On.

    UPDATE: Garbage Collection should also be setup On the WP Super Cache Advanced page
    Expiry Time & Garbage Collection
    Cache Timeout:  set to 3600 seconds which is 1 hour
    Scheduler:  chose Timer and set to 3600 seconds
    Notification Emails:  chose not to have emails sent to me when the garbage collection runs.

    The WP Super Cache setup is complete.

    ______________________________________________
    BPS Free: WP Super Cache installation and/or setup steps
    1.  Deactivate the WP Super Cache plugin.
    2.  Go to the htaccess Core page > htaccess File Editor tab page > click the Turn Off AutoLock button and click the Unlock htacces File button. Note: Your wp-config.php file permissions need to be 644. BPS Free does not lock the wp-config.php file, but other WP Security plugins do do that. Check and make sure your wp-config.php file permissions are 644.
    3.  Activate the WP Super Cache plugin. You can use the WP Super Cache setting choices in the BPS Pro setup steps above or choose your own WPSC settings.
    4. Copy your WPSC htaccess code from your root htaccess file to BPS Custom Code and paste the WP Super Cache .htaccess code into the top Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:
    5. Click the Save Root Custom Code button.
    6. Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button, select the Activate Root Folder BulletProof Mode Radio button and click the Activate|Deactivate button.
    7. Go to the htaccess Core page > htaccess File Editor tab page > click the Turn On AutoLock button and click the Lock htacces File button.

    • This reply was modified 1 year, 10 months ago by Profile photo of AITpro Admin AITpro Admin.
    • This reply was modified 1 month, 1 week ago by Profile photo of AITpro Admin AITpro Admin.
    • This reply was modified 4 weeks, 1 day ago by Profile photo of AITpro Admin AITpro Admin.
    • This reply was modified 4 weeks, 1 day ago by Profile photo of AITpro Admin AITpro Admin.
    #2718
    Profile photo of Antoin Vink
    Antoin Vink
    Participant

    Great setup!

    I will install these setup tonight on my Website.
    Thank you for the E-mail by the way!
    And this code:

    Header unset ETag
    FileETag None
    
    # BEGIN Browser Cache
    # 1 YEAR
    
    <FilesMatch "\.(ico|pdf|flv)$">
    Header set Cache-Control "max-age=29030400, public"
    ExpiresDefault "access plus 1 years"
    </FilesMatch>
    
    # 2 MONTHS
    <FilesMatch "\.(jpg|jpeg|png|gif|swf)$">
    Header set Cache-Control "max-age=4838400, public"
    ExpiresDefault "access plus 2 months"
    </FilesMatch>
    
    # 1 WEEK
    <FilesMatch "\.(txt|css|js)$">
    Header set Cache-Control "max-age=604800, public"
    ExpiresDefault "access plus 1 weeks"
    </FilesMatch>
    
    # 30 MIN
    <FilesMatch "\.(html|htm|php)$">
    Header set Cache-Control "max-age=1800, private, proxy-revalidate"
    ExpiresDefault "access plus 30 minutes"
    </FilesMatch>
    
    # END Browser Cache
Viewing 15 posts - 1 through 15 (of 75 total)

You must be logged in to reply to this topic.