WP Super Cache – WP Super Cache htaccess code, Custom Code

Home Forums BulletProof Security Free WP Super Cache – WP Super Cache htaccess code, Custom Code

This topic contains 73 replies, has 5 voices, and was last updated by Avatar of silas88 silas88 1 year ago.

Viewing 15 posts - 1 through 15 (of 74 total)
  • Author
    Posts
  • #2454 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of Donald Krebs
    Donald Krebs
    Member

    I just spent several hours troubleshooting an issue that blanked out our site this morning.
    think I caused the problem by selecting an option in BulletProof that caused it to conflict with another plug-in, WP Super Cache. In troubleshooting this WP site, I deactivated all the plug-ins possible including BulletProof. 
    We are back up now, I have re-activated all the plug-ins except BulletProof. I would like to examine the log before I reactivate BP, I am afraid if I just reactivate then the settings (wrong, probably) will cause the problem all over again.
    I assume if I look over the log and don’t see what might have caused the problem, then un-installing and re-installing BP is in order, right?
    Or, what would you guide me to do next?
    dk

    #2455 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    No, actually BPS has built-in troubleshooting so deactivating and deleting BPS is not the correct way to troubleshoot issues/problems.

    Please see the BulletProof Security Read Me First Forum Topic for the correct way to troubleshoot issues/problems:  http://forum.ait-pro.com/forums/topic/read-me-first-free/

    The Security Log file is located here:  /wp-content/bps-backup/logs/http_error_log.txt

    When you install BPS nothing happens at that point.  When you use the AutoMagic buttons you are only creating Master .htaccess files.  When you activate BulletProof Modes that is when something happens.

    To quickly reverse a site crash you can delete the root .htaccess file via FTP to get back into your site.  I assume you are using mod_rewrite in WP Super Cache so you will need to “roll your own” and create a combined Master .htaccess file using the BPS Custom Code feature.  Basically you would copy the entire WP Super Cache .htaccess code to the top Custom Code text box, save your changes, click the AutoMagic buttons and activate root folder BulletProof Mode again.  Your root .htaccess file will contain both the BPS htacces code and the WP Super Cache htaccess code.

    #2459 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of Donald Krebs
    Donald Krebs
    Member

    based on your reply I can reactivate BPS and build a working htaccess file. I will let you know…

    #2463 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of Donald Krebs
    Donald Krebs
    Member

    per your instruction I re-activated BPS and went to page for custom .htaccess. Pasted from WPSuperCache. Then I went to Security Modes page and activated BulletProof Mode in topmost panel. When I went to the site I got a server error. I then re-named the .htaccess file (that clue you gave earlier is handy as a pocket on a shirt) and now the site is back.
    Below it the .htaccess file after custom modification:

    #2465 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    Right after your WP Super Cache code I saw this block of htaccess code.  I think this is the problem.  BPS already incorporates the standard WordPress Rewrite .htaccess code so there is no need to add this again.  this code is probably being autogenerated by WP Super Cache.

    # BULLETPROOF PRO 5.6.1 SECURE .HTACCESS
    
    # If you edit the BULLETPROOF PRO 5.6.1 SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # This removes all of the BPS security code and replaces it with just the default WP htaccess code
    # To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.
    
    # BEGIN WordPress
    # IMPORTANT!!! DO NOT DELETE!!! - B E G I N WordPress above or E N D WordPress - text in this file
    # They are reference points for WP, BPS and other plugins to write to this htaccess file.
    # IMPORTANT!!! DO NOT DELETE!!! - BPSQSE BPS QUERY STRING EXPLOITS - text
    # BPS needs to find the - BPSQSE - text string in this file to validate that your security filters exist
    
    # TURN OFF YOUR SERVER SIGNATURE
    ServerSignature Off
    
    # ADD A PHP HANDLER
    # If you are using a PHP Handler add your web hosts PHP Handler below
    
    # CUSTOM CODE TOP - Your Custom htaccess code will be created here with AutoMagic
    # GODADDY PHPINI CODE
    AddHandler x-httpd-php5-cgi .php
    AddHandler x-httpd-php5-cgi .php5
    
    # BEGIN WPSuperCache
    RewriteEngine On
    RewriteBase /aitpro-blog/
    #If you serve pages from behind a proxy you may want to change 'RewriteCond %{HTTPS} on' to something more sensible
    AddDefaultCharset UTF-8
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index-https.html.gz -f
    RewriteRule ^(.*) "/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index-https.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index.html.gz -f
    RewriteRule ^(.*) "/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index.html.gz" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTPS} on
    RewriteCond %{DOCUMENT_ROOT}/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index-https.html -f
    RewriteRule ^(.*) "/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index-https.html" [L]
    
    RewriteCond %{REQUEST_URI} !^.*[^/]$
    RewriteCond %{REQUEST_URI} !^.*//.*$
    RewriteCond %{REQUEST_METHOD} !POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
    RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
    RewriteCond %{HTTPS} !on
    RewriteCond %{DOCUMENT_ROOT}/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index.html -f
    RewriteRule ^(.*) "/aitpro-blog/wp-content/cache/supercache/%{SERVER_NAME}/aitpro-blog/$1/index.html" [L]
    # END WPSuperCache
    
    # DO NOT SHOW DIRECTORY LISTING
    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    Options -Indexes
    
    # DIRECTORY INDEX FORCE INDEX.PHP
    # Use index.php as default directory index file
    # index.html will be ignored will not load.
    DirectoryIndex index.php index.html /index.php
    
    # BPS PRO ERROR LOGGING AND TRACKING
    # BPS Pro has premade 403 Forbidden, 400 Bad Request and 404 Not Found files that are used
    # to track and log 403, 400 and 404 errors that occur on your website. When a hacker attempts to
    # hack your website the hackers IP address, Host name, Request Method, Referering link, the file name or
    # requested resource, the user agent of the hacker and the query string used in the hack attempt are logged.
    # All BPS Pro log files are htaccess protected so that only you can view them.
    # The 400.php, 403.php and 404.php files are located in /wp-content/plugins/bulletproof-security/
    # The 400 and 403 Error logging files are already set up and will automatically start logging errors
    # after you install BPS Pro and have activated BulletProof Mode for your Root folder.
    # If you would like to log 404 errors you will need to copy the logging code in the BPS Pro 404.php file
    # to your Theme's 404.php template file. Simple instructions are included in the BPS Pro 404.php file.
    # You can open the BPS Pro 404.php file using the WP Plugins Editor or by using the BPS Pro File Manager.
    # NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php template file.
    
    ErrorDocument 400 /aitpro-blog/wp-content/plugins/bulletproof-security/400.php
    ErrorDocument 403 /aitpro-blog/wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 /aitpro-blog/404.php
    
    # DENY ACCESS TO PROTECTED SERVER FILES - .htaccess, .htpasswd and all file names starting with dot
    RedirectMatch 403 /\..*$
    
    RewriteEngine On
    RewriteBase /aitpro-blog/
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    
    RewriteEngine On
    RewriteBase /aitpro-blog/
    RewriteRule ^index\.php$ - [L]
    
    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]
    
    # PLUGINS AND VARIOUS EXPLOIT FILTER SKIP RULES
    # IMPORTANT!!! If you add or remove a skip rule you must change S= to the new skip number
    # Example: If RewriteRule S=5 is deleted than change S=6 to S=5, S=7 to S=6, etc.
    
    # Adminer MySQL management tool data populate
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/adminer/ [NC]
    RewriteRule . - [S=12]
    # Comment Spam Pack MU Plugin - CAPTCHA images not displaying
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/mu-plugins/custom-anti-spam/ [NC]
    RewriteRule . - [S=11]
    # Peters Custom Anti-Spam display CAPTCHA Image
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
    RewriteRule . - [S=10]
    # Status Updater plugin fb connect
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/fb-status-updater/ [NC]
    RewriteRule . - [S=9]
    # Stream Video Player - Adding FLV Videos Blocked
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/stream-video-player/ [NC]
    RewriteRule . - [S=8]
    # XCloner 404 or 403 error when updating settings
    RewriteCond %{REQUEST_URI} ^/aitpro-blog/wp-content/plugins/xcloner-backup-and-restore/ [NC]
    RewriteRule . - [S=7]
    # BuddyPress Logout Redirect
    RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC]
    RewriteRule . - [S=6]
    # redirect_to=
    RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC]
    RewriteRule . - [S=5]
    # Login Plugins Password Reset And Redirect 1
    RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC]
    RewriteRule . - [S=4]
    # Login Plugins Password Reset And Redirect 2
    RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
    RewriteRule . - [S=3]
    
    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Only Allow Internal File Requests From Your Website
    # To Allow Additional Websites Access to a File Use [OR] as shown below.
    # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
    # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F,L]
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    RewriteCond %{HTTP_REFERER} ^.*ait-pro.com.*
    RewriteRule . - [S=1]
    
    # BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker.
    # Add or remove user agents temporarily or permanently from the first User Agent filter below.
    # If you want a list of bad bots / User Agents to block then scroll to the end of this file.
    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)HTTP(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR] 
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F,L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /aitpro-blog/index.php [L]
    
    # DENY BROWSER ACCESS TO THESE FILES
    # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
    # Replace Allow from 88.77.66.55 with your current IP address and remove the
    # pound sign # from in front of the Allow from line of code below to access these
    # files directly from your browser.
    
    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    #Allow from 88.77.66.55
    
    # IMPORTANT!!! DO NOT DELETE!!! the END WordPress text below
    # END WordPress
    
    # CUSTOM CODE BOTTOM - Your Custom htaccess code will be created here with AutoMagic
    ExpiresActive On
    ExpiresByType image/gif A2592000
    ExpiresByType image/jpeg A2592000
    ExpiresByType image/jpg A2592000
    ExpiresByType image/png A2592000
    ExpiresByType image/x-icon A2592000
    ExpiresByType text/css A86400
    ExpiresByType text/javascript A86400
    ExpiresByType application/x-shockwave-flash A2592000
    #
    <FilesMatch "\.(gif|jpe?g|png|ico|css|js|swf)$">
    Header set Cache-Control "public"
    
    # Redirect 404 errors
    RedirectMatch 301 ^/aitpro-blog/videos/quick-install/bps-pro-quick-setup.html http://www.ait-pro.com/aitpro-blog/2841/bulletproof-security-pro/bulletproof-security-pro-overview-video-tutorial/
    RedirectMatch 301 ^/aitpro-blog/videos/upgrade/bps-pro-plugin-upgrade.html http://www.ait-pro.com/aitpro-blog/2841/bulletproof-security-pro/bulletproof-security-pro-overview-video-tutorial/
    RedirectMatch 301 ^/aitpro-blog/misc-projects/funny-stuff/$ http://www.ait-pro.com/aitpro-blog/category/misc-projects/$1
    RedirectMatch 301 ^/aitpro-blog/category/misc-projects/wordpress$ http://www.ait-pro.com/aitpro-blog/4349/misc-projects/wordpress-tips-tricks-fixes/$1
    RedirectMatch 301 ^/aitpro-blog/website-metrics-posting-form/$ http://www.ait-pro.com/aitpro-blog/
    RedirectMatch 301 ^/aitpro-blog/aitpro-posting-form/activation-key-verification/$ http://www.ait-pro.com/aitpro-blog/
    ...
    ...
    ...
    
    # BLOCK HOTLINKING TO IMAGES
    # To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
    #RewriteEngine On
    #RewriteCond %{HTTP_REFERER} !^https?://(www\.)?add-your-domain-here\.com [NC]
    #RewriteCond %{HTTP_REFERER} !^$
    #RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]
    
    # FORBID COMMENT SPAMMERS ACCESS TO YOUR wp-comments-post.php FILE
    # This is a better approach to blocking Comment Spammers so that you do not
    # accidentally block good traffic to your website. You can add additional
    # Comment Spammer IP addresses on a case by case basis below.
    # Searchable Database of known Comment Spammers http://www.stopforumspam.com/
    
    <FilesMatch "^(wp-comments-post\.php)">
    Order Allow,Deny
    Deny from 46.119.35.
    Deny from 46.119.45.
    Deny from 91.236.74.
    Deny from 93.182.147.
    Deny from 93.182.187.
    Deny from 94.27.72.
    Deny from 94.27.75.
    Deny from 94.27.76.
    Deny from 193.105.210.
    Deny from 195.43.128.
    Deny from 198.144.105.
    Deny from 199.15.234.
    Allow from all
    
    # BLOCK MORE BAD BOTS RIPPERS AND OFFLINE BROWSERS
    # If you would like to block more bad bots you can get a blacklist from
    # http://perishablepress.com/press/2007/06/28/ultimate-htaccess-blacklist/
    # You should monitor your site very closely for at least a week if you add a bad bots list
    # to see if any website traffic problems or other problems occur.
    # Copy and paste your bad bots user agent code list directly below.
    • This reply was modified 2 weeks, 3 days ago by Avatar of AITpro Admin AITpro Admin.
    #2469 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of Donald Krebs
    Donald Krebs
    Member

    I removed the code you found, I still get a 500 Internal Server Error. Also, I don’t find any code in the .htaccess that offers options, to # out.

    #2470 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of Donald Krebs
    Donald Krebs
    Member

    BTW, I’ve requested the lady with the checkbook to buy pro. It should happen in the next few days.

    #2471 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    Ok then that means you have a typo or invalid code somewhere.  I noticed something strange and maybe you added this to the code you posted?

    Did you add this to the code?  “.htaccess ASCII text”

    Compare the working WP Super Cache code I posted above against the code you have and see if there are differences in the code.  If you see ASCII anywhere then that is not valid.  I have no idea where that would be coming from.

    #2474 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of Donald Krebs
    Donald Krebs
    Member

    I don’t know where it came from. I just did a search on the current code and it’s not there now.

    #2475 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    Nope that is not coming from BPS so if that non-valid text is in your WP Super Cache code then your site will definitely crash with a 500 error.  ;)

    #2476 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    You should ONLY be using the htaccess code that is generated and shown to you by WP Super Cache from within the WP Super Cache plugin page.  You would then copy that htaccess code to BPS Custom Code.  Do not do this outside of WP Super Cache or BPS.  The entire process needs to be done from within your WordPress Dashboard and from within both plugin settings pages.

    #2486 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of Donald Krebs
    Donald Krebs
    Member

    The site is working now with both WPSuperCache and BulletProofSecurity plug-ins activated.
    Based on you last post I:

    returned to Dashboard
    first inactivated WPSuperCache,
    then went to cPanel of HostGator and deleted htaccess and other htaccess files like …OLD and …-BAK, in order to start fresh.
    I then went to BPS and created a generic .htaccess file.
    Then I activated WPSuperCache and copied the mod rewrite rules from # BEGIN WPSuperCache to# END WPSuperCache.
    I then went to BPS custom code and pasted the WPSC into the top section and saved the custom code.
    Returning to the BPS top page, I created a secure.htaccess file. 
    I activated the BulletProofMode.

    The site displays properly.
    I suppose after all this, the topic line should be changed.

    #2491 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    Great!  and yep I changed the Topic on the last round of “back and forth”.  ;)  Thanks for adding your exact steps and also confirming that all is well.

    #2715 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    WP Super Cache installation and / or setup steps with BPS Pro installed.

    1.  Turn Off AutoRestore.

    2.  Go to F-Lock and unlock your wp-config.php file.  Do not unlock your root .htaccess file.  The reason for this is that WP Super Cache will write its htaccess code to the bottom of the root .htaccess file and it should be at the top of the root htaccess.

    3.  Install the WP Super Cache plugin if it is not already installed.  Go to the WP Super Cache Settings page and choose your settings.

    I found that these settings worked the best in benchmarking tests on Go Daddy.

    Checked/selected – Use mod_rewrite to serve cache files. (Recommended)

    Checked/selected – Compress pages so they’re served more quickly to visitors. (Recommended)

    Unchecked/unselected – Mobile device support. (External plugin or theme required. See the FAQ for further details.)

    4.  Click the Update Status button to save your settings.

    5.  Copy the WP Super Cache .htaccess mod_rewrite code.

    6.  Go to BPS Custom Code and paste the WP Super Cache .htaccess code into the top text box:  CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE: Add php.ini handler and/or plugin cache code here and click the Save Root Custom Code button.  If you have a php/php.ini handler in your Root .htaccess file then copy that php/php.ini handler right above the WP Super Cache .htaccess code.  See example .htaccess file above as a reference.

    7.  Bonus code step:  You can skip this step if you want.  This code boosts website performance up nicely. Copy the .htaccess code directly below your WP Super Cache caching code:   and click the Save Root Custom Code button.

    I recommend that each person test using no ETags by commenting out all the ETag lines of .htaccess code below and benchmark website performance, then benchmark test using Header unset and FileETag none and then benchmark test using FileETag MTime Size.  Whichever one makes your website perform the fastest is the one you want to use.  On Go Daddy it seems that using Header unset ETag and FileETag none is slightly faster in milliseconds.

    # BEGIN WEBSITE SPEED BOOST
    # Time cheat sheet in seconds
    # A86400 = 1 day
    # A172800 = 2 days
    # A2419200 = 1 month
    # A4838400 = 2 months
    # A29030400 = 1 year
    
    # Test which ETag setting works best on your Host/Server/Website
    # with Firefox Firebug, Firephp and Yslow benchmark tests.
    
    # Create the ETag (entity tag) response header field
    #FileETag MTime Size
    
    # Remove the ETag (entity tag) response header field
    Header unset ETag
    FileETag none
    
    <IfModule mod_expires.c>
    ExpiresActive on
    ExpiresByType image/jpg A4838400
    ExpiresByType image/gif A4838400
    ExpiresByType image/jpeg A4838400
    ExpiresByType image/png A4838400
    ExpiresByType video/webm A4838400
    ExpiresByType application/x-shockwave-flash A4838400
    ExpiresByType application/x-javascript A4838400
    ExpiresByType application/javascript A4838400
    ExpiresByType text/javascript A4838400
    ExpiresByType text/css A4838400
    #ExpiresByType text/html A86400
    # Default is 2 days below so the line above is not needed / commented out
    ExpiresDefault A172800
    </IfModule>
    
    <IfModule mod_headers.c>
    <FilesMatch "\.(js|css|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|gif|jpg|jpeg|png|swf|webm)$">
    Header append Cache-Control "public"
    </FilesMatch>
    <FilesMatch "\.(txt|html)$">
    Header append Cache-Control "proxy-revalidate"
    </FilesMatch>
    <FilesMatch "\.(php|cgi|pl|htm|xml)$">
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
    </FilesMatch>
    </IfModule>
    
    <IfModule mod_deflate.c>
    # Insert filters
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/x-httpd-php
    AddOutputFilterByType DEFLATE application/x-httpd-fastphp
    AddOutputFilterByType DEFLATE image/svg+xml
    
    # Drop problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
    
    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
    </IfModule>
    # END WEBSITE SPEED BOOST

    8.  Go to the BPS Security Modes page and click the Create secure.htaccess File AutoMagic button and then activate Root Folder BulletProof Mode.

    9.  Go to F-Lock and lock your wp-config.php file.

    10.  Go to AutoRestore and click Root Files Backup Files button, click the wp-content Files Backup Files button and turn AutoRestore back On.

    UPDATE – Garbage Collection should also be setup

    On the WP Super Cache Advanced page

    Expiry Time & Garbage Collection

    Cache Timeout:  set to 3600 seconds which is 1 hour

    Scheduler:  chose Timer and set to 3600 seconds

    Notification Emails:  chose not to have emails sent to me when the garbage collection runs.

    The WP Super Cache setup is complete.

    • This reply was modified 2 weeks, 3 days ago by Avatar of AITpro Admin AITpro Admin.
    #2718 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of Antoin Vink
    Antoin Vink
    Participant

    Great setup!

    I will install these setup tonight on my Website.
    Thank you for the E-mail by the way!
    And this code:

    Header unset ETag
    FileETag None
    
    # BEGIN Browser Cache
    # 1 YEAR
    
    <FilesMatch "\.(ico|pdf|flv)$">
    Header set Cache-Control "max-age=29030400, public"
    ExpiresDefault "access plus 1 years"
    </FilesMatch>
    
    # 2 MONTHS
    <FilesMatch "\.(jpg|jpeg|png|gif|swf)$">
    Header set Cache-Control "max-age=4838400, public"
    ExpiresDefault "access plus 2 months"
    </FilesMatch>
    
    # 1 WEEK
    <FilesMatch "\.(txt|css|js)$">
    Header set Cache-Control "max-age=604800, public"
    ExpiresDefault "access plus 1 weeks"
    </FilesMatch>
    
    # 30 MIN
    <FilesMatch "\.(html|htm|php)$">
    Header set Cache-Control "max-age=1800, private, proxy-revalidate"
    ExpiresDefault "access plus 30 minutes"
    </FilesMatch>
    
    # END Browser Cache
Viewing 15 posts - 1 through 15 (of 74 total)

You must be logged in to reply to this topic.