BulletProof Security Forum

This problem may be related to this bug we just found in BPS/BPS Pro Network/Multisite htaccess writing code.  This bug would impact all Network / Multisite subdomain site types and only Network/Multisite subdirectory GWIOD site types.  GWIOD stands for “Giving WordPress It’s Own Directory”.  This bug is being fixed and we will have new versions of BPS and BPS Pro released ASAP.

http://forum.ait-pro.com/forums/topic/maintenance-mode-frontend-only-syntax-error/#post-17182

@ James – Most likely the problem is caused by either missing php handler htaccess code in your root htaccess file or invalid php handler htaccess code saved in this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE.  Do the steps below and let me know what happens.

Use FTP or your web host control panel File Manager tool and delete your root .htaccess file.
If your site is loading normally again then do steps below…
Login to your website, go to BPS > htaccess File Options > Custom Code > Root htaccess File Custom Code accordion tab/button > delete the php handler htaccess code in this Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE > click the Save Root Custom Code button.
Go to the BPS Setup Wizard page and run the Setup Wizard.

If deleting your root htaccess file does not fix the 404 error then let me know that so I can tell you what to do next.

Today I experienced the same things that James (above) did a while back. I contacted Bluehost support for help and the site came back up when they deleted htaccess and then replaced it with the WordPress htaccess code. I asked them to stay with me while I generated a secure htaccess with BPS (free version) and the site went right back down. The custom code in it had been working until today. In order to clear the way to upgrade the PHP version on the server (it’s at 7.4 now, and there is a PHP handler in the secure htaccess that reflects this), I removed a plugin and replaced it with others, and then ran the BPS setup wizard to make sure they were all whitelisted and accounted for, and boom! Down she went with a 404 error. So the site is up and functional now, but with a non-secure htaccess file. Can you help me figure out what’s going wrong with the secure htaccess code so I can resume using BPS to protect the site?

this is the one that’s working right now:

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
Options -Indexes
<IfModule mod_headers.c>
Header set X-Endurance-Cache-Level "0"
Header set X-nginx-cache "WordPress"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

@ Hannah – we were posting at the same time.  So yep Bluehost is no longer using php.ini handler htaccess code. Delete it from BPS Root Custom Code.

@ Hannah – Most web hosts have figured out that using php.ini handler htaccess code on the frontend of a website causes lots of problems.  So they are handling that at the server level now.

Sorry. I thought I had a followup question related to htaccess code, but it turned out to be a code snippet that caused the problem that surfaced today. You can delete this if you like. And thanks again for your always effective assistance!