BulletProof Security Forum

An .htaccess file is fully named “.htaccess”.  If you remove the dot then the file is no longer an htaccess file that is recognized by your host server. A 500 error usually means that your host server does not allow some particular htaccess code.  Most likely it is either the “Options” or “DirectoryIndex” htaccess code directives.

https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

500 Internal Server Error After Activating BulletProof Mode for your Root Folder

Some Web Hosts do not allow you to use the “Options” Directive in .htaccess files. If you see a 500 Internal Server Error then comment out the “Options” Directive by adding a pound sign (#) in front of Options -Indexes in your Root .htaccess file as shown below.

# DO NOT SHOW DIRECTORY LISTING
# If you are getting 500 Errors when activating BPS then comment out Options -Indexes
# by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
#Options -Indexes

Some Web Hosts do not allow you to use the “DirectoryIndex” Directive in .htaccess files. If you see a 500 Internal Server Error then comment out the “DirectoryIndex” Directive by adding a pound sign (#) in front of DirectoryIndex in your Root .htaccess file as shown below.  Known Hosts with this issue:  NordNet

# DIRECTORY INDEX FORCE INDEX.PHP
# Use index.php as default directory index file
# index.html will be ignored will not load.
#DirectoryIndex index.php index.html /index.php

500 Internal Server Error After Adding New custom .htaccess Code To BPS Custom Code

If you have added custom .htaccess code to BPS Custom Code, saved it, clicked the AutoMagic buttons and activated BulletProof Modes and there is either invalid .htaccess code in that custom .htaccess code or your particular Server/Host does not allow something in that custom .htaccess code then your site will crash with a 500 Internal Server Error.

1.  Use FTP or your web host control panel file manager and delete your root .htaccess file (or the wp-admin .htaccess file if the custom .htaccess code was added to wp-admin Custom Code).
2.  After you have deleted the .htaccess file or files, login to your site, go to BPS Custom Code, cut (NOT copy) the custom .htaccess code you added to any BPS Custom Code text boxes and paste that custom .htaccess code to a Notepad text file (use Notepad or Notepad++ – do NOT use Word or WordPad) and save it on your computer.
3.  After cutting all custom .htaccess code that you have added to any BPS Custom Code text boxes, click the Save Root Custom Code button (and/or Save wp-admin Custom Code button), go to the Security Modes page and click the Root folder BulletProof Mode (and/or wp-admin Folder BulletProof Mode) Activate button.

Your site should not crash at this point with a 500 Error.  You can then check and test your custom .htaccess code individually.  ONLY add one section of your custom .htaccess code at a time to BPS Custom Code text boxes (and do ALL the Custom Code steps) to isolate which custom .htaccess code is causing the 500 error.  Either correct whatever needs to be corrected or just do not use the custom .htaccess code on your website if it does not work / is not allowed on your particular Host/Server.