I got a big problem when we activated BPS. We are on a multi-site WP install with domain mapping. the main site worked flawlessly but all other domains and subdomains were missing the uploaded files like images, PDFs etc. Before realizing this problem I noticed this error message “Failed to Activate BulletProof? Security Deny All Folder Protection! Your BPS Master htaccess folder is NOT Protected with Deny All htaccess folder protection!” We rolled back to htaccess from before. Any idea what went wrong?
# BEGIN Better WP Security
Options -Indexes
# Begin HackRepair.com Blacklist
RewriteEngine on
#Block comment spammers, bad bots and some proxies
RewriteCond %{REMOTE_HOST} 12.226.240.248 [OR]
...
...
...
Since you are using Better WP Security on your site and this is that plugin’s htaccess code and not BPS .htaccess code and that plugin puts its code in the wrong place in the .htaccess file you will need to use BPS Custom Code to correct all the mistakes Better WP Security makes when creating .htaccess code in the root .htaccess file.
The correct sequence / order of .htaccess code in an .htaccess file is: php/php.ini handler code (if your website requires / uses a php/php.ini handler), caching code, WordPress Rewrite Loop start, security filters / rules within the WordPress Rewrite Loop, End of the WordPress Rewrite Loop and then any miscellaneous stand-alone .htaccess code such as Better WP Security stand-alone .htaccess code (should come last in an .htaccess file and not at the top or first in an .htaccess file).
Better WP Security htaccess code goes in this BPS Custom Code tex box:
1. Copy and paste all of the Better WP Security htaccess code from # BEGIN Better WP Security to # END Better WP Security to the BPS Custom Code text box above.
2. Copy and paste the Cachify .htaccess caching code from # BEGINN CACHIFY to # END CACHIFY to this Custom Code text box:
3. Click the Save Root Custom Code button.
4. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.
.
