Home › Forums › BulletProof Security Free › Root htaccess file is blank
- This topic has 21 replies, 2 voices, and was last updated 11 years ago by
AITpro Admin.
-
AuthorPosts
-
Michael Milauskas
ParticipantHi,
I too am new to BPS. I’ve installed it, created the secure htaccess file for the root folder and activated Bullet Proof Mode. I still get the BPS alert at the top of my admin page. I looked over the troubleshooting guide too. I haven’t yet disabled plugins but I took a look at the htaccess file in my root directory and it’s blank. Is this correct? The one in the admin folder has code in it, but not the one in the root folder. Thanks for any help.
AITpro Admin
KeymasterGo to the htaccess File Editor tab page. Do you see File Open and Write test successful! for all of your .htaccess files or do you see an error? Click on the secure.htaccess tab. Do you see htaccess code in the file contents window or is it blank?
ParticipantHi,
I see that they’re all successful. However, something is happening on our site. I built the site in WordPress but the client has a guy who’s kind of overseeing things. When the site goes down (which is all the time now) he renames the root folder htaccess file so right now that file is blank.
I am still trying to diagnose things and lock down the site (hence trying to use BPS).
He renamed the htaccess file in the root directory so I took a look at that. What I saw was MANY instances of the following code (one right after the other):
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress(except there are several dozen of these)
If this what I should see for the the BPS htaccess file? This morning, prior to installing BPS I added something similar to the htaccess file based on a security book I’m reading. When I uploaded it, I got the same internal server error that we’ve been getting all the time so I left it blank. That’s when I started looking for security plugins and found BPS.
KeymasterThen the issue/problem is being caused by:
The broken cPanel HotLink Protection Tool: http://forum.ait-pro.com/forums/topic/read-me-first-free/#cpanel-hotlink-protection
or
The WordPress flush_rewrite_rules function is being used inappropriately/incorrectly by another plugin: http://forum.ait-pro.com/forums/topic/read-me-first-free/#flush-rewrite-rules
If you are getting 500 errors when using a BPS .htaccess file try this first: http://forum.ait-pro.com/forums/topic/read-me-first-free/#internal-server-error
other things that can cause a 500 error.
A single typo anywhere in the .htaccess file.
Invalid htaccess code in the .htaccess file.
Creating an .htaccess file in an application like Word or WordPad. You can ONLY use Notepad or Notepad++ to create .htaccess files.
ParticipantI copied and pasted the code from the BPS root htaccess file (manually edit) and put it in the root htaccess file for the site. Now the site is not “connecting” to the stylesheet. I deleted everything from the htaccess file and reuploaded it but no luck. I think I’ve screwed eveything up and my clients are having a cow already. Anything you can suggest?
ParticipantTHanks for the info. Re: the hotlink protection tool, does that apply to godaddy? I don’t think they use cpanel, correct?
As far as the other stuff, my htaccess file is now blank. There’s nothing there.
KeymasterYou should be activating BulletProof Modes from within BPS. If that is not working on your website for some odd reason then download the secure.htaccess file to your computer, make sure the correct RewriteBase and RewriteRules are in that secure.htaccess file (you can ONLY edit .htaccess files with Notepad or Notepad++ NOT WORD, NOT WORDPAD or any other text editor), upload the secure.htaccess file to your website root folder and rename it to just .htaccess.
The RewriteBase for a WordPress root website installation is: RewriteBase /
The RewriteBase for a WordPress subfolder website installation is: RewriteBase /name-of-the-folder-where-wordpress-is-installed/
The RewriteRule for a WordPress root website installation is: RewriteRule . /index.php [L]
The RewriteRule for a WordPress subfolder website installation is: RewriteRule . /name-of-the-folder-where-wordpress-is-installed/index.php [L]
KeymasterGo Daddy does not use cPanel so that is not the problem. That leaves the flush_rewrite_rules problem.
Deactivate all of your plugins and activate Root BulletProof Mode. Then lock your Root .htaccess file and then you can activate all your plugins again.
KeymasterDo you have the Sucuri plugin installed? If so, did you click the one-click hardening for the wp-content folder? If so, you need to delete the .htaccess file in your /wp-content folder.
ParticipantNo I don’t have the sucuri plugin installed (yet). Should I? For now I deactivated BPS. I’m still not getting my site to appear with styles. This may be a different problem altogether. I put up a temp index.html page saying “undergoing maintenance” while I renamed the index page to index_orig.php. I don’t know if trying to use BPS (and all my attempts to get it working caused this or not. Any ideas?
I am anticipating my clients desiring my skin at this point! 🙂KeymasterMake sure you have removed the BPS root .htaccess file and wp-admin .htaccess file. Just deactivating BPS does not remove these .htaccess files.
BPS setup steps:
1. Activate All BulletProof Modes.
3. Setup complete.BPS removal steps:
1. Deactivate All BulletProof Modes.
2. Deactivate and delete BPS on the WP Plugins page.ParticipantOkay, I’m going to give it another shot. I screwed something up on the site so I’m on the phone now with GoDaddy doing a restore from a month ago. I’ll take a new stab at BPS tomorrow. BTW, the godaddy rep said BPS was pretty good. I just need to make sure I configure it right.
ParticipantJust a quick update in case anyone else has the same problem: my pages weren’t showing up with any style due to a permissions problem.
KeymasterThanks for posting an update. What were your old permissions and what are they now? Thanks.
ParticipantThere were a couple files/folders that were not executable. I was on the phone with GoDaddy for a long time trying to figure this out but we finally did. I use Dreamweaver most of the time for ftp and to set permissions. I could see that wp_config.php and the wp_admin folder weren’t set to be executable by the owner (don’t remember the chmod number) and I tried to change these in Dreamweaver but they didn’t change for some reason. We ended up changing the permissions in the FTP file manager in the Godaddy account. I can’t remember if we changed permissions on any other files/folders, but those were the two I do remember.
-
AuthorPosts
- You must be logged in to reply to this topic.