htaccess Files Disabled – Setup Wizard Enable|Disable htaccess Files

Home Forums BulletProof Security Pro htaccess Files Disabled – Setup Wizard Enable|Disable htaccess Files

This topic contains 25 replies, has 5 voices, and was last updated by  RAW 8 months, 1 week ago.

Viewing 15 posts - 1 through 15 (of 26 total)
  • Author
    Posts
  • #29411

    AITpro Admin
    Keymaster

    When you visit/view/access the BulletProof Security Setup Wizard page, BPS (BPS Pro 11.8+/BPS .53.6+) performs a series of tests/checks on your website/server to determine if htaccess files/code can or cannot be used on your website/server.  The BPS Apache Modules and Directives testing code checks if mod_access_compat and/or mod_authz_core or mod_rewrite are loaded or can be processed (converted/translated) by your server by using a testing htaccess file and then checking the responses from your server.  If BPS detects that your website/server cannot use htaccess files/code based on the responses from your website/server then BPS will automatically save/set the Setup Wizard Option > Enable|Disable htaccess Files setting to > htaccess Files Disabled.  See the Scenarios below to see what this means and when you can or cannot or should or should not change the Enable|Disable htaccess File setting.

    Scenarios:

    You are installing BPS for the first time and have NOT run the Wizards yet and see the htaccess Files Disabled Notice displayed on the Setup Wizard page…
    htaccess Files Disabled Notice:
    BPS has detected that htaccess files cannot be used on your website/server. Click this htaccess Files Disabled Forum Topic link for more information before running the Wizards.
    htaccess Files Disabled Notice

    …if you are sure you CAN use htaccess files on your website/server…
    It is possible that BPS has incorrectly detected that your website/server cannot use htaccess files.  If you are sure your website/server can use htaccess files then go to the Setup Wizard Options tab page and change the Enable|Disable htaccess Files option setting to:  htaccess Files Enabled and click the Enable|Disable button.  You can then run the Wizards and all BPS htaccess features and files will be created and enabled.  Please post a reply in this forum topic with your BPS System Info page information below posted in your forum reply so we can find out why BPS incorrectly detected that your website/server cannot use htaccess files.

    Website|Server|Opcode Cache|Accelerators|IP Info|Apache Modules|Directives
    Website Root URL: https://forum.ait-pro.com
    Server Type: Apache
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: cgi-fcgi CGI Host Server Type
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
    403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    200: mod_rewrite Module is Loaded

    File|Folder Permissions (CGI or DSO)|Script Owner User ID (UID)|File Owner User ID
    Note: Change your: Script Owner User ID (UID) and File Owner User ID numbers to either [same] if both the Script Owner User ID (UID) and File Owner User ID are the same and [different] if the numbers are different.

    ../wp-content 705 0705 [same] [same]
    ../wp-content/plugins 705 0705 [same] [same]

    …if you are NOT sure if you CAN use htaccess files on your website/server…
    If you are not sure if you can use htaccess files on your website/server then please post a reply in this forum topic with your BPS System Info page information above posted in your forum reply so we can tell you whether or not htaccess files can or cannot be used on your website/server.

    …you CANNOT or do NOT want to use any BPS htaccess features or files on your website
    If you cannot or do not want to use any BPS htaccess features or files and this is a first time installation of BPS then click the Wizard buttons to install BPS.  All BPS htaccess features will be disabled and no htaccess files will be created on your website/server.

    If this is NOT a first time BPS installation (you already had BPS installed previously) and you HAVE previously run the Wizards and you ARE seeing the htaccess Files Disabled Notice…
    If you currently have existing htaccess files on your website then BPS has incorrectly detected that your website/server cannot use htaccess files.  Go to the Setup Wizard Options tab page and change the Enable|Disable htaccess Files option setting to: htaccess Files Enabled and click the Enable|Disable button.  If you were going to run the Wizards again then you can then run the Wizards and all BPS htaccess features and files will still be created and enabled. Please post a reply in this forum topic with your BPS System Info page information above posted in your forum reply so we can find out why BPS incorrectly detected that your website/server cannot use htaccess files.

    …If this is NOT a first time BPS installation and you HAVE previously run the Wizards and you are NOT seeing the htaccess Files Disabled Notice, but you WOULD like to disable all BPS htaccess features and delete all htaccess files
    If you are not sure if this is a good idea or not, post a reply in this forum topic with your BPS System Info page information above.  If you currently have existing htaccess files on your website and you would like to delete all of them and disable all BPS htaccess features then change the Enable|Disable htaccess Files option setting to: htaccess Files Disabled and click the Enable|Disable button. You can then run the Wizards and all BPS htaccess features will be disabled and all htaccess files will be deleted.

    #29488

    jenni101
    Participant

    Hi,

    I’m just moving my site to a new server and have come across this issue ‘htaccess disabled notice’ as above. So the scenario is: 1st time install of BPS pro (or BPS free) on new site on new server; ran the setup wizards and only then did the notice show up.

    The BPS System info is this (not sure which you needed to see, so have posted all of it! please delete unnecessary bits…):

    Website|Server|Opcode Cache|Accelerators|IP Info|Apache Modules|Directives
    Website Root URL: http://www.my-photo-site.com
    Host by Address: tomin.hosts.net.nz
    DNS Name Server: ns.freeparking.co.nz
    Server Type: Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: litespeed CGI Host Server Type
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    403:500:500: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded
    	  	
    File|Folder Permissions (CGI or DSO)|Script Owner User ID (UID)|File Owner User ID
    ../wp-content	705	0755	[same]	[same]
    ../wp-content/plugins	705	0755	[same]	[same]

    I do have access to changing the php modules via cPanel – not sure if this helps? And can ask my hosting provider to change things too. I’ve always used the .htaccess file and would really like it enabled on my new server too.

    Many thanks, j

    #29492

    AITpro Admin
    Keymaster

    This appears to have something to do with your Web Host transfer and DNS/DNS Propagation.  The System Info you posted shows that your site was hosted on Freeparking:  http://www.freeparking.co.nz/  The new IP address for your website/server is:  65.39.205.57, which is an IP address for this Host:  Cogeco Peer1: https://www.cogecopeer1.com/en/  DNS scans show that your Name Server is a Go Daddy Name Server:  ns65.domaincontrol.com, which appears to be your Registrar and not your Host server.  So either you have not changed your DNS Name Servers/Records to point to your new Host or DNS Progagation has not completed yet.

    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    403:500:500: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded

    The 403 Status Response means that mod_access_compat is loaded. The first 500 Status Response means that mod_authz_core is not loaded.  The second 500 Status Response means that mod_rewrite is NOT loaded.  So htaccess files were automatically disabled because the mod_rewrite test results showed a 500 Status Response.

    At this point you could go to the Setup Wizard Options tab page and change the Enable|Disable htaccess Files option setting to: htaccess Files Enabled, click the Enable|Disable button and re-run the Wizards, but before doing that go to the BPS System Info page and post your new Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): information, which I assume has changed/will be different now.  You should also either check your DNS information in your new web host control panel or contact your new web host about your DNS settings.

    #29506

    jenni101
    Participant

    Thanks for your quick repy – the Apache info you requested us the same as before:

    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    403:500:500: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded

    What I forgot to say (as I didn’t realise it’s importance…) was that I’m just setting up my site on a new server, but my current site is still active so not yet changed the DNS records to point to my new server here – so I guess that’s what is causing the problem?

    I was just worried about importing all my dtatbade settings if it didn’t allow an htaccess file like my current one does.

    So I’ve gone ahead as suggested: enabled htaccess and re-run the wizards and it all seems good.

    I’ll re-run the wizards again once I’ve imported everything and again after I’ve changed the DNS records etc to double check it.

    Many thanks.

    #30252

    jenni101
    Participant

    Hi,

    Just thought I’d post an update about this issue: Since moving to the new site on the new server, and of course changing the DNS records, everything seems fine. So it must just have been related to the DNS settings during my new site setup.

    Thanks for your help, j

    #30860

    Jose
    Participant

    Hi,

    Today SEO Yoast released an update and after I’ve downloaded  it, it seems that BPS doesn’t recognize secure and default .htaccess files
    Looking at the changelog from Yoast I read “Improves reliability in some PHP configurations.”
    On the other hand, the root structure continues as always (everything looks different but it’s working, as you know). – The folder permissions are the same at the entire web (.htaccess (404) and (only wp-admin htaccess changed from 604 to 644 and I’ve set it to 604 again – It has been the only change I’ve detected).

    When I have a look at htaccess files editing, I can see

    htaccess Files Disabled: secure.htaccess Master file is disabled.
    htaccess Files Disabled: default.htaccess Master file is disabled.
    htaccess Files Disabled: wpadmin-secure.htaccess Master file is disabled.
    File Open and Write test successful! Your currently active Plugins htaccess file is writable.
    File Open and Write test successful! Your currently active Uploads htaccess file is writable.
    Your root htaccess file is Locked with Read Only Permissions.
    Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess file for editing.
    File Open and Write test successful! Your currently active wp-admin htaccess file is writable.

    I’ve checked, for example, if Hotlink Protection is working and it seems to be affirmative (at least in Facebook pages). The same about Speed Boost Cache in my browser (after refreshing cache I do not see any difference and it’s the only cache system running at this website).

    The actual server configuration is

    Server Type: Apache
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: cgi-fcgi CGI Host Server Type
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    200: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: No
    200: mod_authz_core is NOT Loaded|IfModule: Yes
    403: mod_authz_host is NOT Loaded|IfModule: Yes
    200: mod_rewrite Module is Loaded
    cURL: cURL Extension is Loaded
    Zend Engine Version: 3.0.0

    If I re-run any (Securiry Modes) setup wizards, these alerts are shown in blue colour font notices, one by one:

    htaccess Files Disabled: wp-admin htaccess file writing is disabled.
    htaccess Files Disabled: Root htaccess file writing is disabled.
    htaccess Files Disabled: Master htaccess file writing is disabled.
    htaccess Files Disabled: BPS Backup htaccess file writing is disabled.

    All the rest of BPS seem to be working fine.
    If I have a look at Installation Setup Wizard Options, I can see ‘Enable|Disable htaccess Files’ set disabled by default.
    What would you recommend?
    If I run pre-instalation wizard, would it be better changing htaccess Files enabled from the beginning?
    Would I need re-enter the Activation Key?

    #30861

    AITpro Admin
    Keymaster

    The BPS Apache Mod tests indicate that your site/server can use/process htaccess files so change this Setup Wizard Option setting > Enable|Disable htaccess Files > to:  htaccess Files Enabled > re-run the Wizards.  If you need to add htaccess code to save it permanently then add it to BPS Custom Code.

    #30862

    Jose
    Participant

    Great! It worked re-running the Wizards!

    Many Thanks.

    #30864

    Jose
    Participant

    Ok I saw the first one was ‘enable’ by default. Only had to change htaccess Files. 😉

    #30866

    AITpro Admin
    Keymaster

    Great!  Just checking.

    #33003

    Hannah
    Participant

    Hi, one of the sites I manage with BPS Pro installed has gone haywire. I just did a content update on it, but everything was working fine when I finished the day before yesterday. This morning I found an email the site’s owner sent late yesterday saying that the home page wasn’t loading as expected and every other page was returning 404 errors. Since BPS Pro was telling me that there was no htaccess file in the root, I did the usual thing to activate it, but immediately got a message that htaccess files are disabled and the one I created went straight to quarantine. This has never been the case with this host, InMotion hosting, before and I have never seen this type of behavior previously. I also see that the plugin whitelist rules have all disappeared, and I can’t find any entries in the PHP error log though a test tells me the log is writeable.  I checked the Cloudflare settings (we’re using a cloudflare SSL cert for this site) and everything seems to be okay. The InMotion chat rep said I should update the IP address that the A record was pointing to at Cloudflare, but when I went to do that, I found that it was already pointing to the correct IP. That rep opened a support ticket for us, but I thought I should report this to you since there was a note to do that in one of the support forum entries on the subject of disabled htaccess files so you could figure out why BPS Pro was detecting that htaccess files must be disabled when they should be allowed. Please let me know if you need further information to help us with this.
    UPDATE: InMotion’s support tech just got back to us, saying “Thank you for your patience while we have been investigating into this issue further for you.

    After ensuring your permalinks were set correctly and clearing any caching for the domain, it appears your pages are again loading correctly. If you are still showing a 404 error in your browser, I would advise trying to clear your local browser cache.” As far as I can see, all they did was place a default WordPress htaccess file in the root folder. When I went in to update it with the BPS Pro secure version of htaccess and our custominzations (a few redirects, etc.) I saw these messages:

    htaccess Files Disabled: secure.htaccess Master file is disabled.
    htaccess Files Disabled: default.htaccess Master file is disabled.
    htaccess Files Disabled: wpadmin-secure.htaccess Master file is disabled.
    htaccess Files Disabled: plugins folder htaccess file does not exist.
    htaccess Files Disabled: uploads folder htaccess file does not exist.
    File Open and Write test successful! Your currently active root htaccess file is writable.

    So I thought I would be able to save the htaccess file we’ve been using up to this point, but when I clicked the Activate button, I got this message: htaccess Files Disabled: Root htaccess file writing is disabled. So I don’t think the root of the problem has been addressed, and we will still need your help to get things working again as they have in the past. *sigh* It is good to know, at least, that using the default WordPress htaccess file resolves the issues we were experiencing,. so there must be an error of some sort in the custom one. This still does not explain why htaccess files are disabled in BPS Pro, though. I will look forward to your thoughts and guidance on this.

    #33005

    AITpro Admin
    Keymaster

    @ Hannah – If you believe there is a problem with some custom htaccess code that you have added to BPS Custom Code then use the Custom Code Export button and then click the Custom Code Delete button. Send your Custom Code zip file to:  info at ait-pro dot com so I can check your Custom Code for any mistakes.  To enable htaccess files > go to the Setup Wizard > change this Setup Wizard Option setting > Enable|Disable htaccess Files > to: htaccess Files Enabled > re-run the Wizards.  htaccess files were either disabled by someone clicking the Setup Wizard option setting or another problem caused that.  If htaccess files were enabled before and all of a sudden they were no longer enabled then the only way that could happen is if someone changed the Setup Wizard option and disabled htaccess files.

    #33041

    Hannah
    Participant

    Thank you. I’m so sorry, I didn’t get a notification of your reply of April 19 and just found it a little while ago.

    I was unable to export the custom code as you instructed. BPS Pro would export the file, but when I tried to download it I got a 500 ISE error. I followed the instructions for a 403 error but it didn’t change anything. So I updated the default htaccess with the handful of 301 redirects needed for this site and the Really Simple SSL plugin redirect code. I tried to use the appropriately labeled code (# Rewrite|Redirect http to https|SSL & www to non-www) from your page https://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233 but the www version of the domain did not redirect properly and the theme behavior and css styling failed, so I went back to the other plugin’s code.

    Therefore I attached the entire contents of the htaccess file with custom code and sent it to you so you can review it for errors.

    Thank you so much for your help.

    #33042

    AITpro Admin
    Keymaster

    @ Hannah – Yep, our host mail server was broken (automated emails only) for 7 days – 4-14 – 4-20.  Ok I”ll take a look at the file/code you sent to us.

    #33043

    AITpro Admin
    Keymaster

    @ Hannah – Most likely the reason you saw a 500 error when trying to Export your Custom Code is that you have HTML and javascript code in your htaccess file.  The email I sent to you explains what you need to fix in your root htaccess and also BPS Custom Code.  The HTML and javascript code is Cloudflare code. So either it was accidentally copied to BPS Custom Code or Cloudflare is mistakenly injecting that code into your Root htaccess file.

Viewing 15 posts - 1 through 15 (of 26 total)

You must be logged in to reply to this topic.