Home › Forums › BulletProof Security Pro › htaccess Files Disabled – Setup Wizard Enable|Disable htaccess Files
- This topic has 33 replies, 8 voices, and was last updated 4 years ago by AITpro Admin.
-
AuthorPosts
-
HannahParticipant
Well, I got all that straightened out, but I’m still having trouble with css and js errors in Admin. The styling in BPS Pro is not there, so the great accordions that condense the content are not working. Jetpack’s page is blank, and the Updraft page’s menu tabs are dead. Something must not be redirecting properly even though I replaced the Really Simple SSL redirect code with the recommended code from the page referenced above. I know you can help me get this site working happily again.
AITpro AdminKeymaster@ hannah – Which website is this? Does this website have Cloudflare or the EPC plugin installed? Most likely something is breaking the BPS Pro Plugin Firewall or you need to add additional IP addresses for the additional things you have installed such as Reverse Proxy IP addresses (cloudflare). Do BPS Pro troubleshooting step #3: https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting Or you could be missing necessary code in your Root htaccess file or your Root htaccess file code is still fubar.
HannahParticipantHi there…didn’t get a notification of your reply again. This site is https://joanpechanec.com. Yes, it does have Cloudflare, but not the EPC (InMotion Hosting is not a member of the EIG group). The Cloudflare plugin is deactivated, as is the js minification.
This situation seems to get better and then reverts to the same problem. I’m getting that 500 error again though the bad code you brought to my attention before has been removed from htaccess. In fact, I’m using the default htaccess with only three redirects, and the forward-facing site is ok, I just don’t have the SSL redirects I need to make sure people only access the site via https (it was working, but after disabling Cloudflare css and html minification I got a major redirect loop and the SSL redirect code has not succeeded since then…maybe if I wait a day I can try again and it won’t fail. For some reason htaccess sometimes needs to catch up with itself it seems-even when clearing browser and Cloudflare caches). A fair amount of the admin stuff is still fubar (Jetpack page is not entirely blank but the dashboard and settings are not displaying; Updraft backup/restore’s admin tabs are still dead (though I should mention that I can start a backup run and it works), and AddThis social sharing is css-scrambled the way BPS Pro was before), with the exception of BPS Pro. That was resolved when I did diagnostic step #3, and has remained intact after reactivating Plugin Firewall BulletProof Mode. Jetpack came back, though css-scrambled, for a moment after I deactivated/reactivated the plugin, but then reverted back to blank screen. I don’t know if that’s helpful info or not but it seemed worth mentioning.
I seem to remember a fairly robust collection of plugin scripts that had been whitelisted earlier, but when this all started they were all lost and now there are only three, even after clicking around the site and admin to try and force t things to be whitelisted. I haven’t gone so far as to do regex whitelist items for all the plugins.
I did whitelist the Cloudflare IP address associated with the site, but I don’t know if that’s the same thing as the Reverse Proxy IP addresses you mentioned.
Diagnostic procedures 1 & 2 had no effect, nor did anything else but #3’s positive effect on the BPS Pro admin display (which made working with it soooo much easier!). I did all the diagnostics except those toward the end that weren’t applicable. I can send you the notes I wrote as I was doing them if that would help. My poor client is so ready to send out an email to her followers about the 19 paintings we just added to her site, but as long as every time I activate the BPS Pro
My poor client is so ready to send out an email to her followers about the 19 paintings we just added to her site, but as long as every time I activate the BPS Pro htaccess file and the site again fails to load properly, her email has to be put off again.
Sorry to be such a PITA. I wish I had more time to learn more about htaccess than I pick up by working through issues with you here. It clearly is a powerful file, and I appreciate your expertise more than you can imagine.
AITpro AdminKeymaster@ hannah – Gonna do a “ok well” and go the extra mile. This is obviously way outside of scope of tech support that we offer for free. So send a WP Login to this site so we can get this mess figured out. 😉
jenni101ParticipantHi there,
Our host just moved our site to new server/totally new location and although the site worked fine from the front-end the backend was inaccessible. Our hostind company then disabled the site htaccess file (by re-naming it) leaving the root htaccess file, and all was worked again.
Our site is in it’s own folder, so we originally had an htaccess file in the root and one in it’s own folder.
I’ve just rerun the pre-setup wizard, and it says that our site can’t now have an htaccess file, so thought I should check here before running the setup wizrd proper. Info for the site is:-
Website|Server|Opcode Cache|Accelerators|IP Info|Apache Modules|Directives
Website Root URL: http://www.trevorpenfold.com/tpphoto
Document Root Path: /home/trevorpe/public_html
WP ABSPATH: /home/trevorpe/public_html/tpphoto/
Parent Directory: /home/trevorpe/public_html
Server|Website IP Address: 43.245.53.11
Host by Address: aldwin.hosts.net.nz
DNS Name Server: ns2.freeparking.co.nz
Proxy X-Forwarded-For IP Address: 131.203.131.144
Server Type: Apache/2.4.27 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4
Operating System: Linux
WP Filesystem API Method: direct
Server API: litespeed CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
500:500:200: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded
cURL: cURL Extension is Loaded
Zend Engine Version: 2.6.0
Zend Guard|Optimizer: Zend Guard Loader Extension is Loaded
ionCube Loader: ionCube Loader Extension is Loaded Version: 100001
Suhosin: Suhosin-Extension is Loaded
APC: APC Extension is Not Loaded
eAccelerator: eAccelerator Extension is Not Loaded
XCache: XCache Extension is Loaded but Not Enabled
Varnish: Varnish Extension is Not Loaded
Memcache: Memcache Extension is Not Loaded
Memcached: Memcached Extension is Not LoadedCan you see any reason why we can’t have a site htaccess file now?
Many thanks j
AITpro AdminKeymaster@ jenni101 – The htaccess file/code tests show that htaccess files and code are not allowed on this server. It appears that your host has disabled using htaccess file by using
AllowOverride None
in the host server httpd.conf file. You can either choose not to use htaccess files on your website or you will need to contact your host and ask them to allow/enable htaccess files for your website.Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
500:500:200: mod_access_compat and mod_authz_core or mod_rewrite is NOT LoadedThis is what you would normally see when a host server does allow htaccess files/code:
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loadedjenni101Participant@aitpro – many thanks. Will try to get them to allow it for us.
jenni101ParticipantHi again,
OK our hosts confirm that there is no block on using htaccess files, so I enabled htaccess in the htaccess settings, and then reran the pre-setup wizard and all OK. The ran the wizard and again all OK.
I then setup the MMode (again all working correctly when tested from another IP) and then logged out, BUT as soon as I did this it now returns a 403 forbidden page for the backend login (and yes I had added my IP address for the MM and had only enabled front end MM), AND the MM doesn’t appear to be working on all the pages – weird!
So I’m stumped! This was where I was at the start, when I had to disable the htaccess files in order to access the backend, or even the Xternal tools page.
Can you suggest anything I should try?
Many thanks.
AITpro AdminKeymaster@ jenni101 – Sounds like maybe you have added some custom htaccess code to BPS Custom Code that blocks your login page and wp-admin area. Delete your root and wp-admin htaccess files, login to your site, check BPS Custom Code for any custom code that you have added that blocks either the login page or wp-admin area and either delete it or edit it, save your changes and activate Root and/or wp-admin BulletProof Modes.
jenni101Participant@AITpro – thanks for your advice, which I have at last had a chance to check up on. After reading through your info on CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION it seems that our new server is one of those that produces a 403 error for the admin login page, as removing this code additional code in my .htaccess custom code has sorted out the problem. A good reminder to check through all of your resources regularly!
Cheers j
RAWParticipantHi BPS Staff,
I’ve just migrated a site to a new server. Hoping you have a solution for htaccess issues. Home page works fine http://www.braveworld.cc, but receiving errors on all other pages. I’ve scanned other posts on this, but not yet clear on how to resolve… Receiving this error msg:
Warning: file_put_contents(/home/braveworld/public_html/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess): failed to open stream: Permission denied in /home/braveworld/public_html/wp-content/plugins/bulletproof-security/admin/core/core-htaccess-code.php on line 532 Warning: copy(/home/braveworld/public_html/.htaccess): failed to open stream: Permission denied in /home/braveworld/public_html/wp-content/plugins/bulletproof-security/admin/core/core-htaccess-code.php on line 548The file /home/braveworld/public_html/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess is not writable or does not exist. Check that the file is named secure.htaccess and that the file exists in the /bulletproof-security/admin/htaccess master folder. If this is not the problem click HERE to go the the BulletProof Security Forum
_______________________________________
1) in wizard setup – htaccess was enabled – This is not a new setup, plugin up to date – everything set at defaults
2) I’ve confirmed that all htaccess files are there
3) permissions are 644 – tested higher permission settings, and BPS plugin disabled, no changes
4) I have access to Web Host Manager Server, so I can make changes there… I’m absolute novice thoAny help on this would be appreciated!
All the best,
Russelllincoln stollerParticipantIn the Setup Wizard screen I see:
“BPS has detected that htaccess files cannot be used on your website/server. Click this htaccess Files Disabled Forum Topic link for more information before running the Wizards.”
and as
… this is NOT a first time BPS installation (I already had BPS installed previously) and I HAVE previously run the Wizards and I AM seeing the htaccess Files Disabled Notice…
here is the information requested at the start of this thread:
WP Filesystem API Method: direct
Server API: cgi-fcgi CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
500:500:200: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded
403: mod_security2 Module is Loaded|Enabled
DISABLE_WP_CRON constant: Standard WP Crons are not disabled on your website.
Total Plugins Installed: 31
Total Must-Use Plugins Installed: 3
Total Plugins Activated: 27File Path
Folder PathRecommended
PermissionsCurrent
PermissionsScript Owner
User ID (UID)File Owner
User ID../ 705 0775 4542 4542 ../.htaccess 404 0644 4542 4542 ../wp-config.php 400 0664 4542 4542 ../index.php 400 0664 4542 4542 ../wp-blog-header.php 400 0664 4542 4542 ../wp-admin 705 0775 4542 4542 ../wp-includes 705 0775 4542 4542 ../wp-content 705 0775 4542 4542 ../wp-content/plugins 705 0775 4542 4542 AITpro AdminKeymaster@ lincoln stoller – It sounds like something has changed about your web host server. Try enabling htaccess files on the Setup Wizard Options tab page > Enable|Disable htaccess Files > change the option setting to > htaccess Files Enabled. Email the backed up root htaccess file that is located here > /wp-content/bps-backup/master-backups/root.htaccess-[Timestamp]. If you are not sure which backed up root htaccess file to send to me then send me all the recent backed up root htaccess files by date and time Timestamps. Email to: info at ait-pro dot com.
Is this a Dedicated hosting server?
When did the problem start occurring?
What has changed around the time the problem started occurring? A web host change made by your web host? A change made by you?
What version of BPS Pro do you have installed?GeoffParticipantIf this is NOT a first time BPS installation (you already had BPS installed previously) and you HAVE previously run the Wizards and you ARE seeing the htaccess Files Disabled Notice…
The above applies to me and I have had a BPS generated htaccess file before. Below is the information requested.
Website|Server|Opcode Cache|Accelerators|IP Info|Apache Modules|Directives Website Root URL: https://firstgenfirebird.org Server Type: Apache/2.4.18 (Ubuntu) Operating System: Linux WP Filesystem API Method: direct Server API: cgi-fcgi CGI Host Server Type Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test 403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes 403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes 403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes 200: mod_rewrite Module is Loaded 200: mod_security Module is not Loaded|Enabled
File Path Folder Path Recommended Permissions Current Permissions Script Owner User ID (UID) File Owner User ID ../wp-content 705 0705 same same ../wp-content/plugins 705 0755 same same
Geoff
AITpro AdminKeymaster@ Geoff – Try enabling htaccess files on the Setup Wizard Options tab page > Enable|Disable htaccess Files > change the option setting to > htaccess Files Enabled. Let me know if that works.
-
AuthorPosts
- You must be logged in to reply to this topic.