Your web host must not allow locking the Root htaccess file. Do these steps below to fix the problem.
1. Use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder to /_bulletproof-security/.
2. Delete your Root htaccess file.
3. Login to your website, go to the WordPress Plugins page and click the Must-Use link at the top of the Plugins page. If AutoRestore is turned Off you will see – “AutoRestore is turned Off” in green font under the BPS Pro MU Tools must-use plugin. If AutoRestore is not turned Off then click the “Turn Off AutoRestore” link to turn Off AutoRestore.
4. Rename the /_bulletproof-security/ plugin folder back to /bulletproof-security/.
5. Go to the BPS Pro > B-Core > htaccess File Editor tab page and click the Unlock htaccess File and Turn Off AutoLock buttons.
6. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.
Another method to avoid having the Root htaccess file repeatedly quarantined is to create an AutoRestore single file exclude rule for your Root htaccess file.
https://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules
1. Go to the AutoRestore page and turn Off AutoRestore.
2. Go to the Quarantine page and delete the auto_.htaccess file(s) that was quarantined.
3. Go back to AutoRestore > click on the Add|Exclude Other Folders & Files tab page > under the Exclude Folders & Files form > select Exclude an Individual File > Enter an Exclude Folder or File Path: /xxxxx/public_html/.htaccess. Note: this is an example file path. Enter your actual file path to your Root htaccess file.
4. Click the Exclude button.
5. Turn AutoRestore back on.
.
