… 5G Blacklist 2012 … causing a problem after I had again activated BulletProof Security.
When the problem starts after activating “BulletProof Security” plugin and when is gone after you removed the complete “# 5G:[QUERY STRINGS]” section out of your .htaccess then its clearly a conflict between those two.
The more rules you have the more chances you have of conflicts.
Did you use the “fixed QUERY STRINGS” version?:
# 5G:[QUERY STRINGS]
<ifModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR]
RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} echo.*kae [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} \=\\%27$ [NC,OR]
RewriteCond %{QUERY_STRING} \=\\\'$ [NC,OR]
RewriteCond %{QUERY_STRING} \.\./ [NC,OR]
RewriteCond %{QUERY_STRING} \? [NC,OR]
RewriteCond %{QUERY_STRING} \: [NC,OR]
RewriteRule .* - [F]
</ifModule>
Without the lines:
RewriteCond %{QUERY_STRING} \[ [NC,OR]
RewriteCond %{QUERY_STRING} \] [NC]
Sometimes in admin dashboard you will generate actions (request url’s) that visitors will not need for normal access to your site. With .htaccess rules you can ad a exception that will make that a rule is skipped in a specified situation. If you have a static IP adress you can ad that as exception. Then that rule will not be used on you.
A exception for IP would look like this (your IP would go in place of the “000.000.000.000” example IP is, mind that line must have the “\” in front of “.” in the IP):
# 5G:[QUERY STRINGS]
<ifModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^000\.000\.000\.000$
RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR]
RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} echo.*kae [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} \=\\%27$ [NC,OR]
RewriteCond %{QUERY_STRING} \=\\\'$ [NC,OR]
RewriteCond %{QUERY_STRING} \.\./ [NC,OR]
RewriteCond %{QUERY_STRING} \? [NC,OR]
RewriteCond %{QUERY_STRING} \: [NC,OR]
RewriteRule .* - [F]
</ifModule>
Such a exception allows you to have stricter rules for visitors then for yourself. That of course only works well if you have a static IP and when you need to access from another location you again need a static IP there and a extra exception.
...
RewriteCond %{REMOTE_ADDR} !^000\.000\.000\.000$
RewriteCond %{REMOTE_ADDR} !^000\.000\.000\.001$
...
But using these exceptions can give the problem that when there is a conflict in that rule that you yourself then will not notice it while your entire site might be not accessible for everyone else.
A “rule” that you could use when you have a have static IP and that should not conflict with any normal user is to put a .htaccess in your “wp-admin” folder to restrict all outside access to it and only allow your IP in. A .htaccess with the lines below will only allow IP 000.000.000.000 and also block access to the .htaccess file itself:
Order Deny,Allow
Deny from all
Allow from 000.000.000.000
<FilesMatch "(wp\-config\.php|\.htaccess)$">
Order Allow,Deny
Deny from all
</FilesMatch>
When you ad the rule:
<FilesMatch "(wp\-config\.php|\.htaccess)$">
Order Allow,Deny
Deny from all
</FilesMatch>
In your WordPress root .htaccess file it will also block access to your wp-config.php file.
I will leave you to it now. Success with trying to protect your website without killing it yourself 😉
Best wishes for 2013.