Plugin Author
AITpro
(@aitpro)
BPS .htaccess code would not work correctly as stand alone .htaccess code and must be integrated into the WordPress rewrite loop in order to add security protection beyond the website root directory. ie rewriting levels above the root such as categories, posts, pages, etc.
BPS is integrated into the WordPress rewrite loop and does utilize/incorporate the same default/base WordPress .htaccess code that WordPress uses.
It would be possible to splice the BPS .htaccess code into the default/base WordPress .htaccess code, but this would actually be very impractical to do.
Then you have to factor in things like AutoMagic. AutoMagic needs to create new .htaccess code based on each website’s specific type, installation paths, RewriteBase, etc. and that .htaccess code is the same .htaccess code that WordPress uses in its default/base .htaccess code.
Since BPS is an advanced .htaccess file editing plugin that comes with its own advanced .htaccess code/security filters and built-in .htaccess editing tools/features you can quickly, easily and permanently save customizations or add additional .htaccess code such as the Better WP Security .htaccess code.
We added the BPS Custom Code feature for exactly this reason – to accomodate adding additional custom htaccess code permanently. I have heard from several folks that they cut and paste the Better WP Security .htaccess code into the BPS Custom Code feature and everything works fine.
Note: I do not recommend that you use the Server Tweaks feature in WP Better Security because that .htaccess code is redundant with BPS .htaccess code and is actually much less sophisticated/advanced.
Ok, thanks for the clarification.
I’m also pasting the Better WP Security code in the custom code box and it indeed works fine.
The problem starts however when I want/need to change some settings in other plugins (either Better WP Security or others) afterwards.
But with the details you just provided I understand my proposal wouldn’t work.
Thanks for the fast response and pointing out that I shouldn’t use the Server Tweaks feature in Better WP Security. I wasn’t aware of that.
Plugin Author
AITpro
(@aitpro)
Update: Things have changed with the Better WP Security plugin so I no longer know if this information is valid. I believe the .htaccess code section has now been moved to the Better WP Security Menu link/page and Server Tweaks now does something else. Or maybe they have been split up? The general idea is that you can use the BPS Custom Code feature to create your own combined custom master .htaccess files.
I’m on a security kick lately, and have been taking steps to tighten up my WordPress site, so advice like this is welcome to see for making plugins work together. Thanks to the custom code section of the BPS settings, I’ve kept custom rules such as the 5G blacklist (http://perishablepress.com/5g-blacklist/), the Better WP Security rules, and some miscellaneous items (should probably review and prune those). So thanks for accommodating other plugins!
Plugin Author
AITpro
(@aitpro)
Yep I think the best feature about BPS is the Custom Code feature since it gives you the ability to mix and match/roll your own. This was a brilliant feature suggested/requested a long while back by someone. I use Custom Code myself all the time for creating RedirectMatch 301 redirect code to handle 404’s and several other things as well. I am always open to new ideas/suggestions/requests/feedback since they can lead to very useful features/tools/etc. Thanks for your feedback.
