WordPress.org

Ready to get started?Download WordPress

Forums

Blank Page Post upgrade to 3.5 htaccess (4 posts)

  1. Vistronic
    Member
    Posted 1 year ago #

    Hello after upgrade to 3.5 I hit edit page and its blank.
    After much trouble shooting including
    switch themes
    deactivate all plug ins
    look at error log
    in my case nothing in some cases it has helped.

    So I did a complete reinstall from scratch.

    The diffirence was the .htaccess file and the junk in it!

    Also I think it is a permalink problem, if before I did all this I changed my permalink setting I wonder if that may have cleared it? To late now but worth a try.

    This is related to a any security plugins you may have, they add stuff to this file, just remember a raw ht file transfered into your blog may not work as the permalinks! some how connected there.
    On another site,
    What I did was eat my file away one block at a time tell I found the bad area after that I changed my permalinks and bingo it works (of course some manual links are off).

    I hope this helps someone

  2. Vistronic
    Member
    Posted 1 year ago #

    # BEGIN WordPress
    # IMPORTANT!!! DO NOT DELETE!!! - BEGIN WordPress above or END WordPress - text in this file
    # They are reference points for WP, BPS and other plugins to write to this htaccess file.
    # IMPORTANT!!! DO NOT DELETE!!! - BPSQSE BPS QUERY STRING EXPLOITS - text
    # BPS needs to find the - BPSQSE - text string in this file to validate that your security filters exist
    
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /oam/
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    RewriteEngine On
    RewriteBase /oam/
    RewriteRule ^index\.php$ - [L]
    </IfModule>
    
    # IMPORTANT!!! DO NOT DELETE!!! the END WordPress text below
    # END WordPress

    here is what I ended up with

  3. Vistronic
    Member
    Posted 1 year ago #

    Here is what I had

    #   BULLETPROOF .46.7 >>>>>>> SECURE .HTACCESS     
    
    # If you edit the  BULLETPROOF .46.7 >>>>>>> SECURE .HTACCESS text above
    # you will see error messages on the BPS status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # This removes all of the BPS security code and replaces it with just the default WP htaccess code
    # To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.
    
    # BEGIN WordPress
    # IMPORTANT!!! DO NOT DELETE!!! - BEGIN WordPress above or END WordPress - text in this file
    # They are reference points for WP, BPS and other plugins to write to this htaccess file.
    # IMPORTANT!!! DO NOT DELETE!!! - BPSQSE BPS QUERY STRING EXPLOITS - text
    # BPS needs to find the - BPSQSE - text string in this file to validate that your security filters exist
    
    # TURN OFF YOUR SERVER SIGNATURE
    ServerSignature Off
    
    # ADD PHP HANDLER - Add your hosts php Handler below if you are using a php handler
    # Example GoDaddy PHP 5.2.x php handler is shown commented out directly below
    #AddHandler x-httpd-php5 .php
    
    # CUSTOM PHP.INI FILES - handlers and mod_suphp htaccess code for Web Hosts
    # If you are using either a BPS Pro custom php.ini file or one that you created yourself
    # If your host is GoDaddy and you have a custom php.ini file
    # uncomment the 1 line of code directly below
    #AddHandler x-httpd-php5 .php
    # If your host is BlueHost, HostMonster FastDomain and you have a custom php.ini file
    # uncomment the 1 line of code directly below
    #AddHandler application/x-httpd-php5s .php
    # If your host is HostGator and you have a custom php.ini file
    # uncomment the 3 lines of code below and replace xxxxx with your account/username
    #<IfModule mod_suphp.c>
    #suPHP_ConfigPath /home/xxxxx/public_html/php.ini
    #</IfModule>
    
    # DO NOT SHOW DIRECTORY LISTING
    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    Options -Indexes
    
    # DIRECTORY INDEX FORCE INDEX.PHP
    # Use index.php as default directory index file
    # index.html will be ignored will not load.
    DirectoryIndex index.php index.html /index.php
    
    # BPS PRO ERROR LOGGING AND TRACKING - Available in BPS Pro only
    # BPS Pro has premade 403 Forbidden, 400 Bad Request and 404 Not Found files that are used
    # to track and log 403, 400 and 404 errors that occur on your website. When a hacker attempts to
    # hack your website the hackers IP address, Host name, Request Method, Referering link, the file name or
    # requested resource, the user agent of the hacker and the query string used in the hack attempt are logged.
    # BPS Pro Log files are added to the P-Security All Purpose File Manager to view them.
    # All BPS Pro log files are htaccess protected so that only you can view them.
    # The 400.php, 403.php and 404.php files are located in /wp-content/plugins/bulletproof-security/
    # The 400 and 403 Error logging files are already set up and will automatically start logging errors
    # after you install BPS Pro and have activated BulletProof Mode for your Root folder.
    # If you would like to log 404 errors you will need to copy the logging code in the BPS Pro 404.php file
    # to your Theme's 404.php template file. Simple instructions are included in the BPS Pro 404.php file.
    # You can open the BPS Pro 404.php file using the WP Plugins Editor or by using the BPS Pro File Manager.
    # NOTE: By default WordPress automatically looks in your Theme's folder for a 404.php template file.
    
    #ErrorDocument 400 /oam/wp-content/plugins/bulletproof-security/400.php
    #ErrorDocument 403 /oam/wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 /oam/404.php
    
    # DENY ACCESS TO PROTECTED SERVER FILES - .htaccess, .htpasswd and all file names starting with dot
    RedirectMatch 403 /\..*$
    
    RewriteEngine On
    RewriteBase /oam/
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    
    RewriteEngine On
    RewriteBase /oam/
    RewriteRule ^index\.php$ - [L]
    
    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]
    
    # PLUGINS AND VARIOUS EXPLOIT FILTER SKIP RULES
    # IMPORTANT!!! If you add or remove a skip rule you must change S= to the new skip number
    # Example: If RewriteRule S=5 is deleted than change S=6 to S=5, S=7 to S=6, etc.
    # Adminer MySQL management tool data populate
    RewriteCond %{REQUEST_URI} ^/oam/wp-content/plugins/adminer/ [NC]
    RewriteRule . - [S=11]
    # Comment Spam Pack MU Plugin - CAPTCHA images not displaying
    RewriteCond %{REQUEST_URI} ^/oam/wp-content/mu-plugins/custom-anti-spam/ [NC]
    RewriteRule . - [S=10]
    # Peters Custom Anti-Spam display CAPTCHA Image
    RewriteCond %{REQUEST_URI} ^/oam/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
    RewriteRule . - [S=9]
    # Status Updater plugin fb connect
    RewriteCond %{REQUEST_URI} ^/oam/wp-content/plugins/fb-status-updater/ [NC]
    RewriteRule . - [S=8]
    # Stream Video Player - Adding FLV Videos Blocked
    RewriteCond %{REQUEST_URI} ^/oam/wp-content/plugins/stream-video-player/ [NC]
    RewriteRule . - [S=7]
    # XCloner 404 or 403 error when updating settings
    RewriteCond %{REQUEST_URI} ^/oam/wp-content/plugins/xcloner-backup-and-restore/ [NC]
    RewriteRule . - [S=6]
    # BuddyPress Logout Redirect
    RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC]
    RewriteRule . - [S=5]
    # redirect_to=
    RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC]
    RewriteRule . - [S=4]
    # Login Plugins Password Reset And Redirect 1
    RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC]
    RewriteRule . - [S=3]
    # Login Plugins Password Reset And Redirect 2
    RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
    RewriteRule . - [S=2]
    
    # ALLOW THUMBNAILER SCRIPTS TO DISPLAY IMAGES
    # By default BPS is forbidding allowing these thumbnailer scripts filename requests
    # This will Log lots of hacking attempts on your website in your BPS Pro Error Log
    # If you are using one of these thumbnailer scripts on your website and you want to allow
    # your thumbnailer script images to display then change [F,L] to [S=1]
    # Make sure that you have a security patched version or recent versions of these scripts
    # before changing [F,L] to [S=1] and allowing these files to be requested on your website
    # If you delete or remove the RewriteRule below you will need to change the above skip rules
    # Example: RewriteRule S=2 above will need to be changed to S=1, change S=3 to S=2, etc.
    RewriteCond %{REQUEST_FILENAME} thumb.php [NC,OR]
    RewriteCond %{REQUEST_FILENAME} thumbs.php [NC,OR]
    RewriteCond %{REQUEST_FILENAME} timthumb.php [NC,OR]
    RewriteCond %{REQUEST_FILENAME} phpthumb.php [NC]
    RewriteRule . - [F,L]
    
    # BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker.
    # Add or remove user agents temporarily or permanently from the first User Agent filter below.
    # If you want a list of bad bots / User Agents to block then scroll to the end of this file.
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F,L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /oam/index.php [L]
    
    # DENY BROWSER ACCESS TO THESE FILES
    # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
    # Replace Allow from 88.77.66.55 with your current IP address and remove the
    # pound sign # from in front of the Allow from line of code below to access these
    # files directly from your browser.
    
    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    #Allow from 88.77.66.55
    </FilesMatch>
    
    # IMPORTANT!!! DO NOT DELETE!!! the END WordPress text below
    # END WordPress
    
    # BLOCK HOTLINKING TO IMAGES
    # To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
    #RewriteEngine On
    #RewriteCond %{HTTP_REFERER} !^https?://(www\.)?add-your-domain-here\.com [NC]
    #RewriteCond %{HTTP_REFERER} !^$
    #RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]
    
    # BLOCK MORE BAD BOTS RIPPERS AND OFFLINE BROWSERS
    # If you would like to block more bad bots you can get a blacklist from
    # http://perishablepress.com/press/2007/06/28/ultimate-htaccess-blacklist/
    # You should monitor your site very closely for at least a week if you add a bad bots list
    # to see if any website traffic problems or other problems occur.
    # Copy and paste your bad bots user agent code list directly below.
  4. Vistronic
    Member
    Posted 1 year ago #

    the bad area`# BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker.
    # Add or remove user agents temporarily or permanently from the first User Agent filter below.
    # If you want a list of bad bots / User Agents to block then scroll to the end of this file.
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F,L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /oam/index.php [L]
    `

Topic Closed

This topic has been closed to new replies.

About this Topic