WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Bulletproof Security and 403 Forbidden error (5 posts)

  1. Carlo Rizzante
    Member
    Posted 11 months ago #

    Hello,
    after having installed and configured the plugin BulletProof Security, and set it up as recommended, and specially after having setup the permissions to sensible files at 400, I couldn't visit the site any more. In fact the server returned a 403 error.

    I fixed the problem setting up the permission for the file .htaccess back at 644, and not 400 as recommended.

    My question now is, what exactly is the difference in terms of security in having to keep the .htaccess file visible to the World? And why the recommended setting put the entire site down, instead?

    Thanks in advance,
    Carlo

    http://wordpress.org/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 11 months ago #

    .htaccess file permissions can be set to: 404 and 444 IF your Host allows this. Some Hosts ONLY allow 644 permissions for .htaccess files. Also if you have a DSO Server then you can ONLY use 644 file permissions.

    400 file permissions can be used for other files such as: wp-config.php and wp-blog-header.php IF your Host allows this. If you have a DSO Server then you can ONLY use 644 file permissions.

    Changing file and directory permissions to a more secure permission setting is really not that effective anymore. It was a few years ago, but it does not add any significant security anymore. One of the primary benefits of locking your root .htaccess file is to prevent these very common problems below from occurring repeatedly on your website:

    http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=9

    http://forum.ait-pro.com/forums/topic/read-me-first-free/#flush-rewrite-rules

  3. AITpro
    Member
    Plugin Author

    Posted 11 months ago #

    Did this answer your question? If so, please resolve this thread. If not, please post a status update.

  4. AITpro
    Member
    Plugin Author

    Posted 11 months ago #

    Did this answer your question? If so, please resolve this thread. If not, please post a status update.

  5. Carlo Rizzante
    Member
    Posted 11 months ago #

    Thanks, it did :)

Reply

You must log in to post.

About this Plugin

About this Topic