I have installed, removed, and reinstalled at least 6 WP GWIOD installs over the last two months, each following the instructions on that page:
I had yet to receive any 403, 404, etc, or any other errors until just after my BPS install when I tried to delete unused plugins.
Specifically I followed - as far as I know, each time, the following:
Using a pre-existing subdirectory install
If you already have WordPress installed in its own folder (i.e. http://example.com/wordpress) then the steps are as follows:
Go to the General panel.
In the box for Site address (URL): change the address to the root directory's URL. Example: http://example.com
Click Save Changes. (Do not worry about the error message and do not try to see your blog at this point! You will probably get a message about file not found.)
Copy (NOT MOVE!) the index.php and .htaccess files from the WordPress directory into the root directory of your site (Blog address). The .htaccess file is invisible, so you may have to set your FTP client to show hidden files. If you are not using pretty permalinks, then you may not have a .htaccess file. If you are running WordPress on a Windows (IIS) server and are using pretty permalinks, you'll have a web.config rather than a .htaccess file in your WordPress directory. As stated above, copy (don't move) the index.php file to your root directory, but MOVE (DON'T COPY) the web.config file to your root directory.
Open your root directory's index.php file in a text editor
Change the following and save the file. Change the line that says:
to the following, using your directory name for the WordPress core files:
Login to your site. It should still be http://example.com/wordpress/wp-admin/
If you have set up Permalinks, go to the Permalinks panel and update your Permalink structure. WordPress will automatically update your .htaccess file if it has the appropriate file permissions. If WordPress can't write to your .htaccess file, it will display the new rewrite rules to you, which you should manually copy into your .htaccess file (in the same directory as the main index.php file.)
My hosting is with Bluehost and Apache/Linux AFAIK, not Windows.
As such, the only other change instructed above is the change to the index.php:
which for both of my WP installs was changed to
And you are correct, I did not copy the new BPS rewrite of .htaccess in my root/wp/ directory to my root directory. I have done that now, but I still can't delete any plugins.
As for the above Permalinks reference, with WP 3.3.1, I would get that notice about the rewrite rules - I don't recall what it was exactly.
But now, with my WP 3.3.2 GWIOD installs, the Permalinks page just reports "Permalink structure updated." at the top.
Before starting this reply, I copied the BPS rewritten .htaccess file in my root/wp/ directory to my root.
And I still can't delete any plugins: 403, etc.
I just clicked Save Changes on that Permalinks page just now - I didn't change anything, I just clicked Save Changes because I wanted to see what it would say now with the new BPS copy of .htaccess - "Permalink structure updated." at the top - and it deleted a lot of the material in the copy of the BPS changed .htaccess file in my root/wp/ directory.
So, I've re-copied the original BPS rewrite of .htaccess in my root/wp/ directory back over that Permalinks rewrite that just occurred.
The size of the file had changed from 11k to 2k approx, and is now the same size as the copy in root/wp.
The addition of RewriteBase, etc, under the GWIOD section "Pointing your home site's URL to a subdirectory" had never seemed necessary, since everything always worked as long as I differentiated the url for my domain and for my WP install in the Dashboard General Settings page.
And that section "Pointing your home site's URL to a subdirectory" begins with "In some cases..." and I have had no problems with any content or plugins in any of my WP GWIOD installs until BPS.
If you believe that I need to add some RewriteBase, etc code to my BPS rewritten .htaccess, then I suggest that you tell me exactly where in that, now, large file to put the code.
I presumed nothing special was required because other than this from the WP/BPS FAQ "BulletProof Security works on all types of WordPress installations including "Giving WordPress Its Own Directory" websites.", I didn't notice any other instructions, although it is certainly possible that I missed something.
Finally, I wrote and you replied:
What does this mean? Please explain this more clearly with exact specific details.
The wp folder htaccess file, one level below the root, contains numerous modifications by BPS.
I don't know how to explain it. The file is 11k now, with lots of BPS comments and code.
I don't know what details you want me to extract from that. When I wrote "The wp folder htaccess file..." I'm referring to the root/wp/.htaccess file, now significantly larger and edited by BPS.
Do you want me to send you a copy as an attachment?