WordPress.org

Ready to get started?Download WordPress

Forums

Fast Secure Contact Form
rewrite to htaccess file shut down site (2 posts)

  1. 5high
    Member
    Posted 2 months ago #

    Hi,

    Our site has recently had an issue with a plugin writing incomplete code and/or totally removing the WP bit, namely this bit:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress
    from the .htaccess file... causing either 500 or 404 errors and the site to crash.

    So firstly, if it's this plugin that's doing this, it may be a bug that needs fixing (if others are having the same problem?) and secondly, I'd like to know if this pugin does in fact require write access to the .htaccess file? - if not, then I thought I could try securing it using the Better WP Security plugin settings.

    Dose anyone know?

    Many thanks :)

    https://wordpress.org/plugins/si-contact-form/

  2. 5high
    Member
    Posted 2 months ago #

    Also please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?...

    Server Tweaks:

    1. Protect Files

    Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
    (Warning: This feature is known to cause conflicts with some plugins and themes.)

    2. Disable Directory Browsing

    Prevents users from seeing a list of files in a directory when no index file is present.
    (Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)

    3. Filter Request Methods

    Filter out hits with the trace, delete, or track request methods.
    (Warning: This feature is known to cause conflicts with some plugins and themes.)

    4. Filter Suspicious Query Strings

    Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
    (Warning: This feature is known to cause conflicts with some plugins and themes.)

    5. Filter Non-English Characters

    Filter out non-english characters from the query string. This should not be used on non-english sites and only works when "Filter Suspicious Query String" has been selected.
    (Warning: This feature is known to cause conflicts with some plugins and themes.)

    Header Tweaks:

    6. Remove EditURI header

    Removes the RSD (Really Simple Discovery) header. If you don't integrate your blog with external XML-RPC services such as Flickr then the "RSD" function is pretty much useless to you.
    (Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)

    I'm just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended 'wp hardening' strategies. Might also be useful for others to know this info too?

    I look forward to your comments - many thanks.

Reply

You must log in to post.

About this Plugin

About this Topic