What file permissions are needed while editing?

Also, how far up on my BPS .htaccess sheet for a given site can I put this without possibly breaking something else…

# ref http://calladeveloper.blogspot.com/2013/04/global-wordpress-brute-force-attacks.html
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?.example.com [NC]
RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

??

To put it nicely that code above is amateurish… NOT Recommended that you use that code on your website.

I thank you, and I will nix it.

The Simple Query String Login page protection code in the link below is what you want to use. It allows only you to be able to login to your site…

I cannot do that (unless I learn how to add ranges, and I might do that later on) since others need to be able to get in also…and I again thank you.

If you have custom .htacces code saved to BPS Custom Code…

I had once done that in the past and then removed it from there and then re-added those and even more modifications manually via FTP.

…saved to BPS Custom Code…saved permanently and it will always be written to your .htaccess files when you use the AutoMagic buttons and activate BulletProof Modes again.

Here is my dilemma in understanding things here:

The BPS htaccess File Editor currently displays the default BPS secure.htaccess file (including all comment lines), but this morning the BPS .49.1 update turned on permissions (no complaint from me there) and added the new lines to my previously-FTP-edited file that has never been in the BPS Custom Code and BPS-saved anywhere (at least not by my doing) and does *not* include all the default comment lines normally found in the default BPS secure.htaccess file. So, BPS apparently read my manually edited file during the update, but I have no idea whether BPS has saved that anywhere and I do not want to just paste my entire modified file into the editor and lose access to the default BPS secure.htaccess file I might later need if something goes haywire somewhere.

If you have NOT saved your custom code to BPS Custom Code then it will not be included in your .htaccess files if you use the AutoMagic buttons again and activate BulletProof Modes at a later time.

I think I understand there, but I have yet to get to that point since I first need a new “square one”…

So I think that answer to the starting point/square one question is you would save any personal/custom .htaccess code/plugin skip/bypass rules/Bonus Code/etc to BPS Custom Code, then click your AutoMagic buttons and then activate BulletProof Modes. I believe the Custom Code video tutorial link explains that generally on the BPS Custom Code page.

Again, I understand there. However, I do not understand what happened this morning when the BPS .49.1 update added its new lines to my previously-FTP-edited file (that has never been added as BPS Custom Code) but it did not restore all the default comment lines…and I do not want to proceed until I know how to get back to “square one” either today or at some future time after something might have gone haywire somewhere.

Question: If I deactivate and uninstall BPS with an eventual “square one” in mind, would there be things in my database that could or should be flushed before reinstalling and reactivating BPS at “square one”?

If you are not using BPS Custom Code then no nothing is saved to your database.

I understand, but I do not know what might already or still be there now since I had used BPS Custom Code in the past and then later deleted my additions (after having changed my mind about some of them as well as) after having made BPS backups and such. So if this sounds right to you, here is what I am going to do:

1) Make my own manual backups of the current htaccess file at each site;
2) Manually set permissions to 0644;
3) Have BPS write, save and backup all default BPS files;
4) Assume that to be a BPS “square one”;
5) Do things properly from then on.

Might that get me to where I think I want to be?!

I think my dilemma all along has been in trying to add things via BPS without having fist set permissions as they need to be in order to do that.

If there is something you might normally suggest in place of my kind of logic, I am definitely listening before proceeding since that is all I can think of at the moment. I am slowly becoming aware of more of BPS’ overall potential in this area, but I am extremely visually-oriented and have yet to “see the picture”.

Many thanks!

I thank you for you patience with me, and I have made it to my final question on all of this.

Here is what I have done so far:
1. manually edited and FTP-uploaded each site’s htaccess file exactly as as I want its final version to be (and mostly as BPS had previously made for me);
2. clicked both “BulletProof Security Backup” buttons and found all to be well there (of course);
3. clicked the BPS “Create Secure htaccess File” button.

At this moment, then, the BPS editor shows “Your Current Root htaccess File” (that also happens to be my own final version) exactly as it should, and I do understand how to use the BPS editor to have BPS generate a customized “secure.htaccess” file that would be identical to what I already have in place. However, I want to get there differently. So…

If I use the BPS editor to save “Your Current Root htaccess File” as “secure.htaccess” via my own copy-and-paste, will the BPS “Create Secure htaccess File” button later still be able to make the same “secure.htaccess” file it is engineered to make at “first use”?

If not, that had been my entire concern here concerning “square one”, and I might just have to do things the BPS way rather than my own.

Many thanks.