Plugin Author
AITpro
(@aitpro)
The issue is mostly likely caused by one of these very common issues below, but check your Root .htaccess to see what is in it. Most likely you will see duplicated WordPress htaccess code repeated many times in the root .htaccess file and all BPS security code has been deleted.
WordPress flush_rewrite_rules function problem
http://forum.ait-pro.com/forums/topic/read-me-first-free/#flush-rewrite-rules
cPanel HotLink Protection Tool Problem
http://forum.ait-pro.com/forums/topic/read-me-first-free/#cpanel-hotlink-protection
Or it might be this new Wordfence Falcon cache problem that we are seeing a lot now. If you are using Wordfence Falcon cache then you will need to copy that .htaccess cache code from your root .htaccess file to this BPS Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
Click the Save Root Custom Code button.
Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root folder BulletProof Mode again.
Or just use BPS Speed Boost Cache code which is faster than Wordfence Falcon cache code and turn off Falcon.
http://forum.ait-pro.com/forums/topic/htaccess-caching-code-speed-boost-cache-code/
Thank you for your reply
this is the modified version of .htaccess:
# BULLETPROOF .50.1 >>>>>>> SECURE .HTACCESS
# If you edit the BULLETPROOF .50.1 >>>>>>> SECURE .HTACCESS text above
# you will see error messages on the BPS Security Status page
# BPS is reading the version number in the htaccess file to validate checks
# If you would like to change what is displayed above you
# will need to edit the BPS /includes/functions.php file to match your changes
# If you update your WordPress Permalinks the code between BEGIN WordPress and
# END WordPress is replaced by WP htaccess code.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# This removes all of the BPS security code and replaces it with just the default WP htaccess code
# To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# FORBID COMMENT SPAMMERS ACCESS TO YOUR wp-comments-post.php FILE
# This is a better approach to blocking Comment Spammers so that you do not
# accidentally block good traffic to your website. You can add additional
# Comment Spammer IP addresses on a case by case basis below.
# Searchable Database of known Comment Spammers http://www.stopforumspam.com/
<FilesMatch "^(wp-comments-post\.php)">
Order Allow,Deny
Deny from 46.119.35.
Deny from 46.119.45.
Deny from 91.236.74.
Deny from 93.182.147.
Deny from 93.182.187.
Deny from 94.27.72.
Deny from 94.27.75.
Deny from 94.27.76.
Deny from 193.105.210.
Deny from 195.43.128.
Deny from 198.144.105.
Deny from 199.15.234.
Allow from all
</FilesMatch>
# BLOCK MORE BAD BOTS RIPPERS AND OFFLINE BROWSERS
# If you would like to block more bad bots you can get a blacklist from
# http://perishablepress.com/press/2007/06/28/ultimate-htaccess-blacklist/
# You should monitor your site very closely for at least a week if you add a bad bots list
# to see if any website traffic problems or other problems occur.
# Copy and paste your bad bots user agent code list directly below.
also w3tc settings that i removed in this code
and though i don’t use falcon engine so i think it’s because of
WordPress flush_rewrite_rules function problem
that you say
I enabled secure.htacces again
thank you a lot for your reply and for your useful plugin
Plugin Author
AITpro
(@aitpro)
Yep, that looks like the typical flush_rewrite_rules function problem. Lock your root .htaccess file on the BPS htaccess File Editor page so that this problem will not continue to occur.
Plugin Author
AITpro
(@aitpro)
Assuming all questions have been answered – Thread has been resolved. If you have additional questions about this specific issue please post them. Thanks.