WordPress.org

Forums

BulletProof Security
[resolved] 403 Forbidden Every Time I update BPS Security (5 posts)

  1. przwilson
    Member
    Posted 2 years ago #

    Hi,

    I get a 403 Forbidden error every single time I update the BPS Security plug-in. This has happened 3 times in a row (ever since I installed the plug-in). The entire site goes down, I get locked out of the Dashboard, and I have to call my hosting company an ask them to go in and clear out errors just to get the site back online. I just went through this with my host again. They said that the permission of the .htaccess file had gotten changed to 404 - they changed it back to 644 and everything seems to be working again.

    This is really frustrating - can you please help me understand why this might be happening?

    Thank you,

    Justin

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    BPS automatically locks your root .htaccess file with 404 permissions after the .htaccess files are automatically updated. If your Host does not allow you to lock the root .htaccess file with 404 permissions then you can click the Turn Off AutoLock button on the BPS Edit/Upload/Download page. This will permanently prevent your root .htaccess file from being automatically locked again.

    Is your host one of these 4 hosts in the link below that do not allow 404 permissions? Please post your host's name if it is not one of the 4 hosts listed in the link below.
    http://forum.ait-pro.com/forums/topic/read-me-first-free/#root-htaccess-file-lock

  3. przwilson
    Member
    Posted 2 years ago #

    Thank you very much for the reply. Will turning off the AutoLock decrease the security of the site at all?

    I have confirmed with the web host that they do not allow the .htaccess file to be set to anything other than 644 permissions. You can add this hosting company to the list: FatCow

    They suggested that I could rename the file to .htaccess2 and that that would prevent it from being overwritten. Is this something we would want to do?

    It sounds like turning off the AutoLock is all that we need to prevent any further issues - we just want to make sure that doing so won't compromise the security of the site as well as the security measures that BPS Security is providing. Can you please just clarify that for us?

    Thank you!

  4. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    644 permissions are perfectly fine. 404 permissions add an extra bonus level of security, but if your host does not allow this then no big deal.

    Yep, turning AutoLock off will prevent your root .htaccess from being locked again so this same issue/problem will not occur anymore.

  5. przwilson
    Member
    Posted 2 years ago #

    Ok got it, I will try this method at the next update. Thank you kindly for the support.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic