Title: 500 errors efter installing Bulletproof Security
Last modified: August 20, 2016

---

# 500 errors efter installing Bulletproof Security

 *  Resolved [aztekk](https://wordpress.org/support/users/aztekk/)
 * (@aztekk)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/)
 * Hi
    I’ve tried to get this plugin working this whole evening, but I really can’t
   do it ..
 * When ever I try to install the secure .htaccess files, I always end up with 500
   errors. Can’t figure out why.
 * My WP install is 3.4.2 and the BPS version is the latest (.47.4)
 * I’m running this WP-install on a private sub-domain.
    -> blog.site.com I’ve tried
   using all the automagic buttons with no success, always 500 errors after installing.
 * What am I doing wrong?
    /A
 * PS.
    When I edit the .htaccess files with vim, via SSH, I can see a lot of `^
   M` at the end of almost every line. What’s that about?
 * [http://wordpress.org/extend/plugins/bulletproof-security/](http://wordpress.org/extend/plugins/bulletproof-security/)

Viewing 9 replies - 1 through 9 (of 9 total)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130839)
 * > When I edit the .htaccess files with vim, via SSH, I can see a lot of ^M at
   > the end of almost every line. What’s that about?
 * This is probably the cause of the problem if you have a MAC based Server – BSD
   or Mountain Lion, etc. The Control M line breaks are a Windows based Line Break.
   The last save of the BPS plugin files was done in Windows CR LF Code Format. 
   This was a mistake and should have been LF UNIX Code Format. This is corrected
   in BPS .47.5, which will be released in a couple of days. You will need to strip
   out the the ^M line breaks.
 * Other things that can cause 500 errors are:
 * Using and .htaccess file on Windows Hosting. BPS is designed for Apache Linux
   Hosting.
 * Comment out the Options -Indexes line below with a # sign in your root .htaccess
   file as shown below.
 *     ```
       # DO NOT SHOW DIRECTORY LISTING
       # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
       # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
       #Options -Indexes
       ```
   
 * BPS and BPS Pro are compatible with 1,000′s of Web Hosts, but are not compatible
   with these 3 Web Hosting Companies (Landis Holdings, NTT Communications & DreamHost–
   Due to Custom Server Configurations)
 * Hostingzoom (Landis Holdings)
    Resellerzoom (Landis Holdings) Modvps (Landis 
   Holdings) WowVPS.com (Landis Holdings) JaguarPC (Landis Holdings) Verio (NTT 
   Communications) NTT America (NTT Communications) NTT Europe (NTT Communications)
   DreamHost
 * The Broken cPanel HotLink Protection Tool problem.
    [http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=7](http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=7)
 * Some web hosts only allow 644 file permissions. change the root .htaccess file
   permissions to 644.
 *  Thread Starter [aztekk](https://wordpress.org/support/users/aztekk/)
 * (@aztekk)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130862)
 * This is all done on a VPS running Ubuntu Server 12.04 LTS hosted by Inception
   Hosting, so I don’t think that it’s a webhost cPanel issue.
 * The thing is that I manually removed all ^M entries but still no go.
    I use `
   en_US.ISO-8859-1` as locale on the server, if that matters ..
 * I’m thinking it maybe has something to do with my vhost for this WP-installation?
 *     ```
       <VirtualHost *:80>
               ServerName blog.site.com
               ServerAlias blog.site.com
               DocumentRoot /var/www/blog/html/
   
               ErrorLog ${APACHE_LOG_DIR}/blog.site.error.log
               # Possible values include: debug, info, notice, warn, error, crit,
               # alert, emerg.
               LogLevel warn
   
               CustomLog ${APACHE_LOG_DIR}/blog.site.access.log combined
   
               <Directory /var/www/blog/html>
                       Options FollowSymlinks
                       AllowOverride FileInfo
               </Directory>
       </VirtualHost>
       ```
   
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130883)
 * Have you tried using a default regular WordPress .htaccess file? Does it work
   or do you still get 500 errors? Open your root .htaccess and look at the formatting.
   Is there formatting with line breaks or is the code all one big block of code
   without line breaks?
 * I’m not real familiar with LogLevel WARN and use RewriteLogLevel for .htaccess
   debugging.
 * “The RewriteLogLevel directive sets the verbosity level of the rewriting logfile.
   The default level 0 means no logging, while 9 or more means that practically 
   all actions are logged.
 * To disable the logging of rewriting actions simply set Level to 0. This disables
   all rewrite action logs.
 * Using a high value for Level will slow down your Apache server dramatically! 
   Use the rewriting logfile at a Level greater than 2 only for debugging!”
 * # Log to a file:
    RewriteLog “/usr/local/var/apache/logs/rewrite.log” # 2 is 
   recommended for Production sites RewriteLogLevel 2
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130897)
 * hmm yeah aren’t you supposed to have your paths in double quotes (probably either
   way is fine)? It is possible that it could be your httpd-vhosts.conf config, 
   but i don’t think the problem is actually going to be that “deep”. Delete the
   root .htaccess file and then just resave your custom permalink structure to generate
   a new WordPress Default .htaccess file and let me know what happens at that point.
 *     ```
       NameVirtualHost *:80
   
       <VirtualHost example-site.local>
           ServerAdmin postmaster@localhost
           DocumentRoot "C:/xampp/htdocs/example-site"
           ServerName example-site.local
           ServerAlias example-site.local
           <Directory "C:/xampp/htdocs/example-site">
           	Options Indexes FollowSymLinks Includes ExecCGI
           	AllowOverride All
           	Order allow,deny
           	Allow from all
           </Directory>
       </VirtualHost>
       ```
   
 *  Thread Starter [aztekk](https://wordpress.org/support/users/aztekk/)
 * (@aztekk)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130902)
 * I stripped out the vhost-file and now it actually works!
 * I just added this, to the Options statement.
    `Indexes Includes ExecCGI`
 * Thanks for your support!
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130907)
 * Awesome!!!
    thanks for confirming all is well. 😉
 *  [Mika Epstein](https://wordpress.org/support/users/ipstenu-dh/)
 * (@ipstenu-dh)
 * DreamHost Rep
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130947)
 * AITpro – What is it that we’re doing here at DreamHost that won’t let your plugin
   work? If you want to email me, hit me up at mepstein AT dreamhost.com 🙂
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130949)
 * In my experience, DreamHost has always had much more advanced config stuff available
   to hosted customers compared to a lot of other Hosts, which typically offer the
   standardized one size fits all hosting accounts. 😉 And of course DreamHost actively
   does a lot more custom Server security config stuff to actively beef up security
   for customers and the Hosting Environment, which of course is awesome. 😉
 * Ok so actually here is the issue. I have only had 1 person/DreamHost customer
   report a problem and at the time i was not able to contact other DreamHost customers
   using BPS so i had to post this until i could check with other DreamHost peeps
   to do follow-ups to ensure all was well with them. I was going to tackle that
   today. But it is looking like actually this is just an isolated issue so far.
 * The person has the “My Happy Hosting” plan.
    These are the issues that were causing
   problems for only BPS Pro, but i had to post something to “freeze” everything
   until i had time to do full research.
 * 1. This user’s WordPress installation/version is automatically updated so what
   happens is if BPS Pro AutoRestore/Quarantine is turned on while the upgrade occurs
   then all WordPress Core files are AutoRestored and sent to Quarantine by BPS 
   Pro.
 * 2. This user is not getting the BPS Pro upgrade notification within the WP Dashboard
   so i assume that this is being actively blocked – i did not have to dig further
   into why this was, but most likely Remote API GET HTTP connections are being 
   actively blocked.
 * 3. The ZipArchive Class appears to be disabled on this user’s Server.
 * All of things add/increase security for this particular user, but also cause 
   the user problems so what i need to determine is if this is just done on his 
   particular hosting account type or if these are new sitewide policies, etc. And
   i think that the active approach that DreamHost takes to protect their customers
   if very admirable so i am definitely not knocking DH in any way shape or form.
   😉
 * So give me a day or two to dig deeper into these things and contact other DH 
   customers and most likely i can remove this “freeze” posting that was posted 
   as a CYA post LOL 😉 At this point since i have not heard from any other DreamHost
   customers then it should be able to remove that post today or tomorrow once i
   can contact them to confirm all is well.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130955)
 * [@mika](https://wordpress.org/support/users/mika/) – ok i have checked in with
   several folks who have VPS and Shared Hosting on DreamHost and they are not having
   any problems whatsoever with BPS so this was apparently just an isolated incident.
   Thanks.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘500 errors efter installing Bulletproof Security’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

## Tags

 * [500 error](https://wordpress.org/support/topic-tag/500-error/)
 * [htaccess](https://wordpress.org/support/topic-tag/htaccess/)

 * 9 replies
 * 3 participants
 * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/)
 * Last activity: [13 years, 6 months ago](https://wordpress.org/support/topic/500-errors-efter-installing-bulletproof-security/#post-3130955)
 * Status: resolved