Support » Plugin: BulletProof Security » Adding a .htaccess file to the root

Viewing 15 replies - 1 through 15 (of 34 total)
  • Plugin Author AITpro


    Here are some basics about .htaccess files.

    .htaccess files are actually Server configuration files and to be 100% technically correct they are called “distributed configuration files”.

    .htaccess files work in a hierchical way. If a root folder has an .htaccess file in it it will try to apply the security rules in that root .htaccess file to all subfolders recursively. If a subfolder (subfolderA) has an .htaccess file in it then subfolderA will follow the rules in its own .htaccess file. WebsiteB will also follow the rules in its own .htaccess file.


    If you want to manually add an .htaccess file to the Document Root folder of your Hosting account then I assume that you do not have a WordPress site installed in the Root folder and either have another type of site such as an HTML site or no site is installed in the Root folder and you just want to protect that Root folder correct?

    If you have an HTML site in your Root folder or you just want to protect the root folder and that root folder contains an index.html or index.htm file then see this Forum link >>>

    If the root folder contains an index.php file for some other website type then yes you can use the subfolder .htaccess file from your WordPress site and you would just change the RewriteBase to RewriteBase / and also your RewriteRules from /subfolder/index.php to just /index.php.


    I really appreciate that thorough answer, it is very generous. In my case I just want to protect the root folder. So that link is excellent.

    As I have tried other .htaccess files – I am however still getting a server error, even with this file – is there something else that needs to be configured in the file.

    I am not sure I am adding my site correctly to the rewrite rules?

    Again appreciate the response.


    Plugin Author AITpro


    I see in another thread that you posted that you have a WordPress Network/Multisite installation.

    Have you installed/setup BPS correctly for your Network/Multisite site? >>>

    I would need the specific details about what you are trying to do exactly. Example: I have a site installed here (/subfolder-name) and it is site type (HTML, WordPress, etc). I do X and then Y happens. The error message is: [post your error message]. The rewrite rules i am using are [post the rewrite rule] for the site X located in folder Y. Thanks.


    No that wasn’t me was it :-(? I don’t think I’ve posted about this before!

    My site is root – it has a splash page then one wordpress subfolder with multisite set up running two sites.

    BPS seems to be working okay on the multisite setup…

    My issue is simply what changes I need to make to the .htaccess you gave me the link to to make it work on my server in the root folder.

    I think you have to add your domain somewhere….

    I’m getting HTTP Error 500 Internal server error.

    I hope that makes sense 🙂


    Plugin Author AITpro


    I was referring to this thread – this is how/where i figured out that you have a Network/MU site >>>

    Ok so this is your site architecture correct?

    root directory (/public_html)
    /splash page here

    subfolder directory (/public_html/subfolder)
    /subfolder/mulitsite is installed here – Network/Multisites need to be installed in the Root website directory correct? I do not think they work correctly installed in a subfolder.

    Yes BPS works fine in general for Network/Multisite installations.

    What exactly is in your Root folder / Document Root folder / root of your Hosting account? >>> this is the root folder / (/public_html). Is there an index.htm file or index.html file or index.php file in your root folder? Is there a site installed or in the root folder? Or do you just have files in the root folder and one of those files is a Splash page? In order for your root directory to work correctly you have to have one of these file types in it: index.php, index.htm or index.html (or index.asp but this would be a Windows index file and htaccess files do NOT work on Windows Servers).

    Sorry for the delayed response…

    Whoops forgot about that thread completely! Shows how much the whole thing was causing me grief!

    The set up is just as you have described it:

    In the root folder you refer to in the last paragraph I have index.html installed. So:

    My website root: public_folder

    1. index.html
    2. wordpress folder containing MU installation.

    Beside folders for images and css in the public_html folder that’s it.

    I hope that makes sense…


    Plugin Author AITpro


    Ok great then you would use the html version of the of the HTML htaccess file posted in the Forum here >>>

    But I am still unsure about having a Network/Multisite installation in a subfolder. I am not a MU expert, but from what i remember reading once you are ONLY supposed to install a Network/MU site in your Root folder or it will not work correctly if installed in a subfolder. Please look around and confirm this. it has been a while since i looked into this so things might be different now for Network/MU WordPress installations.

    The cause of the problem could be simply that you cannot install a Network/MU site in a subfolder, but i could be wrong about this.

    Plugin Author AITpro


    Ok i looked around and you would have to do this. You would have to do a Giving WordPres its own directory type of installation for what you have setup on your site. This means that your root folder will have to contain the index.php file in order for this setup to work correctly. See the WP Codex link below.

    Also please read through these WP Codex pages

    Plugin Author AITpro


    And this is what i thought meant all WordPress Network/MU installations but it is actually ONLY for subdomain MU installations.

    WordPress must be installed in the root of your webfolder (i.e. public_html) for subdomains to work correctly. They will not work from within a subdirectory.


    I’m really sorry – I’ve misinformed you. The WP installation is in a subdomain ‘’. It appears as a subfolder in the server directory. On describing my setup I got confused.

    It’s in fact the only way I could get my set up to work!

    So the links from the splash page go here:

    AND site…

    So in fact the MU installtion is in the root – just in a subdomain! I do feel like I’m the only person in the world who has set up – it’s counter intuitive for many reasons but works for the client.

    My problem with the .htaccess is does it need configuring in any way – ie. changing URLs within the file to get it work…

    Thanks you again for your time and detailed answers…


    Plugin Author AITpro


    Yep that makes sense. A true subdomain site is its own unique Domain with a DNS A record pointing to it (installation folder name). 😉

    Subdomain Site = Root website

    If the Splash page is in the same folder as your MU installation then it is not in fact in the Document Root folder for the Hosting account and is in the Root folder for the MU site.

    So now i do not understand your original question at all.

    What exactly is the question?

    Ha ha ! Yes sorry…

    I think you’ve answered it – the WordPress in this case may have muddied the water…!

    I just need a secure .htaccess file for my the main domain –

    I was wondering if I can somehow copy the BPS file from the SUBDOMAIN 🙂 with a few tweaks.

    But you kindly sent me a link to do just that, my issue was on my server I was getting server errors – so wondered what needed tweaking…

    Hope that makes sense 🙂

    Plugin Author AITpro


    Ok so one question has been answered then correct?

    The other question is about errors that are occuring.
    I need to know more information about your website. Please see this post and then post this information in your reply.

    Thanks so much…

    At the moment for some reason I can’t see the Network Dashboard 🙁 I hadn’t noticed before.

    I’m not sure why this is – perhaps the 3.5 upgrade.

    It ‘s a new problem, I can’t access the plugins…Even in the two sites set up in multisite…!

    Let me com back to you – it must be a different problem…


    Plugin Author AITpro


    Do you have BPS .47.7 installed? Double check your root and wp-admin htaccess files to make sure they do not contain these old security filters.

    OLD root .htaccess security rules
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]
    NEW root .htaccess security rules
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    OLD wp-admin .htaccess security rule
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
    NEW wp-admin .htaccess security rule
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]

Viewing 15 replies - 1 through 15 (of 34 total)
  • The topic ‘Adding a .htaccess file to the root’ is closed to new replies.