Support » Plugin: BulletProof Security » BULLETPROOF x.x SECURE .HTACCESS line of code was not found at the top of your R

  • Resolved cfazio4



    I am trying to install your plugin, but I keep getting an error on the setup wizard “BULLETPROOF x.x SECURE .HTACCESS line of code was not found at the top of your Root htaccess file.”.

    I am also getting the error:

    “Your root htaccess file is Locked with Read Only Permissions.”

    “Use the Lock and Unlock buttons below to Lock or Unlock your root htaccess file for editing.”

    I am very confused.

    When I unlock my htaccess file it says:

    “Error: Unable to write to the Root htaccess file. If your Root htaccess file is locked you must unlock first.”

    But it is unlocked and autolock is turned off.

    I dont know how to proceed if I need write permissions but unlocking the file does not work.

    Root htaccess:

    deny from
    # BEGIN WP Rocket v3.7.2
    # Use UTF-8 encoding for anything served text/plain or text/html
    AddDefaultCharset UTF-8
    # Force UTF-8 for a number of file formats
    <IfModule mod_mime.c>
    AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml
    # FileETag None is not enough for every server.
    <IfModule mod_headers.c>
    Header unset ETag
    # Since we’re sending far-future expires, we don’t need ETags for static content.
    FileETag None
    <IfModule mod_alias.c>
    <FilesMatch "\.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$">
    <IfModule mod_headers.c>
    Header set X-Powered-By "WP Rocket/3.7.2"
    Header unset Pragma
    Header append Cache-Control "public"
    Header unset Last-Modified
    <FilesMatch "\.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$">
    <IfModule mod_headers.c>
    Header unset Pragma
    Header append Cache-Control "public"
    # Expires headers (for better cache control)
    <IfModule mod_expires.c>
    	ExpiresActive on
    	ExpiresDefault                              "access plus 1 month"
    	# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
    	ExpiresByType text/cache-manifest           "access plus 0 seconds"
    	# Your document html
    	ExpiresByType text/html                     "access plus 0 seconds"
    	# Data
    	ExpiresByType text/xml                      "access plus 0 seconds"
    	ExpiresByType application/xml               "access plus 0 seconds"
    	ExpiresByType application/json              "access plus 0 seconds"
    	# Feed
    	ExpiresByType application/rss+xml           "access plus 1 hour"
    	ExpiresByType application/atom+xml          "access plus 1 hour"
    	# Favicon (cannot be renamed)
    	ExpiresByType image/x-icon                  "access plus 1 week"
    	# Media: images, video, audio
    	ExpiresByType image/gif                     "access plus 4 months"
    	ExpiresByType image/png                     "access plus 4 months"
    	ExpiresByType image/jpeg                    "access plus 4 months"
    	ExpiresByType image/webp                    "access plus 4 months"
    	ExpiresByType video/ogg                     "access plus 4 months"
    	ExpiresByType audio/ogg                     "access plus 4 months"
    	ExpiresByType video/mp4                     "access plus 4 months"
    	ExpiresByType video/webm                    "access plus 4 months"
    	# HTC files  (css3pie)
    	ExpiresByType text/x-component              "access plus 1 month"
    	# Webfonts
    	ExpiresByType font/ttf                      "access plus 4 months"
    	ExpiresByType font/otf                      "access plus 4 months"
    	ExpiresByType font/woff                     "access plus 4 months"
    	ExpiresByType font/woff2                    "access plus 4 months"
    	ExpiresByType image/svg+xml                 "access plus 1 month"
    	ExpiresByType application/ "access plus 1 month"
    	# CSS and JavaScript
    	ExpiresByType text/css                      "access plus 1 year"
    	ExpiresByType application/javascript        "access plus 1 year"
    # Gzip compression
    <IfModule mod_deflate.c>
    # Active compression
    SetOutputFilter DEFLATE
    # Force deflate for mangled headers
    <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
    SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
    RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
    # Don’t compress images and other uncompressible content
    SetEnvIfNoCase Request_URI \
    \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
    # Compress all output labeled with one of the following MIME-types
    <IfModule mod_filter.c>
    AddOutputFilterByType DEFLATE application/atom+xml \
    		                          application/javascript \
    		                          application/json \
    		                          application/rss+xml \
    		                          application/ \
    		                          application/x-font-ttf \
    		                          application/xhtml+xml \
    		                          application/xml \
    		                          font/opentype \
    		                          image/svg+xml \
    		                          image/x-icon \
    		                          text/css \
    		                          text/html \
    		                          text/plain \
    		                          text/x-component \
    <IfModule mod_headers.c>
    Header append Vary: Accept-Encoding
    <IfModule mod_mime.c>
    AddType text/html .html_gzip
    AddEncoding gzip .html_gzip
    <IfModule mod_setenvif.c>
    SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} on [OR]
    RewriteCond %{SERVER_PORT} ^443$ [OR]
    RewriteCond %{HTTP:X-Forwarded-Proto} https
    RewriteRule .* - [E=WPR_SSL:-https]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteRule .* - [E=WPR_ENC:_gzip]
    RewriteCond %{REQUEST_METHOD} GET
    RewriteCond %{QUERY_STRING} =""
    RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_.+|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]
    RewriteCond %{REQUEST_URI} !^(/(.+/)?feed/?.+/?|/(?:.+/)?embed/|/(index\.php/)?wp\-json(/.*|$))$ [NC]
    RewriteCond %{HTTP_USER_AGENT} !^(facebookexternalhit).* [NC]
    RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}%{ENV:WPR_WEBP}.html%{ENV:WPR_ENC}" -f
    RewriteRule .* "wp-content/cache/wp-rocket/%{HTTP_HOST}%{REQUEST_URI}/index%{ENV:WPR_SSL}%{ENV:WPR_WEBP}.html%{ENV:WPR_ENC}" [L]
    # END WP Rocket
    # BEGIN WordPress
    # The directives (lines) between <code>BEGIN WordPress</code> and <code>END WordPress</code> are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress
    # MalCare WAF
    <Files ".user.ini">
    <IfModule mod_authz_core.c>
      Require all denied
    <IfModule !mod_authz_core.c>
      Order deny,allow
      Deny from all
    # END MalCare WAF

    Any help would be appreciated I have no idea how to fix this.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author AITpro


    Do these steps and let me know what happens.

    1. Delete your root htaccess file.
    2. Run the BPS Setup Wizard.
    4. Click the Save Root Custom Code button
    5. Run the BPS Setup Wizard again. This may or may not need to be done to automatically setup WP Rocket htaccess code, but I recommend doing that anyway just in case. You can rerun the Setup Wizard over and over at any time.

    Plugin Author AITpro


    Did you get this resolved?

    Plugin Author AITpro


    Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.