Support » Plugin: iThemes Security (formerly Better WP Security) » Can't Install WordPress is subfolders with BWPS in Root Folder

  • Hi There,

    I am a web designer and I am running Better WP Security on my main website, where the .htaccess file is in the root public_html directory.

    When working on new projects, I typically create new folders in my hosting account and install a fresh installation of WordPress into that folder in order to start building the new site in a separate folder:

    The testing path would now be: – where /test is the new folder.

    However, recently I have been unable to complete the installation of WordPress into these new folders, as I believe that the Better WP Security settings within my root directory is somehow preventing this. It is possible that something in my .htaccess file is not allowing this.

    I figured out how to move on to the second step of installing WordPress, which is by disabling the “Hide Backend” feature, but unfortunately on the final step, I get the following error:

    403 Forbidden
    Access to this resource on the server is denied!

    Something that I also noticed with my current version of Better WP Security (3.4.9), is that I CANNOT uncheck the “Disable Directory Browsing” option in system tweaks.

    Additional information is as follows (perhaps the issue is within):
    <files .htaccess>
    Order allow,deny
    Deny from all

    <files readme.html>
    Order allow,deny
    Deny from all

    <files readme.txt>
    Order allow,deny
    Deny from all

    <files install.php>
    Order allow,deny
    Deny from all

    <files wp-config.php>
    Order allow,deny
    Deny from all

    <IfModule mod_rewrite.c>
    RewriteEngine On

    Does somebody have any ideas as to how to fix it so that my .htaccess file in my root directory will not affect my subfolders and new installations within them?

    Any help would be greatly appreciated.


Viewing 5 replies - 1 through 5 (of 5 total)
  • Just to add, I see this error in my Better WP Security section:

    Fatal error: Call to undefined method WP_Error::get_items() in /home/klevrkra/public_html/wp-content/plugins/better-wp-security/lib/bit51/bit51.php on line 353



    I had the same problem, I will not use better wp security till this is fixed. My wordpress install froze and loop back to the same page, after I did a new install on a subfolder with disabled the plugin wordpress install worked. Then I activated the plugin again, but this the general function didn’t worked and it loops back to the login page



    I ever had similar problem, the root directory had WordPress site, the sub directory had OpenCart. The OpenCart site worked very weird.

    But after I disable these 2 things, everything worked correctly:
    – Menu > Security > System Tweaks > Filter Suspicious Query Strings
    – Menu > Security > System Tweaks > Prevent long URL strings

    Perhaps it will work on your case too.



    these two options where not enabled at all , so I don’t think this is the problem ….


    I agree, those were not potential solutions.

    I was very frustrated that the developer of BWPS did not bother to look into this issue as it was something that continues to be quite problematic.

    The only workaround that I was able to figure out was to manually edit the .htaccess and wp-config.php file from the wordpress installation that was installed in the root directory.

    Because BWPS itself has access to make automated changes to the .htaccess file and wp-config.php file, it adds code that potentially prevents activity that might include working with subfolders within the server/directory, even if they are separate and within independent databases.

    My though process was this:

    1) If BWPS settings and system tweaks, including such settings as checking off “Remove write permisions to core files such as .htaccess and wp-config.php”, then naturally these files will become locked from having any code added or edited while the plugin is active and these settings are enabled.

    Here’s the thing – if you had this setting enabled, then you will NOT be able to setup another installation of wordpress in another subfolder since your root folder is locking it because of BWPS and the active settings.

    What I tried to do is, whenever I wanted to create a new installation of wordpress in a separate subfolder, I would have to make sure that the .htaccess and wp-config.php files in my root folder had write permissions. With those system tweaks and settings enabled, those files were NOT writable, which was causing the issue and preventing me from being able to create new wordpress installations in separate subfolders.

    What I tried to do was essentially re-enable the write permissions of those core files and to make sure that a new installation would not be effected. To do this though, you’d have to follow these steps:

    Step 1) Go to Better WP Security tab of the root directory WP installation/site, select “System Tweaks”
    Step 2) Uncheck “Remove write permisions to .htaccess and wp-config.php files
    Step 3) Save
    Step 4) Deactivate Better WP Security Plugin from this site
    Step 5) Go into FTP/File Manager on Server > Right click .htaccess file > File permissions…
    Step 6) In Owner Permissions, Make sure “Write” Box is Checked (Numeric Value 644)
    Step 7) Click OK
    Step 8) Repeat steps 2-4 for the wp-config.php file

    Once you make sure both files are writable, you should double check the .htaccess file just to make sure it’s plain again and doesn’t have all the stuff that BWPS added to it when it was activated. Those things I believe, along with the files not being writable, seemed to me like the core issue that was causing additional wordpress installations from being created.

    If both those files in your root directory are writable again, then try installing a new installation of WP in a sub-folder. It may actually work.

    It does seem like a lot of work, but in reality it isn’t, although it is annoying enough to have to do this simply to install a separate instance of WP in a separate folder.

    Following the steps above should work, although after creating the new instance of WP in the new sub-folder, you’d have to re-activate BWPS and re-check the Write permissions stuff in the root directory site again to start protecting the site again.

    I strongly hope that this issue is fixed in upcoming updates for BWPS, where sub-folders would go unaffected by a root directory installation.

    I ended up creating a separate hosting account with no BWPS plugins for development work so this would not be an issue anymore. The only time it would be is if I need to revise or revamp existing sites that contain the plugin, then I have to follow the steps above to migrate the site (with the plugin deactivated)to my hosting server to implement the changes, then migrate it back.

    I don’t use a local server as i’m only a front-end designer, so I rely on web-based servers for my dev work.

    Hopefully the above provides some use for you!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Can't Install WordPress is subfolders with BWPS in Root Folder’ is closed to new replies.