Title: htaccess causing Internal Server Error 500
Last modified: August 21, 2016

---

# htaccess causing Internal Server Error 500

 *  [JohnRDOrazio](https://wordpress.org/support/users/lwangaman/)
 * (@lwangaman)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/htaccess-causing-internal-server-error-500-501/)
 * Some features of the iThemes Security plugin cause my site to be unavailable 
   making it give an Internal Server Error.
 * If I delete this section of htaccess my site becomes available again:
 *     ```
       # Rules to disable directory browsing
       		Options -Indexes
   
       		<IfModule mod_rewrite.c>
       			RewriteEngine On
   
       			# Rules to protect wp-includes
       			RewriteRule ^wp-admin/includes/ - [F]
       			RewriteRule !^wp-includes/ - [S=3]
       			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
       			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
       			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
       			RewriteRule ^wp-includes/theme-compat/ - [F]
   
       			# Rules to help reduce spam
       			RewriteCond %{REQUEST_METHOD} POST
       			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
       			RewriteCond %{HTTP_REFERER} !^(.*)cappellaniauniromatre.org.*
       			RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
       			RewriteCond %{HTTP_USER_AGENT} ^$
       			RewriteRule ^(.*)$ - [F]
   
       			# Rules to prevent php execution in uploads
       			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
   
       			# Rules to block unneeded HTTP methods
       			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
       			RewriteRule ^(.*)$ - [F]
   
       		</IfModule>
       ```
   
 * I tried deleting just one section or another inside of this, but the site remains
   unavailable either with a 500 error code or with a 430 error code (you are not
   authorized to access). Deleting the whole section causes the site to become available
   again.
 * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/)

Viewing 1 replies (of 1 total)

 *  [smakdaddy](https://wordpress.org/support/users/smakdaddy/)
 * (@smakdaddy)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/htaccess-causing-internal-server-error-500-501/#post-4753389)
 * Hey Lwangaman,
 * Your post is a little long in the tooth but thought i’d reply anyway.
 * Copy / pasting into the .htaccess file straight from the plugin dashboard doesn’t
   work. You need to clean it up a bit.
 * I copy/paste into Notepad++ (or similar) first and eyeball it for missing spaces
   or other weird characters. Remove the double spacing too as that’s painful.
 * In the end there’s usually a line or two that butt up against each other which
   become a bit more obvious in a colour coded text editor.
 * The block i have in my htaccess (using latest version of ithemes security) looks
   like this:
 *     ```
       # Rules to disable directory browsing
               Options -Indexes
   
               <IfModule mod_rewrite.c>
                   RewriteEngine On
   
                   # Rules to protect wp-includes
                   RewriteRule ^wp-admin/includes/ - [F]
                   RewriteRule !^wp-includes/ - [S=3]
                   RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
                   RewriteRule ^wp-includes/[^/]+\.php$ - [F]
                   RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
                   RewriteRule ^wp-includes/theme-compat/ - [F]
   
                   # Rules to prevent php execution in uploads
                   RewriteRule ^(.*)/uploads/(.*).php(.?) - [F] 
   
                   # Rules to block unneeded HTTP methods
                   RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
                   RewriteRule ^(.*)$ - [F]
   
                   # Rules to help reduce spam
                   RewriteCond %{REQUEST_METHOD} POST
                   RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
                   RewriteCond %{HTTP_REFERER} !^(.*).*
                   RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
                   RewriteCond %{HTTP_USER_AGENT} ^$
                   RewriteRule ^(.*)$ - [F]
   
               </IfModule>
       ```
   
 * Slightly different, but it works for me.

Viewing 1 replies (of 1 total)

The topic ‘htaccess causing Internal Server Error 500’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

## Tags

 * [htaccess](https://wordpress.org/support/topic-tag/htaccess/)
 * [internal](https://wordpress.org/support/topic-tag/internal/)
 * [ithemes](https://wordpress.org/support/topic-tag/ithemes/)
 * [server](https://wordpress.org/support/topic-tag/server/)
 * [unauthorized](https://wordpress.org/support/topic-tag/unauthorized/)

 * 1 reply
 * 2 participants
 * Last reply from: [smakdaddy](https://wordpress.org/support/users/smakdaddy/)
 * Last activity: [11 years, 9 months ago](https://wordpress.org/support/topic/htaccess-causing-internal-server-error-500-501/#post-4753389)
 * Status: not resolved