I have this issue too.
As did others 2 years ago, see:
https://wordpress.org/support/topic/htaccess-changes-causing-404-errors
Periodically isecurity deletes the wordpress rewrite rules need to make sites work properly and I have to re-add the following code to get it working again (I’m running a multisite and so this is the code directly from the codex here https://codex.wordpress.org/Multisite_Network_Administration#.htaccess_and_Mod_Rewrite ):
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
It’d be great there was someway of preventing ithemes security from deleting this essential code!
I have the same problem. iThemes Security occasionally deletes the original content of the .htaccess file and only the home page is accessible.
Deactivating and then reactivating the plugin solves the problem.
A temporary solution is to deactivate Allow iThemes Security to write to wp-config.php and .htaccess. under Global settings
Provide iThemes with exact steps to reproduce the issue here and no doubt they will fix the issue.
dwinden
dwinden, there are no steps to reproduce, it is just that periodically ithemes deletes the rewrite code necessary to make wordpress permalinks function.
@jdaviescoates
This way for sure this topic is not moving forward …
Find the common denominator (there are 3 posters in this topic) and once the cause is found think about a solution.
Perhaps you are all three using a caching plugin …
Meanwhile as a workaround (and perhaps method towards finding the cause) disable the Write to Files setting in the Global Settings section on the iTSec plugin Settings page.
Then everytime after making changes to certain settings manually copy\paste the plugin rules from the Rewrite Rules section on the iTSec plugin Dashboard page to the .htaccess file.
Please note that only changing certain specific settings affects the Rewrite Rules.
dwinden
Same problem. But there are no “steps to reproduce”, this all happens automatically everytime this plugin writes to the .htaccess file (to deny access to an IP for example).
My .htaccess begins with # BEGIN iThemes Security – Do not modify or remove this line
and every time, after # END iThemes Security – Do not modify or remove this line
everything is deleted, including the MUCH NEEDED
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
which causes all pages/posts to display a 404.
I will try to move this WP code to the start of the .htaccess and hope that this plugin leaves it alone !!
