Support » Plugin: BulletProof Security » htacess changed without my premission

  • Resolved khansariamirreza


    hi and thank you for your plugin and sorry for my poor English
    1 hour ago i noticed my htaccess changed and most of BulletProof Security configuration removed but i don’t changed everything in htaccess
    only updated wordpress to 3.9
    also i have wordfence installed along with BulletProof Security
    i check my host log and don’t see any unknown ip
    it’s more like BulletProof Security uninstalled and installed again
    because give the same notification that first after install gived to me some notification about bonus custom codes
    i wanna know that is this because upgrade or someone hacked my site
    i changed host+ftp+wordpress admin password is this enough or i most to other things

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author AITpro


    The issue is mostly likely caused by one of these very common issues below, but check your Root .htaccess to see what is in it. Most likely you will see duplicated WordPress htaccess code repeated many times in the root .htaccess file and all BPS security code has been deleted.

    WordPress flush_rewrite_rules function problem

    cPanel HotLink Protection Tool Problem

    Or it might be this new Wordfence Falcon cache problem that we are seeing a lot now. If you are using Wordfence Falcon cache then you will need to copy that .htaccess cache code from your root .htaccess file to this BPS Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
    Click the Save Root Custom Code button.
    Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root folder BulletProof Mode again.

    Or just use BPS Speed Boost Cache code which is faster than Wordfence Falcon cache code and turn off Falcon.

    htaccess caching code – Speed Boost Cache Code

    Thank you for your reply
    this is the modified version of .htaccess:

    #   BULLETPROOF .50.1 >>>>>>> SECURE .HTACCESS     
    # If you edit the BULLETPROOF .50.1 >>>>>>> SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress
    # This removes all of the BPS security code and replaces it with just the default WP htaccess code
    # To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress
    # This is a better approach to blocking Comment Spammers so that you do not
    # accidentally block good traffic to your website. You can add additional
    # Comment Spammer IP addresses on a case by case basis below.
    # Searchable Database of known Comment Spammers
    <FilesMatch "^(wp-comments-post\.php)">
    Order Allow,Deny
    Deny from 46.119.35.
    Deny from 46.119.45.
    Deny from 91.236.74.
    Deny from 93.182.147.
    Deny from 93.182.187.
    Deny from 94.27.72.
    Deny from 94.27.75.
    Deny from 94.27.76.
    Deny from 193.105.210.
    Deny from 195.43.128.
    Deny from 198.144.105.
    Deny from 199.15.234.
    Allow from all
    # If you would like to block more bad bots you can get a blacklist from
    # You should monitor your site very closely for at least a week if you add a bad bots list
    # to see if any website traffic problems or other problems occur.
    # Copy and paste your bad bots user agent code list directly below.

    also w3tc settings that i removed in this code
    and though i don’t use falcon engine so i think it’s because of
    WordPress flush_rewrite_rules function problem
    that you say
    I enabled secure.htacces again
    thank you a lot for your reply and for your useful plugin

    Plugin Author AITpro


    Yep, that looks like the typical flush_rewrite_rules function problem. Lock your root .htaccess file on the BPS htaccess File Editor page so that this problem will not continue to occur.

    Plugin Author AITpro


    Assuming all questions have been answered – Thread has been resolved. If you have additional questions about this specific issue please post them. Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘htacess changed without my premission’ is closed to new replies.