WordPress.org

Support

Support » Plugins and Hacks » iThemes Security (formerly Better WP Security) » I just narrowed it down to the rewrite rules of my htaccess file

I just narrowed it down to the rewrite rules of my htaccess file

  • So, my site crashed after upgrading this Plugin. My site was down for a whole night since no support was ever made available. I had a copy of htaccess in my computer so, since I’ve no tech skills to speak of I thought of simply replacing the new one with the old just for the shit and laughs.

    It worked.

    Now I can access my dashboard and everything but it’s still kind of wonky. Wonky in that I get my login page and a 404 in the same window (the 404 is sort of a footer in this case)

    I thus managed in a very empirical way to narrow the issue down to the rewrite rules which now look as follows:

    # BEGIN Tweaks
    		# Rules to block access to WordPress specific files
    		<files .htaccess>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files readme.html>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files readme.txt>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files install.php>
    			Order allow,deny
    			Deny from all
    		</files>
    		<files wp-config.php>
    			Order allow,deny
    			Deny from all
    		</files>
    
    		# Rules to disable directory browsing
    		Options -Indexes
    
    		<IfModule mod_rewrite.c>
    			RewriteEngine On
    
    			# Rules to protect wp-includes
    			RewriteRule ^wp-admin/includes/ - [F]
    			RewriteRule !^wp-includes/ - [S=3]
    			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
    			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
    			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
    			RewriteRule ^wp-includes/theme-compat/ - [F]
    		</IfModule>
    	# END Tweaks

    I leave this here for developers in the hope they might fix this issue, since renaming my wp_content folder doesn’t allow me to just delete the plugin and go on with my life. Btw, that option (change wp_content name) is missing from the dashboard.

    Greetings,

    Xondra

    https://wordpress.org/plugins/better-wp-security/

Viewing 1 replies (of 1 total)
  • Hiding the backend def has something to do with the issue. Disabling the url protect option (wherein an attacker cannot execute scripts via url) also sems to help or to be involved in this.

Viewing 1 replies (of 1 total)
  • The topic ‘I just narrowed it down to the rewrite rules of my htaccess file’ is closed to new replies.
Skip to toolbar