Support » Plugin: BulletProof Security » Internal Server error with every BPS .htaccess file

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author AITpro


    From the error it looks like your Server does not allow you to use this .htaccess code on your Server.

    # Use index.php as default directory index file
    # index.html will be ignored will not load.
    DirectoryIndex index.php index.html /index.php

    And most likely your Server will not allow you to use this code either so you may need to comment this out as well.

    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    Options -Indexes

    Also if you have full control of your Server you would need to add the correct Server configuration info to your httpd.conf file to allow these .htaccess directives.

    Thanks for the reply, the httpd.conf file is not used in apache2, to apply the DirectoryIndex directive this needed to be changed in


    The Options -Indexes I had already commented out.

    I now get /.htaccess: order not allowed here, referer ….

    in both the root .htaccess and the wp-admin .htaccess

    Plugin Author AITpro


    Oops yep on apache2 and dir.conf.

    Ok so I am not completely understanding what you said.

    Did you comment out – DirectoryIndex in your root .htaccess file? Or did you do something else in your dir.conf file? I am not really sure what you are saying.

    Plugin Author AITpro


    And your Server should definitely be allowing “Order” that is a standard and basic directive. I think you need to look up some Server configuration stuff on the Apache site. Look at AllowOverride and other similar common Server configurations –

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    #Allow from

    Plugin Author AITpro


    And since you have control of your own Server you can just add directives to the dir.conf if you do not want to change AllowOverride to all and use directives in .htaccess files.


    I had to delete/comment out DirectoryIndex in both the root .htaccess file and wp-admin .htaccess file. The DirectoryIndex directive for apache2 can be found in the file :


    By default this file has the order “index.html index.php”, so this needs to be flipped. So instead of your .htaccess files enforcing this, I changed the apache2 dir.conf files to enforce the directoryindex sequence.

    The Options -index I just had to comment out.

    Lastly you were spot on with the “allowing “Order” that is a standard and basic directive”. I went through a server hardening exercise before installing wordpress. The apache2 config files in the sites-available directory were to restrictive, I forgot I had done that.

    The config files need the “AllowOverride FileInfo Limit”

    “FileInfo” to allow the .htaccess files and “Limit” allows the “Order”

    Thanks for the nudge in the right direction.

    Plugin Author AITpro


    Yep no prob. 😉

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Internal Server error with every BPS .htaccess file’ is closed to new replies.