There are only 2 iTSec functionalities adding identical (case sensitive) lines to the .htaccess files. The first one is the following setting under the “System Tweaks” section on the Settings page:
System Files [ ] Protect System Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
The (Apache webserver type) lines normally added by this setting look like this:
# BEGIN Tweaks
# Rules to block access to WordPress specific files
<files .htaccess>
Order allow,deny
Deny from all
</files>
<files readme.html>
Order allow,deny
Deny from all
</files>
<files readme.txt>
Order allow,deny
Deny from all
</files>
<files install.php>
Order allow,deny
Deny from all
</files>
<files wp-config.php>
Order allow,deny
Deny from all
</files>
# END Tweaks
The second setting can be found under the “WordPress Tweaks” section on the Settings page:
XML-RPC [Off] Disable XMLRPC
Off = XMLRPC is fully enabled and will function as normal.
Only Disable Trackbacks/Pingbacks = Your site will not be susceptible to denial of service attacks via the trackback/pingback feature. Other XMLRPC features will work as normal. You need this if you require features such as Jetpack or the WordPress Mobile app.
Completely Disable XMLRPC is the safest, XMLRPC will be completely disabled by your webserver. This will prevent features such as Jetpack that require XMLRPC from working.
The (Apache webserver type) lines normally added by this setting look like this:
# Rules to disable XML-RPC
<files xmlrpc.php>
Order allow,deny
Deny from all
</files>
(Note both Settings are displaying the iTSec default values).
If the abobve info helps you resolve the issue please mark this topic as ‘resolved’.
dwinden