Support » Plugin: Solid Security – Password, Two Factor Authentication, and Brute Force Protection » line of 'Deny from ' was added to .htaccess.

  • Hi…

    I have an issue with the plugin, in the last days multiples time some line of ‘Deny from ‘ was add to the .htaccess file, I delete it but they appears again..

    This are causing that no one can access the site and when I desactive the plugin the problem dont appear again…..

    See the lines that was added to the htacces:

    Order allow,deny
    Deny from all

    How can I solve this??

    Thanks…

    https://wordpress.org/plugins/better-wp-security/

Viewing 2 replies - 1 through 2 (of 2 total)
  • There are only 2 iTSec functionalities adding identical (case sensitive) lines to the .htaccess files. The first one is the following setting under the “System Tweaks” section on the Settings page:

    System Files [ ] Protect System Files

    Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.

    The (Apache webserver type) lines normally added by this setting look like this:

    # BEGIN Tweaks
    # Rules to block access to WordPress specific files
    <files .htaccess>
    Order allow,deny
    Deny from all
    </files>
    <files readme.html>
    Order allow,deny
    Deny from all
    </files>
    <files readme.txt>
    Order allow,deny
    Deny from all
    </files>
    <files install.php>
    Order allow,deny
    Deny from all
    </files>
    <files wp-config.php>
    Order allow,deny
    Deny from all
    </files>
    # END Tweaks

    The second setting can be found under the “WordPress Tweaks” section on the Settings page:

    XML-RPC [Off] Disable XMLRPC

    Off = XMLRPC is fully enabled and will function as normal.
    Only Disable Trackbacks/Pingbacks = Your site will not be susceptible to denial of service attacks via the trackback/pingback feature. Other XMLRPC features will work as normal. You need this if you require features such as Jetpack or the WordPress Mobile app.
    Completely Disable XMLRPC is the safest, XMLRPC will be completely disabled by your webserver. This will prevent features such as Jetpack that require XMLRPC from working.

    The (Apache webserver type) lines normally added by this setting look like this:

    # Rules to disable XML-RPC
    <files xmlrpc.php>
    Order allow,deny
    Deny from all
    </files>

    (Note both Settings are displaying the iTSec default values).

    If the abobve info helps you resolve the issue please mark this topic as ‘resolved’.

    dwinden

    Just wanted to add that you should also make sure to be using the latest iTSec plugin release (4.6.6).
    There was a bug related to writing to the .htaccess file introduced in iTSec plugin 4.6.2 …

    If any of the provided info helps you resolve the issue please mark this topic as ‘resolved’.

    dwinden

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘line of 'Deny from ' was added to .htaccess.’ is closed to new replies.