Support » Plugin: BulletProof Security » [Plugin: BulletProof Security] W3TC and BPS not playing together nicely

  • Resolved AlanI


    Hi there,

    I just recently upgraded to the latest WordPress and BPS (was running .46.2)

    I’ve regenerated the secure.htaccess file from scratch then applied it and that’s all fine. The ‘Security Status’ shows everything is green.

    Once that’s done I get the reminder that I’ve got W3TC enabled but no associated htaccess entries, which again is fine.

    I copy + paste the W3TC rules at the top of my .htaccess file and W3TC starts working as expected; however, once I’ve done this the BPS Security Status page becomes less happy.

    I get the warning: “A BPS .htaccess file was NOT found in your root folder or you have not activated BulletProof Mode for your Root folder yet, Default Mode is activated or the version of the BPS htaccess file that you are using is not .46.3. Please read the Read Me hover Tooltip above.”

    Additionally the following entries come up in red:

      wp-config.php is NOT .htaccess protected by BPS
      The WP readme.html file is not .htaccess protected
      The WP /wp-admin/install.php file is not .htaccess protected

    Everything else is green. If I remove the W3TC htaccess entries everything goes back to green, but if I put them back in it goes to red.

    I run WordPress in a separate directory but I’ve updated default.htaccess, secure.htaccess and maintenance.htaccess as per the documentation.

    Just to double check, I’m supposed to be putting the W3TC lines of htaccess above the BPS entries, yeah?

    Any suggestions to where my problem may lie?

    – Alan

Viewing 4 replies - 1 through 4 (of 4 total)
  • Hi,

    Did you find a solution for this?


    # If you edit the BULLETPROOF .47.1 >>>>>>> SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # This removes all of the BPS security code and replaces it with just the default WP htaccess code
    # To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.

    Okay I have figured out. Both plugins are working great for me 🙂

    Here’s what I did:

    1-) I have W3TC up and running fine.
    2-) Activate the BPS
    3-) Create the Secure htaccess file.
    4-) Activate the Secure htaccess file for both front-end and back-end.
    5-) Now I receive warning from W3TC.
    6-) Go to W3TC and Click on Auto-install button on warning message.
    7-) Both are happy now!

    I hope it helps


    Plugin Author AITpro


    Wow this is the first time i am seeing this post?????

    This has happened once before when the thread tag was not explicitly bulletproof-security. In this case the thread tag is a combination of bulletproof-security and w3tc so i assume it was not associated correctly with this BPS posting area. Well that seems logical anyways. 😉

    Ok so for the very first post the answer is that W3TC .htaccess code should come before the start of the BPS and WordPress combined security code loop – # BEGIN WordPress – and not within the BPS and WP security code loop. If your Root .htaccess file is unlocked then when you click the W3TC redeploy link or auto-install link in W3TC the W3TC .htaccess code is automatically written to the Root .htaccess file in the correct location in the Root .htaccess file so you really do not need to do this manually.

    And johnibom is correct about why you were seeing Red error messages on the Security Status page – BPS looks at 2 things to verify that a BPS .htaccess file is activated. The version number at the top of the .htaccess file – # BULLETPROOF .47.1 >>>>>>> SECURE .HTACCESS – and – # BPSQSE BPS QUERY STRING EXPLOITS – to confirm that a BPS .htaccess file is activated and the version is the most current version.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: BulletProof Security] W3TC and BPS not playing together nicely’ is closed to new replies.